Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© 2016 Cisco and/or its affiliates. All rights reserved. 1
Enterprise Networks - Cisco Digital
Network Architecture - Intr...
© 2016 Cisco and/or its affiliates. All rights reserved. 2
Agenda
• It’s	a	Digital	World!
• Automating	your	network	with	D...
3© 2016 Cisco and/or its affiliates. All rights reserved.
It’s a digital world!
© 2016 Cisco and/or its affiliates. All rights reserved. 4
What is the Risk of Digital Disruption?
• According to the Glob...
© 2016 Cisco and/or its affiliates. All rights reserved. 5
Why Transform Digitally?
• According to Harvard Business Review...
© 2016 Cisco and/or its affiliates. All rights reserved. 6
UPS My Choice
Delivery Control
Personalized Service
Customer Ex...
© 2016 Cisco and/or its affiliates. All rights reserved. 7
Cisco Enterprise Networking Vision
Transform our customers’ bus...
© 2016 Cisco and/or its affiliates. All rights reserved. 8
Digital Business Demands Application Agility
“…While other comp...
© 2016 Cisco and/or its affiliates. All rights reserved. 9
Agility Requires Faster Network Provisioning
Source: Forrester ...
© 2016 Cisco and/or its affiliates. All rights reserved. 10
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco...
© 2016 Cisco and/or its affiliates. All rights reserved. 11
Digital Network Architecture (DNA)
Open and Programmable | Sta...
© 2016 Cisco and/or its affiliates. All rights reserved. 12
Introducing DNA Center
Realizing vision of the intent-powered ...
© 2016 Cisco and/or its affiliates. All rights reserved. 13
DNA Solution
Cisco Enterprise Portfolio
Automation AnalyticsId...
14© 2016 Cisco and/or its affiliates. All rights reserved.
Automating your Network with
DNA Center
© 2016 Cisco and/or its affiliates. All rights reserved. 15
Network Changes for Automation
Standard Change:
• Automated Ch...
© 2016 Cisco and/or its affiliates. All rights reserved. 16
Impediments to Automation
• Organizational structures
Differen...
© 2016 Cisco and/or its affiliates. All rights reserved. 17
BRKNMS-1499
What are Standard Network Changes ??
AAA Configura...
© 2016 Cisco and/or its affiliates. All rights reserved. 18
Use Case:
• Adding a new Syslog (Ex:
Splunk) in the network
• ...
© 2016 Cisco and/or its affiliates. All rights reserved. 19
Network
Design
Deployment
Standardization
Network
Compliance
B...
© 2016 Cisco and/or its affiliates. All rights reserved. 20
Workflows are foundational to Automation!
• Drive consistency ...
© 2016 Cisco and/or its affiliates. All rights reserved. 21
DNA Center automates the Deployment and Operations
• Plug-and-...
© 2016 Cisco and/or its affiliates. All rights reserved. 22
Visualize Software Images
• For a given Device Family,
view :
...
© 2016 Cisco and/or its affiliates. All rights reserved. 23
Manage Software Images
23
• Import Images/SMU from :
Cisco.com...
© 2016 Cisco and/or its affiliates. All rights reserved. 24
Platform extensibility for building
custom apps
API and Data M...
25© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by ...
© 2016 Cisco and/or its affiliates. All rights reserved. 26
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - ...
© 2016 Cisco and/or its affiliates. All rights reserved. 27
• Express Business Intent
• Translate into device specific pol...
© 2016 Cisco and/or its affiliates. All rights reserved. 28
Policy types
Access Policy
↓
Authentication/
Authorization
Gro...
© 2016 Cisco and/or its affiliates. All rights reserved. 29
1. Access Policies
• Access to the network is governed by ISE
...
© 2016 Cisco and/or its affiliates. All rights reserved. 30
2. Access Control Policies
• Access Control (who can talk to w...
© 2016 Cisco and/or its affiliates. All rights reserved. 31
DNA Automation – Access Control Policy Authoring
© 2016 Cisco and/or its affiliates. All rights reserved. 32
DNA Automation – Access Control Policy Authoring
33© 2016 Cisco and/or its affiliates. All rights reserved.
Gaining Deep Insights with
Assurance and Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 34
Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pa...
