enterprise networks - cisco digital network architecture - introducing the network intuitive
TRANSCRIPT
© 2016 Cisco and/or its affiliates. All rights reserved. 1
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Network IntuitiveTammy GetschelChannel Systems Engineer
Jan 2018
CiscoConnect
© 2016 Cisco and/or its affiliates. All rights reserved. 2
Agenda• It’saDigitalWorld!
• AutomatingyournetworkwithDNACenter
• GainingDeepInsightswithAssuranceandAnalytics
• Summary
2
3© 2016 Cisco and/or its affiliates. All rights reserved.
It’s a digital world!
© 2016 Cisco and/or its affiliates. All rights reserved. 4
What is the Risk of Digital Disruption?• According to the Global Center for Digital Transformation in a survey of
941 companies:
of today’s Top-10 incumbents
(in terms of market share)
will be digitally disrupted
within the next 5 years
https://www.imd.org/uupload/IMD.WebSite/DBT/Digital_Vortex_06182015.pdfhttp://www.economist.com/news/business/21647317-messaging-services-are-rapidly-growing-beyond-online-chat-message-medium
40%in 5
© 2016 Cisco and/or its affiliates. All rights reserved. 5
Why Transform Digitally?
• According to Harvard Business Review, companies that master digital transformation generate:
more revenue than their industry peers, and
more profits than their industry peers
https://hbr.org/product/leading-digital-turning-technology-into-business-transformation/17039E
9%26%
© 2016 Cisco and/or its affiliates. All rights reserved. 6
UPS My ChoiceDelivery Control
Personalized Service
Customer ExperiencePhysical and Virtual
RFID Content
Workforce EfficiencyWIP Inventory and
Part Tracking
American ExpressPersonalized Service
Through Mobile
Starbucks AppsOrder AheadSkip the Line
6
Digital Transformation is Moving IT to the Boardroom
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6TECCRS-2700
© 2016 Cisco and/or its affiliates. All rights reserved. 7
Cisco Enterprise Networking Vision
Transform our customers’ businesses through powerful yet simple networks.
© 2016 Cisco and/or its affiliates. All rights reserved. 8
Digital Business Demands Application Agility
“…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning, installing network circuits is still a painstakingly manual process...”
— Andrew Lerner, Gartner Research
© 2016 Cisco and/or its affiliates. All rights reserved. 9
Agility Requires Faster Network Provisioning
Source: Forrester Source: Open Compute Project
Time IT spends on operations80% CEOs are worried about IT strategy not supporting business growth57%
Network Expenses Deployment Speed
0 10 100 1000
Computing Networking
Seconds0
100%
CAPEX OPEX
33% 67%
© 2016 Cisco and/or its affiliates. All rights reserved. 10
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Challenges for Traditional Networks
Slower Issue ResolutionComplex to ManageDifficult to Segment
Ever increasing number of users and endpoint types
Ever increasing number of VLANs and IP Subnets
Multiple steps, user credentials, complex
interactions
Multiple touch-points
Separate user policies for wired and wireless networks
Unable to find users when troubleshooting
Traditional Networks Cannot Keep Up!
Key Challenges for Traditional Networks
© 2016 Cisco and/or its affiliates. All rights reserved. 11
Digital Network Architecture (DNA)
Open and Programmable | Standards-based
Open APIs | Developers Environment
Cloud Service ManagementPolicy | Orchestration
VirtualizationPhysical and Virtual Infrastructure | App Hosting
Insights & Experiences
Network-enabled Applications
Cloud-enabled | Software-delivered
Automation & Assurance
Security & Compliance
PrinciplesAutomation
Abstraction and Policy Control from Core to Edge
AnalyticsNetwork Data,
Contextual Insights
© 2016 Cisco and/or its affiliates. All rights reserved. 1
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.Powered by Intent. Informed by Context.
© 2016 Cisco and/or its affiliates. All rights reserved. 12
Introducing DNA CenterRealizing vision of the intent-powered intuitive network
Decouple Policy from Network Topology
Industry Best-Practices Configuration and Policy
Compliance
Proactive Issue Identification and
Resolution
Policy AutomationAssurance and
Analytics
Translate business intent into network policy
Reduce manual operations and cost associated with
human errors
Use context to turn data into intelligence
© 2016 Cisco and/or its affiliates. All rights reserved. 13
DNA SolutionCisco Enterprise Portfolio
Automation AnalyticsIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DNA Center Simple Workflows
Wireless Controllers
DESIGN PROVISION POLICY ASSURANCE
14© 2016 Cisco and/or its affiliates. All rights reserved.
