Tuesday, 27 October 2020

Zero to One Device Provisioning and Discovery with PnP Connect

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certification

What is PnP Connect?

Cisco Plug and Play Connect (a component of the Cisco Network Plug and Play solution) is a secure and scalable cloud-based service that provides a discovery mechanism for a network device to discover it on-premise Cisco DNA-Center or DNAC-Cloud. It’s the go-to solution for simple day-zero provisioning across all Cisco Enterprise platforms (routers, switches, and wireless access points).

What drives the necessity for this solution?

Installing and deploying the vast number of networking devices that reach their data center, branch networks, and campus rollout are costly for enterprises and campus deployments. Any computer usually has to be pre-staged by a professional installer and equipped with a CLI configuration via a console connection that allows it to connect to the rest of the network. This method is expensive, time consuming, and vulnerable to error. Due to these factors, customers would like to increase the speed and reduce the complexity of the deployment without compromising the security.

For PnP solutions we have the following 3 major pillars:

1. The solution should be simple, as that is critical for automation. For this our device should be able to call home to our controller, and this path should be robust.

2. The solution should be secure. We know some vendors have ZTP provision but that is traditional and not secure, specially through WAN connections. In PnP, the device gets secured connection via HTTPS solution and this gives the image to device. SUDI authentication is an added layer on top of this. When device calls home, a challenge is sent over the tunnel, and device will un-sign the certificate with a private key and it will be determined if the device is legit.

3. The solution has to have a consistent workflow for all kind of devices. Hence, we needed a simple secure unified and integrated solution that eases new branch rollouts or provisioning existing deployments.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certification

What are the PnP solution components?


Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certification

1. First, we need a server or orchestrator that makes the device do what it needs to do. This could be running on DNAC.

2. Second, the PnP agent is embedded in Cisco devices and communicates to the Cisco Network Plug and Play application using the open plug and play protocol over HTTPS during device deployments. The PnP agent attempts to obtain the IP address of the PnP server it wishes to connect with. The agent interacts with the PnP server to conduct deployment-related activities after a server is identified and a connection has been created.

3. PnP Server communicates with the PnP agent on the device using PnP protocol.
PnP protocol is the main connection. From that connection they will start using PNP schema (XML schema) to tell each other what they need to do and from there we provision the image or config.

4. If the device is not able to communicate to the server using DHCP or DNS it can use the PnP connect cloud-based service. This is the PnP Connect solution we launched that redirects device to the on prem DNAC.

How does PnP connect work?


Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certification

PnP connect is a highly automation-based pre -provision workflow. Under this solution all the configurations that are to be pushed, site hierarchy and software image details are associated to a certain Serial Number of a device. All of this information will be linked to the device using the Smart Account. We can put our smart account information in our order when we buy it.

If you order plug and play network devices through Cisco Commerce Workspace (CCW), these network devices are automatically registered with Plug and Play Connect as long as a Cisco Smart Account is assigned to the order and you include the NETWORK-PNP-LIC option for each device that you want to use with Cisco Network Plug and Play. This option causes the device serial number and PID to be automatically registered in your Smart Account for plug and play.

There is also an option to manually add the device. The users can import a device from a CSV file or enter the devices information manually.

We also need to register DNAC as the default controller for the Smart Account, which will port all the SNs to DNAC. So, we will not need to import separate CSV files. Now, when device boots up their SN will get mapped and it will be sent to the mapped on-prem DNAC and all of configurations that were supposed to be pushed will be done accordingly in association to site.

The flexibility and efficiency that is achieved by using PnP connect is what makes it the true-blue solution.

Related Posts

0 comments:

Post a Comment