© 2016 Cisco and/or its affiliates. All rights reserved. 35
Make Data
Driven Decisions
Reveal
Hidden Patterns
Automation f...
© 2016 Cisco and/or its affiliates. All rights reserved. 36
Collect relevant metrics
Architectural Requirement #1: Instrum...
© 2016 Cisco and/or its affiliates. All rights reserved. 37
Categorize metrics by degrees of relevance
Architectural Requi...
© 2016 Cisco and/or its affiliates. All rights reserved. 38
Upload critical metrics off the device to collector(s)
(optima...
© 2016 Cisco and/or its affiliates. All rights reserved. 39
Provision long-term storage, retrieval and representation of n...
© 2016 Cisco and/or its affiliates. All rights reserved. 40
Identify anomalies and trends
Architectural Requirement #5: An...
© 2016 Cisco and/or its affiliates. All rights reserved. 41
Correlate all data points and permutations for cognitive and p...
© 2016 Cisco and/or its affiliates. All rights reserved. 42
Identify root cause of issues by contextually correlating data...
© 2016 Cisco and/or its affiliates. All rights reserved. 43
Present actionable insights to the operator
Solicit input to r...
44© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by ...
© 2016 Cisco and/or its affiliates. All rights reserved. 45
DNA Software Capabilities
Cloud Service Management
Automation ...
© 2016 Cisco and/or its affiliates. All rights reserved. 46
Cloud Service Management
Automation Analytics
Virtualization
C...
© 2016 Cisco and/or its affiliates. All rights reserved. 47
Cloud Service Management
Automation Analytics
Virtualization
C...
© 2016 Cisco and/or its affiliates. All rights reserved. 48
Cisco DNA Architecture—DNA Center
EM
NDP
DNA Center Appliance
...
© 2016 Cisco and/or its affiliates. All rights reserved. 49
Cisco DNA Architecture—DNA Center: Assurance
å
50© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by ...
© 2016 Cisco and/or its affiliates. All rights reserved. 51
Transforming the Network with Big Data Analytics
Data
Insight
...
© 2016 Cisco and/or its affiliates. All rights reserved. 52
EM
NDP
Network
Telemetry
Contextual Data
Data Collection and I...
© 2016 Cisco and/or its affiliates. All rights reserved. 53
NetFlow
AVC
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 54
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 55
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 56
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 57
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 58
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
© 2016 Cisco and/or its affiliates. All rights reserved. 59
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Proces...
60© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by ...
© 2016 Cisco and/or its affiliates. All rights reserved. 61
What is Machine Learning?
• Machine learning is an application...
© 2016 Cisco and/or its affiliates. All rights reserved. 62
Project Kairos
For Wireless, Wired and IOT
Cognitive Analytics...
© 2016 Cisco and/or its affiliates. All rights reserved. 63
Project Kairos
For Wireless, Wired and IOT
Cognitive Analytics...
© 2016 Cisco and/or its affiliates. All rights reserved. 64
Machine Learning Algorithms
build their models using
hundreds ...
© 2016 Cisco and/or its affiliates. All rights reserved. 65
© 2016 Cisco and/or its affiliates. All rights reserved. 66
© 2016 Cisco and/or its affiliates. All rights reserved. 67
© 2016 Cisco and/or its affiliates. All rights reserved. 68
© 2016 Cisco and/or its affiliates. All rights reserved. 69
© 2016 Cisco and/or its affiliates. All rights reserved. 70
71© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
LEARNING
Powered by intent,...
© 2016 Cisco and/or its affiliates. All rights reserved. 72
Providing Security While Maintaining Privacy!
Encrypted Traffi...
© 2016 Cisco and/or its affiliates. All rights reserved. 73
Encrypted Traffic Analytics
Encrypted traffic analytics from
C...
74© 2016 Cisco and/or its affiliates. All rights reserved.
Summary
© 2016 Cisco and/or its affiliates. All rights reserved. 75
Key Takeaways
Profile Based Deployment simplifies Day 0 Deploy...
© 2016 Cisco and/or its affiliates. All rights reserved. 76
Automated Deployment
It’s a Journey!
Self-Driving Automation
P...
Thank you.