Automating your Network with DNA Center
© 2016 Cisco and/or its affiliates. All rights reserved. 15
Network Changes for AutomationStandard Change:
• Automated Change Request• No Approval Required• Fully owned by Network Engg
team with minimal to zero downtime
Non-Standard Change
• Require Approval by Change Board
• May require service disruption• Co-ordination with Application
team during change window
Settings Update (Syslog, NTP)
Password Update
Port Settings, VLAN changes
New device/site deployment
Software Update
New service/Update service
Network Changes
© 2016 Cisco and/or its affiliates. All rights reserved. 16
Impediments to Automation• Organizational structures
Different groups
• Lack of internal standardsSnowflakes!
• Historye.g. ACL CLIs
• Standard vs.non-standard changes
Enterprise Network change
requests.
65% Standard changes
35% New
initiatives
12% New lab configurations
10% Hardware upgrades
21% ACL updates
7% Fleet standardizations
7% Feature configs: IP/Routing
4% Power shut-downs
8% Hardware upgrades
3% Feature configs: Security
2% ACL updates
15% Other
12% Other
© 2016 Cisco and/or its affiliates. All rights reserved. 17BRKNMS-1499
What are Standard Network Changes ??
AAA ConfigurationDNS/DHCP ServersNTP ServersSyslog Servers Netflow CollectorsSNMP/SSH/Telnet
Interfaces ConfigurationACL’sDial PlansVrfRouting ProtocolsTunnels/DMVPNSecurity/CryptoQOSAVC
AAA ConfigurationDNS/DHCP ServersNTP ServersSyslog Servers Netflow CollectorsSNMP/SSH/Telnet
Interfaces ConfigurationSpanning TreeVLANSecurity/CryptoQOSAVC
AAA ConfigurationDNS/DHCP ServersNTP ServersSyslog Servers Netflow CollectorsSNMP/SSH/Telnet
SSID’sRFSecurity/CryptoQOSAVC
Routers Switches WLC’s
Standard Changes :
o No Approval Requiredo Minimal to Zero Disruption
Non-Standard Changes :
o Requires Approvalo May require service
disruptiono May need co-ordination
with other teams (App,DCetc) during change window
17
© 2016 Cisco and/or its affiliates. All rights reserved. 18
Use Case:
• Adding a new Syslog (Ex: Splunk) in the network
• SoX requirements to update password every 6 months
AAA Server
Site1
North America
South America Site2
Africa
EMEAR
AAA Server
DNS Server
Syslog Server
Syslog Server
DHCP Server
Benefits:
• Repeated manual error prone tasks automated
• Eng get additional time to focus on design and deployment
• Standard change automation removes the lead time to make changes
Network Settings Update (Standard)DESIGN
© 2016 Cisco and/or its affiliates. All rights reserved. 19
Network Design
Deployment Standardization
Network Compliance
Before
During
After
Profile Based Deployment
§ Plan for the network deployment § Feature and Capabilities to be
enabled based on requirements§ Topology for network
deployment
§ Automated Day 0 Deployment§ Version management of Profile
for Day 2 Change Management
§ Configuration Compliance Validation against Profile
§ Remediation of Configuration to Golden Config
Network Deployment Consistency using Profile Driven Automation
Configuration ConsistencySimplified Network Deployment
Integrated IT Process Flows
DESIGN
© 2016 Cisco and/or its affiliates. All rights reserved. 20
Workflows are foundational to Automation!• Drive consistency into the architecture via design profiles for WAN and Campus
Both physical and virtual
Add Site Properties under Network Settings
Customize Network Settings and
Credentials per Sub Area or Site
Create sub pools for Services,
LAN, Management at sub area or
site
Select golden image for
NFVIS, virtual services
Open Design > Network Hierarchy
Add Areas and Buildings
Add or Import IP
Pools
Add SP Profile
Add appropriate images into repository
Add custom CLI configsSave and
associate Site
Select device, WAN and LAN settings, add
required virtual Services
Create WAN Profile
DESIGN
© 2016 Cisco and/or its affiliates. All rights reserved. 21
DNA Center automates the Deployment and Operations
• Plug-and-play
• Software / config / license management
• Ensuring that Hardware is not EoL(Cisco Active Advisor)
• Software Image management (SWIM)
PnP Agent
Runs on Cisco® switches, routers, and wireless APAutomates discovery and provisioning
PnP Server
Centralized serverAuto-provision device w/ images & configs.Northbound REST APIs
PnP Protocol
HTTPS/XML based Open schema protocol
Network PnP Application UI
IWAN App
Topology Discovery
REST API
PnP Service DNA Center Controller
PROVISION
© 2016 Cisco and/or its affiliates. All rights reserved. 22
BRKNMS-
Visualize Software Images
• For a given Device Family, view :All images Image VersionNumber of Devices using a particular image
• Image Repository to centrally store Software Images, VNF Images and Network Container Images
22
© 2016 Cisco and/or its affiliates. All rights reserved. 23
Manage Software Images
BRKN23
• Import Images/SMU from :Cisco.comURL(http/ftp)Local PCAnother managed network device
• Remote File ServerLocalized file server for software distributionFile server mapped to site hierarchy
PROVISION
© 2016 Cisco and/or its affiliates. All rights reserved. 24
Platform extensibility for building custom apps
API and Data Models across multiple stages in DNA Stack
Integrations with complimentary platforms *
Open Interfaces and Integrations
Firehose *
Connectors
Graph API
Contextual Search
Cisco Assets
Industry Integrations
Flexibility Accessibility Expansibility
* : roadmap post FCS
25© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent, informed by context.