Prochain SlideShare
Chargement dans…5
×

Enterprise Networks - Cisco Digital Network Architecture - Introducing the Network Intuitive

369 vues

Publié le

Enterprise Networks - Cisco Digital Network Architecture - Introducing the Network Intuitive

Publié dans : Technologie
  • Soyez le premier à commenter

Enterprise Networks - Cisco Digital Network Architecture - Introducing the Network Intuitive

  1. 1. © 2016 Cisco and/or its affiliates. All rights reserved. 1 Enterprise Networks - Cisco Digital Network Architecture - Introducing the Network Intuitive Tammy Getschel Channel Systems Engineer Jan 2018 Cisco Connect
  2. 2. © 2016 Cisco and/or its affiliates. All rights reserved. 2 Agenda • It’s a Digital World! • Automating your network with DNA Center • Gaining Deep Insights with Assurance and Analytics • Summary 2
  3. 3. 3© 2016 Cisco and/or its affiliates. All rights reserved. It’s a digital world!
  4. 4. © 2016 Cisco and/or its affiliates. All rights reserved. 4 What is the Risk of Digital Disruption? • According to the Global Center for Digital Transformation in a survey of 941 companies: of today’s Top-10 incumbents (in terms of market share) will be digitally disrupted within the next 5 years https://www.imd.org/uupload/IMD.WebSite/DBT/Digital_Vortex_06182015.pdf http://www.economist.com/news/business/21647317-messaging-services-are-rapidly-growing-beyond-online-chat-message-medium 40% in 5
  5. 5. © 2016 Cisco and/or its affiliates. All rights reserved. 5 Why Transform Digitally? • According to Harvard Business Review, companies that master digital transformation generate: more revenue than their industry peers, and more profits than their industry peers https://hbr.org/product/leading-digital-turning-technology-into-business-transformation/17 9% 26%
  6. 6. © 2016 Cisco and/or its affiliates. All rights reserved. 6 UPS My Choice Delivery Control Personalized Service Customer Experience Physical and Virtual RFID Content Workforce Efficiency WIP Inventory and Part Tracking American Express Personalized Service Through Mobile Starbucks Apps Order Ahead Skip the Line 6 Digital Transformation is Moving IT to the Boardroom © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6TECCRS-2700
  7. 7. © 2016 Cisco and/or its affiliates. All rights reserved. 7 Cisco Enterprise Networking Vision Transform our customers’ businesses through powerful yet simple networks.
  8. 8. © 2016 Cisco and/or its affiliates. All rights reserved. 8 Digital Business Demands Application Agility “…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning, installing network circuits is still a painstakingly manual process...” — Andrew Lerner, Gartner Research
  9. 9. © 2016 Cisco and/or its affiliates. All rights reserved. 9 Agility Requires Faster Network Provisioning Source: Forrester Source: Open Compute Project Time IT spends on operations80% CEOs are worried about IT strategy not supporting business growth57% Network Expenses Deployment Speed 0 10 100 1000 Computing Networking Seconds 0 100% CAPEX OPEX 33% 67%
  10. 10. © 2016 Cisco and/or its affiliates. All rights reserved. 10 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Key Challenges for Traditional Networks Slower Issue ResolutionComplex to ManageDifficult to Segment Ever increasing number of users and endpoint types Ever increasing number of VLANs and IP Subnets Multiple steps, user credentials, complex interactions Multiple touch-points Separate user policies for wired and wireless networks Unable to find users when troubleshooting Traditional Networks Cannot Keep Up! Key Challenges for Traditional Networks
  11. 11. © 2016 Cisco and/or its affiliates. All rights reserved. 11 Digital Network Architecture (DNA) Open and Programmable | Standards-based Open APIs | Developers Environment Cloud Service Management Policy | Orchestration Virtualization Physical and Virtual Infrastructure | App Hosting Insights & Experiences Network-enabled Applications Cloud-enabled | Software-delivered Automation & Assurance Security & Compliance Principles Automation Abstraction and Policy Control from Core to Edge Analytics Network Data, Contextual Insights © 2016 Cisco and/or its affiliates. All rights reserved. 1 Intent-based Network Infrastructure DNA Center AnalyticsPolicy Automation I N T E N T C O N T E X T S E C U R I T Y L E A R N I N G The Network. Intuitive. Powered by Intent. Informed by Context.
  12. 12. © 2016 Cisco and/or its affiliates. All rights reserved. 12 Introducing DNA Center Realizing vision of the intent-powered intuitive network Decouple Policy from Network Topology Industry Best-Practices Configuration and Policy Compliance Proactive Issue Identification and Resolution Policy Automation Assurance and Analytics Translate business intent into network policy Reduce manual operations and cost associated with human errors Use context to turn data into intelligence
  13. 13. © 2016 Cisco and/or its affiliates. All rights reserved. 13 DNA Solution Cisco Enterprise Portfolio Automation AnalyticsIdentity Services Engine Routers Switches Wireless APs DNA Center DNA Center Simple Workflows Wireless Controllers DESIGN PROVISION POLICY ASSURANCE
  14. 14. 14© 2016 Cisco and/or its affiliates. All rights reserved. Automating your Network with DNA Center
  15. 15. © 2016 Cisco and/or its affiliates. All rights reserved. 15 Network Changes for Automation Standard Change: • Automated Change Request • No Approval Required • Fully owned by Network Engg team with minimal to zero downtime Non-Standard Change • Require Approval by Change Board • May require service disruption • Co-ordination with Application team during change window Settings Update (Syslog, NTP) Password Update Port Settings, VLAN changes New device/site deployment Software Update New service/Update service Network Changes
  16. 16. © 2016 Cisco and/or its affiliates. All rights reserved. 16 Impediments to Automation • Organizational structures Different groups • Lack of internal standards Snowflakes! • History e.g. ACL CLIs • Standard vs.non-standard changes Enterprise Network change requests. 65% Standard changes 35% New initiatives 12% New lab configurations 10% Hardware upgrades 21% ACL updates 7% Fleet standardizations 7% Feature configs: IP/Routing 4% Power shut-downs 8% Hardware upgrades 3% Feature configs: Security 2% ACL updates 15% Other 12% Other
  17. 17. © 2016 Cisco and/or its affiliates. All rights reserved. 17 BRKNMS-1499 What are Standard Network Changes ?? AAA Configuration DNS/DHCP Servers NTP Servers Syslog Servers Netflow Collectors SNMP/SSH/Telnet Interfaces Configuration ACL’s Dial Plans Vrf Routing Protocols Tunnels/DMVPN Security/Crypto QOS AVC AAA Configuration DNS/DHCP Servers NTP Servers Syslog Servers Netflow Collectors SNMP/SSH/Telnet Interfaces Configuration Spanning Tree VLAN Security/Crypto QOS AVC AAA Configuration DNS/DHCP Servers NTP Servers Syslog Servers Netflow Collectors SNMP/SSH/Telnet SSID’s RF Security/Crypto QOS AVC Routers Switches WLC’s Standard Changes : o No Approval Required o Minimal to Zero Disruption Non-Standard Changes : o Requires Approval o May require service disruption o May need co-ordination with other teams (App,DC etc) during change window 17
  18. 18. © 2016 Cisco and/or its affiliates. All rights reserved. 18 Use Case: • Adding a new Syslog (Ex: Splunk) in the network • SoX requirements to update password every 6 months AAA Server Site1 North America South America Site2 Africa EMEAR AAA Server DNS Server Syslog Server Syslog Server DHCP Server Benefits: • Repeated manual error prone tasks automated • Eng get additional time to focus on design and deployment • Standard change automation removes the lead time to make changes Network Settings Update (Standard) DESIGN
  19. 19. © 2016 Cisco and/or its affiliates. All rights reserved. 19 Network Design Deployment Standardization Network Compliance Before During After Profile Based Deployment § Plan for the network deployment § Feature and Capabilities to be enabled based on requirements § Topology for network deployment § Automated Day 0 Deployment § Version management of Profile for Day 2 Change Management § Configuration Compliance Validation against Profile § Remediation of Configuration to Golden Config Network Deployment Consistency using Profile Driven Automation Configuration Consistency Simplified Network Deployment Integrated IT Process Flows DESIGN