THE NETWORK.INTUITIVE.
© 2016 Cisco and/or its affiliates. All rights reserved. 26
ip access-list extended APIC_EM-MM_STREAM-ACLremark citrix - Citrixpermit tcp any any eq 1494permit udp any any eq 1494permit tcp any any eq 2598permit udp any any eq 2598remark citrix-static - Citrix-Staticpermit tcp any any eq 1604permit udp any any eq 1604permit tcp any any range 2512 2513permit udp any any range 2512 2513remark pcoip - PCoIPpermit tcp any any eq 4172permit udp any any eq 4172permit tcp any any eq 5172permit udp any any eq 5172remark timbuktu - Timbuktupermit tcp any any eq 407permit udp any any eq 407remark xwindows - XWindowspermit tcp any any range 6000 6003remark vnc - VNCpermit tcp any any eq 5800permit udp any any eq 5800permit tcp any any range 5900 5901permit udp any any range 5900 5901exitip access-list extended APIC_EM-SIGNALING-ACLremark h323 - H.323permit tcp any any eq 1300permit udp any any eq 1300permit tcp any any range 1718 1720
26
Intent-Based Application PolicyLegacy QoS Policy
© 2016 Cisco and/or its affiliates. All rights reserved. 27
• Express Business Intent• Translate into device specific policy/configuration• Leverage Abstraction (the controller knows about the device specifics)• Automate the Deployment across the Network• Insure Fidelity to the Expressed Intent (keep everything in sync)
User policy based on user identity and user-to-group mapping
Employee (managed asset)
Employee (Registered BYOD)
Employee (Unknown BYOD)
ENG VDI System
PERMIT
PERMIT
DENY
DENY
DENY
DENY
DENY
PERMIT
PERMIT
PERMIT
PERMIT
PERMIT
Production Servers Development Servers Internet Access
Protected Assets
Sour
ce
De-coupling ofUser Identity and Topology
Much easier to translate business objectives to network functionality—Lowers TCO
AutomationController-Led
NetworkingDeployment
Evolution to a Policy Model
27
POLICY
© 2016 Cisco and/or its affiliates. All rights reserved. 28
Policy types
Access Policy↓
Authentication/Authorization
Group Assignment Based on
Authentication methods
Access Control Policy↓
Who can access what
Rules for x-group accessPermit group to app
Permit group to group
Application Policy↓
Traffic treatment
QoS for ApplicationPath Optimization
Application compressionApplication caching
DBTh
ThTh
✓
POLICY
© 2016 Cisco and/or its affiliates. All rights reserved. 29
1. Access Policies• Access to the network is governed by ISE
users
things
Auth
entic
ate
& Au
thor
ize
(AAA
) Groups & Policy
ISE
Network
Identity (e.g. Active Directory)
SIEM
Location
Behavior Analytics
pxGridCASB
Vulnerability
Scalable Groups
CredentialsPosture
Profiling
POLICY
© 2016 Cisco and/or its affiliates. All rights reserved. 30
2. Access Control Policies• Access Control (who can talk to who) is governed by DNA Center
Leverages ISE for group assignments
users
things
Auth
entic
ate
& Au
thor
ize
(AAA
) Groups & Policy
ISE DNA Center
Policy Authoring Workflows
Fabric Management
Network
POLICY
© 2016 Cisco and/or its affiliates. All rights reserved. 31
DNA Automation – Access Control Policy Authoring
© 2016 Cisco and/or its affiliates. All rights reserved. 32
DNA Automation – Access Control Policy Authoring
33© 2016 Cisco and/or its affiliates. All rights reserved.