  20. 20. © 2016 Cisco and/or its affiliates. All rights reserved. 20 Workflows are foundational to Automation! • Drive consistency into the architecture via design profiles for WAN and Campus Both physical and virtual Add Site Properties under Network Settings Customize Network Settings and Credentials per Sub Area or Site Create sub pools for Services, LAN, Management at sub area or site Select golden image for NFVIS, virtual services Open Design > Network Hierarchy Add Areas and Buildings Add or Import IP Pools Add SP Profile Add appropriate images into repository Add custom CLI configs Save and associate Site Select device, WAN and LAN settings, add required virtual Services Create WAN Profile DESIGN
  21. 21. © 2016 Cisco and/or its affiliates. All rights reserved. 21 DNA Center automates the Deployment and Operations • Plug-and-play • Software / config / license management • Ensuring that Hardware is not EoL (Cisco Active Advisor) • Software Image management (SWIM) PnP Agent Runs on Cisco® switches, routers, and wireless AP Automates discovery and provisioning PnP Server Centralized server Auto-provision device w/ images & configs. Northbound REST APIs PnP Protocol HTTPS/XML based Open schema protocol Network PnP Application UI IWAN App Topology Discovery REST API PnP Service DNA Center Controller PROVISION
  22. 22. © 2016 Cisco and/or its affiliates. All rights reserved. 22 Visualize Software Images • For a given Device Family, view : All images Image Version Number of Devices using a particular image • Image Repository to centrally store Software Images, VNF Images and Network Container Images 22
  23. 23. © 2016 Cisco and/or its affiliates. All rights reserved. 23 Manage Software Images 23 • Import Images/SMU from : Cisco.com URL(http/ftp) Local PC Another managed network device • Remote File Server Localized file server for software distribution File server mapped to site hierarchy PROVISION
  24. 24. © 2016 Cisco and/or its affiliates. All rights reserved. 24 Platform extensibility for building custom apps API and Data Models across multiple stages in DNA Stack Integrations with complimentary platforms * Open Interfaces and Integrations Firehose * Connectors Graph API Contextual Search Cisco Assets Industry Integrations Flexibility Accessibility Expansibility * : roadmap post FCS
  25. 25. 25© 2016 Cisco and/or its affiliates. All rights reserved. I N T E N T CONTEXT S E C U R I T Y L E A R N I N G Powered by intent, informed by context. THE NETWORK. INTUITIVE.
  26. 26. © 2016 Cisco and/or its affiliates. All rights reserved. 26 ip access-list extended APIC_EM-MM_STREAM-ACL remark citrix - Citrix permit tcp any any eq 1494 permit udp any any eq 1494 permit tcp any any eq 2598 permit udp any any eq 2598 remark citrix-static - Citrix-Static permit tcp any any eq 1604 permit udp any any eq 1604 permit tcp any any range 2512 2513 permit udp any any range 2512 2513 remark pcoip - PCoIP permit tcp any any eq 4172 permit udp any any eq 4172 permit tcp any any eq 5172 permit udp any any eq 5172 remark timbuktu - Timbuktu permit tcp any any eq 407 permit udp any any eq 407 remark xwindows - XWindows permit tcp any any range 6000 6003 remark vnc - VNC permit tcp any any eq 5800 permit udp any any eq 5800 permit tcp any any range 5900 5901 permit udp any any range 5900 5901 exit ip access-list extended APIC_EM-SIGNALING-ACL remark h323 - H.323 permit tcp any any eq 1300 permit udp any any eq 1300 26 Intent-Based Application PolicyLegacy QoS Policy
  27. 27. © 2016 Cisco and/or its affiliates. All rights reserved. 27 • Express Business Intent • Translate into device specific policy/configuration • Leverage Abstraction (the controller knows about the device specifics) • Automate the Deployment across the Network • Insure Fidelity to the Expressed Intent (keep everything in sync) User policy based on user identity and user-to-group mapping Employee (managed asset) Employee (Registered BYOD) Employee (Unknown BYOD) ENG VDI System PERMIT PERMIT DENY DENY DENY DENY DENY PERMIT PERMIT PERMIT PERMIT PERMIT Production Servers Development Servers Internet Access Protected Assets Source De-coupling of User Identity and Topology Much easier to translate business objectives to network functionality—Lowers TCO Automation Controller-Led Networking Deployment Evolution to a Policy Model 27 POLICY
  28. 28. © 2016 Cisco and/or its affiliates. All rights reserved. 28 Policy types Access Policy ↓ Authentication/ Authorization Group Assignment Based on Authentication methods Access Control Policy ↓ Who can access what Rules for x-group access Permit group to app Permit group to group Application Policy ↓ Traffic treatment QoS for Application Path Optimization Application compression Application caching DB Th Th Th ✓ POLICY
  29. 29. © 2016 Cisco and/or its affiliates. All rights reserved. 29 1. Access Policies • Access to the network is governed by ISE users things Authenticate& Authorize (AAA) Groups & Policy ISE Network Identity (e.g. Active Directory) SIEM Location Behavior Analytics pxGrid CASB Vulnerability Scalable Groups Credentials Posture Profiling POLICY
  30. 30. © 2016 Cisco and/or its affiliates. All rights reserved. 30 2. Access Control Policies • Access Control (who can talk to who) is governed by DNA Center Leverages ISE for group assignments users things Authenticate& Authorize (AAA) Groups & Policy ISE DNA Center Policy Authoring Workflows Fabric Management Network POLICY
  31. 31. © 2016 Cisco and/or its affiliates. All rights reserved. 31 DNA Automation – Access Control Policy Authoring
  32. 32. © 2016 Cisco and/or its affiliates. All rights reserved. 32 DNA Automation – Access Control Policy Authoring
  33. 33. 33© 2016 Cisco and/or its affiliates. All rights reserved. Gaining Deep Insights with Assurance and Analytics
  34. 34. © 2016 Cisco and/or its affiliates. All rights reserved. 34 Source: 2016 Cisco Study Traditional Networking CANNOT Keep Pace with the Demands of Digital Business OpEx spent on Network Visibility and Troubleshooting 75% Policy Violations Due to Human Error 70% Network Changes Performed Manually 95% Main Operational Challenges
  35. 35. © 2016 Cisco and/or its affiliates. All rights reserved. 35 Make Data Driven Decisions Reveal Hidden Patterns Automation for Faster Results Focus on Important Things Business Value Propositions of Network Analytics
  36. 36. © 2016 Cisco and/or its affiliates. All rights reserved. 36 Collect relevant metrics Architectural Requirement #1: Instrumentation ASSURANCE
  37. 37. © 2016 Cisco and/or its affiliates. All rights reserved. 37 Categorize metrics by degrees of relevance Architectural Requirement #2: On-Device Analytics ASSURANCE
  38. 38. © 2016 Cisco and/or its affiliates. All rights reserved. 38 Upload critical metrics off the device to collector(s) (optimally via model-based streaming-telemetry) Architectural Requirement #3: Telemetry EM Collector ASSURANCE
  39. 39. © 2016 Cisco and/or its affiliates. All rights reserved. 39 Provision long-term storage, retrieval and representation of network metrics and events Architectural Requirement #4: Scalable Storage ASSURANCE
  40. 40. © 2016 Cisco and/or its affiliates. All rights reserved. 40 Identify anomalies and trends Architectural Requirement #5: Analytics Engine ASSURANCE
  41. 41. © 2016 Cisco and/or its affiliates. All rights reserved. 41 Correlate all data points and permutations for cognitive and predictive analytics Architectural Requirement #6: Machine Learning ASSURANCE
  42. 42. © 2016 Cisco and/or its affiliates. All rights reserved. 42 Identify root cause of issues by contextually correlating data Architectural Requirement #7: Guided Troubleshooting EM Analytics Engine ASSURANCE
  43. 43. © 2016 Cisco and/or its affiliates. All rights reserved. 43 Present actionable insights to the operator Solicit input to remediate the root cause Present a self-remediation option Architectural Requirement #8: Self-Remediation EM Analytics EngineEM Network Controller Do you want to take the recommended action? Yes No Do you want to take the recommended action? Yes NoAlwaysAlways ASSURANCE
  44. 44. 44© 2016 Cisco and/or its affiliates. All rights reserved. I N T E N T CONTEXT S E C U R I T Y L E A R N I N G Powered by intent, informed by context. THE NETWORK. INTUITIVE.