Gaining Deep Insights with Assurance and Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 34
Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
OpEx spent on Network Visibility and
Troubleshooting
75%
Policy Violations Due to Human Error
70%
Network Changes Performed Manually
95%
Main Operational Challenges
© 2016 Cisco and/or its affiliates. All rights reserved. 35
Make DataDriven Decisions
RevealHidden Patterns
Automation for FasterResults
Focus on Important Things
Business Value Propositions of Network Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 36
Collect relevant metrics
Architectural Requirement #1: InstrumentationASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 37
Categorize metrics by degrees of relevance
Architectural Requirement #2: On-Device AnalyticsASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 38
Upload critical metrics off the device to collector(s) (optimally via model-based streaming-telemetry)
Architectural Requirement #3: Telemetry
EMCollector
ASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 39
Provision long-term storage, retrieval and representation of network metrics and events
Architectural Requirement #4: Scalable StorageASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 40
Identify anomalies and trends
Architectural Requirement #5: Analytics EngineASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 41
Correlate all data points and permutations for cognitive and predictive analytics
Architectural Requirement #6: Machine LearningASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 42
Identify root cause of issues by contextually correlating data
Architectural Requirement #7: Guided Troubleshooting
EM
AnalyticsEngine
ASSURANCE
© 2016 Cisco and/or its affiliates. All rights reserved. 43
Present actionable insights to the operatorSolicit input to remediate the root cause
Present a self-remediation option
Architectural Requirement #8: Self-Remediation
EM
AnalyticsEngineEM
NetworkController
Do you want to take the recommended action?
Yes No
Do you want to take the recommended action?
Yes NoAlwaysAlways
ASSURANCE
44© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent, informed by context.
THE NETWORK.INTUITIVE.
© 2016 Cisco and/or its affiliates. All rights reserved. 45
DNA Software Capabilities
Cloud Service Management
Automation Analytics
Virtualization
DNA-Ready Physical and Virtual infrastructure
Security
Cisco DNA Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. 46
Cloud Service Management
Automation Analytics
Virtualization
Cisco DNA Architecture—Automation and Analytics
EM
NDP
NDP:Network Data Platform (Analytics Engine)EM
NCP
NCPNetwork Controller Platform
(Network Controller)
© 2016 Cisco and/or its affiliates. All rights reserved. 47
Cloud Service Management
Automation Analytics
Virtualization
Cisco DNA Architecture—Automation and Analytics
EM
NDPNDP:Network Data Platform (Analytics Engine)
Abstractionlayer
Intent OutcomeDelivering the IntentAnalyzing the Outcome
within the Context of the expressed Intent
Assuring the Intent
EM
NCP
NCPNetwork Controller Platform
(Network Controller)
© 2016 Cisco and/or its affiliates. All rights reserved. 48
Cisco DNA Architecture—DNA Center
EM
NDP
DNA Center Appliance
EM
NCP
DNA Center User InterfaceA single pane of glass for Design, Policy, Provisioning, and Assurance
© 2016 Cisco and/or its affiliates. All rights reserved. 49
Cisco DNA Architecture—DNA Center: Assurance
å
50© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent, informed by context.
THE NETWORK.INTUITIVE.
© 2016 Cisco and/or its affiliates. All rights reserved. 51
Transforming the Network with Big Data Analytics
Data
Insight
Information
Action
Create value at the right timeExtract meaningful insights from data
Volume
Data size• TB per day• Streaming telemetry,
NetFlow, Syslog, SNMP, logs
Velocity
Data speed• Firehose• Streaming, low-latency
push/pull
Variety
Data forms• Structured, unstructured • Switch, router, AP,
IoT sensor, firewall, load balancer, DHCP, DNS
Veracity
Data trustworthiness• Quality, validity• Internal, partner, public
Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 52
EM
NDP
NetworkTelemetry
Contextual Data
Data Collection and Ingestion
FW LB WLC Sensor
AAA
DNS DHCP
LDAP TOPOLOGY
INVENTORY
LOCATION
POLICY
ITSM
ITFM
StreamingTelemetrySNMP NetFlow Syslog
Data Visualization and Action
Network Assurance netWorth
Collector and Analytics Pipeline SDK
...
Data Models and Restful APIs
Time Series Analysis
System Management Portal
Network Data Platform
Data Correlation and Analysis
Machine Learning in the Cloud
CEP (*) Correlation
CEP = Complex Event Processing
Network Data Platform (Internal) Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. 53
NetFlow
AVC
DDI
ISE
Topology
Location
Device
NDPStream
Processing
Contextual Correlation Example
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
?
?
?
NetFlow
© 2016 Cisco and/or its affiliates. All rights reserved. 54
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
?