  45. 45. © 2016 Cisco and/or its affiliates. All rights reserved. 45 DNA Software Capabilities Cloud Service Management Automation Analytics Virtualization DNA-Ready Physical and Virtual infrastructure Security Cisco DNA Architecture
  46. 46. © 2016 Cisco and/or its affiliates. All rights reserved. 46 Cloud Service Management Automation Analytics Virtualization Cisco DNA Architecture—Automation and Analytics EM NDP NDP: Network Data Platform (Analytics Engine)EM NCP NCP Network Controller Platform (Network Controller)
  47. 47. © 2016 Cisco and/or its affiliates. All rights reserved. 47 Cloud Service Management Automation Analytics Virtualization Cisco DNA Architecture—Automation and Analytics EM NDP NDP: Network Data Platform (Analytics Engine) Abstraction layer Intent OutcomeDelivering the Intent Analyzing the Outcome within the Context of the expressed Intent Assuring the Intent EM NCP NCP Network Controller Platform (Network Controller)
  48. 48. © 2016 Cisco and/or its affiliates. All rights reserved. 48 Cisco DNA Architecture—DNA Center EM NDP DNA Center Appliance EM NCP DNA Center User Interface A single pane of glass for Design, Policy, Provisioning, and Assurance
  49. 49. © 2016 Cisco and/or its affiliates. All rights reserved. 49 Cisco DNA Architecture—DNA Center: Assurance å
  50. 50. 50© 2016 Cisco and/or its affiliates. All rights reserved. I N T E N T CONTEXT S E C U R I T Y L E A R N I N G Powered by intent, informed by context. THE NETWORK. INTUITIVE.
  51. 51. © 2016 Cisco and/or its affiliates. All rights reserved. 51 Transforming the Network with Big Data Analytics Data Insight Information Action Create value at the right timeExtract meaningful insights from data Volume Data size • TB per day • Streaming telemetry, NetFlow, Syslog, SNMP, logs Velocity Data speed • Firehose • Streaming, low-latency push/pull Variety Data forms • Structured, unstructured • Switch, router, AP, IoT sensor, firewall, load balancer, DHCP, DNS Veracity Data trustworthiness • Quality, validity • Internal, partner, public Analytics
  52. 52. © 2016 Cisco and/or its affiliates. All rights reserved. 52 EM NDP Network Telemetry Contextual Data Data Collection and Ingestion FW LB WLC Sensor AAA DNS DHCP LDAP TOPOLOGY INVENTORY LOCATION POLICY ITSM ITFM Streaming TelemetrySNMP NetFlow Syslog Data Visualization and Action Network Assurance netWorth Collector and Analytics Pipeline SDK ... Data Models and Restful APIs Time Series Analysis System Management Portal Network Data Platform Data Correlation and Analysis Machine Learning in the Cloud CEP (*) Correlation CEP = Complex Event Processing Network Data Platform (Internal) Architecture
  53. 53. © 2016 Cisco and/or its affiliates. All rights reserved. 53 NetFlow AVC DDI ISE Topology Location Device NDP Stream Processing Contextual Correlation Example Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 ? ? ? NetFlow
  54. 54. © 2016 Cisco and/or its affiliates. All rights reserved. 54 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example ? ? ?
  55. 55. © 2016 Cisco and/or its affiliates. All rights reserved. 55 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example DDI ?
  56. 56. © 2016 Cisco and/or its affiliates. All rights reserved. 56 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example DDI User: George Baker ISE Group: Marketing
  57. 57. © 2016 Cisco and/or its affiliates. All rights reserved. 57 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example DDI User: George Baker ISE Group: Marketing Topology
  58. 58. © 2016 Cisco and/or its affiliates. All rights reserved. 58 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example DDI User: George Baker ISE Group: Marketing Topology Location Building 24 1st Floor
  59. 59. © 2016 Cisco and/or its affiliates. All rights reserved. 59 AVC NetFlow DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80 Dest IP: 3.2.2.2 Dest Port: 80 AVC Contextual Correlation Example DDI User: George Baker ISE Group: Marketing Topology Location Building 24 1st Floor Device Client Density Problem Here...
  60. 60. 60© 2016 Cisco and/or its affiliates. All rights reserved. I N T E N T CONTEXT S E C U R I T Y L E A R N I N G Powered by intent, informed by context. THE NETWORK. INTUITIVE.