?
?
© 2016 Cisco and/or its affiliates. All rights reserved. 55
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
?
© 2016 Cisco and/or its affiliates. All rights reserved. 56
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
© 2016 Cisco and/or its affiliates. All rights reserved. 57
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
© 2016 Cisco and/or its affiliates. All rights reserved. 58
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st Floor
© 2016 Cisco and/or its affiliates. All rights reserved. 59
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDPStream
ProcessingSource IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st FloorDevice
Client Density Problem Here...
60© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent, informed by context.
THE NETWORK.INTUITIVE.
© 2016 Cisco and/or its affiliates. All rights reserved. 61
What is Machine Learning?• Machine learning is an application of artificial intelligence (AI) that provides systems the ability to
automatically learn and improve from experience without being explicitly programmed to do so• The process of learning begins with observations of data, and looking for patterns within the data so as to
make increasingly better correlations, inferences and predictions• The primary aim is to allow these systems to learn automatically without human intervention or
assistance and adjust actions accordingly
© 2016 Cisco and/or its affiliates. All rights reserved. 62
Project KairosFor Wireless, Wired and IOT
Cognitive Analytics
Netflix
Acce
ss P
oint
s
Device Type
Internet Video
YouTube
Anomaly detection across hundred of thousands of devices, dozen of thousands of gears and hundreds
of heat mapsMachine Learning
© 2016 Cisco and/or its affiliates. All rights reserved. 63
Project KairosFor Wireless, Wired and IOT
Cognitive Analytics Anomaly detection
Identify and proactively adapt to a failure before it happens
Machine Learning
Predictive Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 64
Machine Learning Algorithms build their models using hundreds of inputs
APs
WAN
Local WLCs
Network Services DCOffice Site
ISE
DHCP
Mobile Clients
CUCM
APIC-EM
~
~
~
~
~
~
~
~~
~
~
~
RF & EDCA behavioral metrics,..
Queuing, Dropping, WRED behavioral metrics…
Device type, OS release, behavioral metrics, ...
WAN & corenetwork metrics ..
Application metrics, user feedback, failure rate, ...
... and more
© 2016 Cisco and/or its affiliates. All rights reserved. 65
© 2016 Cisco and/or its affiliates. All rights reserved. 66
© 2016 Cisco and/or its affiliates. All rights reserved. 67
© 2016 Cisco and/or its affiliates. All rights reserved. 68
© 2016 Cisco and/or its affiliates. All rights reserved. 69
© 2016 Cisco and/or its affiliates. All rights reserved. 70
71© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
LEARNING
Powered by intent, informed by context.
THE NETWORK.INTUITIVE.
© 2016 Cisco and/or its affiliates. All rights reserved. 72Providing Security While Maintaining Privacy!
Encrypted Traffic
Non-Encrypted Traffic
Can we Actually Solve This?
How do you Analyze Metadata without decrypting traffic flows?
80%of organizations are
victims of malicious activity
41%Of attacks used encrypted traffic to evade detection
© 2016 Cisco and/or its affiliates. All rights reserved. 73
Encrypted Traffic Analytics
Encrypted traffic analytics from Cisco’s newest switches and routers
Security with Privacy
Analyze netflow metadata without decrypting traffic flows
Global-to-local knowledge correlation -99.99% threat detection accuracy
74© 2016 Cisco and/or its affiliates. All rights reserved.
Summary
© 2016 Cisco and/or its affiliates. All rights reserved. 75
Key Takeaways
Profile Based Deployment simplifies Day 0 Deployment and Day 2 Change Management
Assurance must be outcomes driven and not problem based
Intent Driven Networking Starts with Policy
Automation must be thought holistically, as some of the simple tasks take the most amount of time
© 2016 Cisco and/or its affiliates. All rights reserved. 76
Automated Deployment
It’s a Journey!
Self-Driving AutomationPlug and Play,
Day 0 DeploymentConfigure once and deploy everywhere - SD-Access
Exists Today
ISE / AD NAE / PI
DNA Center
CampusFabric
SDA
Future
Closed Loop through Network Analytics and Machine Learning
Network Analytics Platform
DNA Center
BB
CampusFabric
SDA
APIC-EM
HTTPProxy
Internet
Admin
Installer
New
Step 1Network admin previsions devices in Cisco Network Plug and Play applications
Step 2Onsite installer with mobile app installs and powers on devices, triggers deployment, checks status
Step 3New devices contact Cisco Network Plug and Play application to get provisioned
Network admin can remotely monitor install status
Basic Advanced
One Point of Management: All from Cisco DNA Center
Consistent Across Network Fabric
Thank you.