  61. 61. © 2016 Cisco and/or its affiliates. All rights reserved. 61 What is Machine Learning? • Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed to do so • The process of learning begins with observations of data, and looking for patterns within the data so as to make increasingly better correlations, inferences and predictions • The primary aim is to allow these systems to learn automatically without human intervention or assistance and adjust actions accordingly
  62. 62. © 2016 Cisco and/or its affiliates. All rights reserved. 62 Project Kairos For Wireless, Wired and IOT Cognitive Analytics Netflix AccessPoints Device Type Internet Video Facebook Instagram YouTube Anomaly detection across hundred of thousands of devices, dozen of thousands of gears and hundreds of heat maps Machine Learning
  63. 63. © 2016 Cisco and/or its affiliates. All rights reserved. 63 Project Kairos For Wireless, Wired and IOT Cognitive Analytics Anomaly detection Identify and proactively adapt to a failure before it happens Machine Learning Predictive Analytics
  64. 64. © 2016 Cisco and/or its affiliates. All rights reserved. 64 Machine Learning Algorithms build their models using hundreds of inputs APs WAN Local WLCs Network Services DCOffice Site ISE DHCP Mobile Clients CUCM APIC-EM ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ RF & EDCA behavioral metrics,.. Queuing, Dropping, WRED behavioral metrics… Device type, OS release, behavioral metrics, ... WAN & core network metrics .. Application metrics, user feedback, failure rate, ... ... and more
  65. 65. © 2016 Cisco and/or its affiliates. All rights reserved. 65
  66. 66. © 2016 Cisco and/or its affiliates. All rights reserved. 66
  67. 67. © 2016 Cisco and/or its affiliates. All rights reserved. 67
  68. 68. © 2016 Cisco and/or its affiliates. All rights reserved. 68
  69. 69. © 2016 Cisco and/or its affiliates. All rights reserved. 69
  70. 70. © 2016 Cisco and/or its affiliates. All rights reserved. 70
  71. 71. 71© 2016 Cisco and/or its affiliates. All rights reserved. I N T E N T CONTEXT S E C U R I T Y LEARNING Powered by intent, informed by context. THE NETWORK. INTUITIVE.
  72. 72. © 2016 Cisco and/or its affiliates. All rights reserved. 72 Providing Security While Maintaining Privacy! Encrypted Traffic Non-Encrypted Traffic Can we Actually Solve This? How do you Analyze Metadata without decrypting traffic flows? 80% of organizations are victims of malicious activity 41% Of attacks used encrypted traffic to evade detection
  73. 73. © 2016 Cisco and/or its affiliates. All rights reserved. 73 Encrypted Traffic Analytics Encrypted traffic analytics from Cisco’s newest switches and routers Security with Privacy Analyze netflow metadata without decrypting traffic flows Global-to-local knowledge correlation - 99.99% threat detection accuracy
  74. 74. 74© 2016 Cisco and/or its affiliates. All rights reserved. Summary
  75. 75. © 2016 Cisco and/or its affiliates. All rights reserved. 75 Key Takeaways Profile Based Deployment simplifies Day 0 Deployment and Day 2 Change Management Assurance must be outcomes driven and not problem based Intent Driven Networking Starts with Policy Automation must be thought holistically, as some of the simple tasks take the most amount of time
  76. 76. © 2016 Cisco and/or its affiliates. All rights reserved. 76 Automated Deployment It’s a Journey! Self-Driving Automation Plug and Play, Day 0 Deployment Configure once and deploy everywhere - SD-Access Exists Today ISE / AD NAE / PI DNA Center Campus Fabric SDA Future Closed Loop through Network Analytics and Machine Learning Network Analytics Platform DNA Center BB Campus Fabric SDA APIC- EM HTTP Proxy Internet Admin Installer New Step 1 Network admin previsions devices in Cisco Network Plug and Play applications Step 2 Onsite installer with mobile app installs and powers on devices, triggers deployment, checks status Step 3 New devices contact Cisco Network Plug and Play application to get provisioned Network admin can remotely monitor install status Basic Advanced One Point of Management: All from Cisco DNA Center Consistent Across Network Fabric
  77. 77. Thank you.

×