Quick automation wins with Cisco DNA Center

With the investment into today’s modern and agile networks, many IT organizations are searching for intelligent tools that can help simplify the complexity that comes with the advanced capabilities of today’s networks and keep up with the business demands. Topping off the complex challenges, many organizations are facing challenges on how to bridge the growing IT skill gap and automate various aspects of their network management.

In a recent Gartner article regarding the State of Network Automation, according to the article:

◉ 41% of network activities are less than 10% automated.

◉ 31% of network activities are 11% to 25% automated.

Essentially 72% of network activities are less than 25% automated. Separately, Gartner has also identified 4 IT personas (AIOps, NetOps, SecOps, and DevOps), stating that NetOps2.0 is the evolution of network operations towards automation.

Attributes of NetOps 2.0 include an Automation-first approach, embedded analytics, SecOps integrations, and Turn-key DevOps tools.  IT organizations that embrace this approach can achieve increased IT agility, Proactive network operations, and an increased level of collaboration between common silos in IT organizations. An additional outcome is minimized friction between the NetOps, SecOps, and DevOps personas.

When it comes to automation products, the Inventor’s paradox states, “It is easier to solve a more general problem that covers the specifics of the sought-after solution”.  Organizations who transitioning to AIOps, NetOps2.0, and automation platforms, are faced with common challenges and limitations such as:

◉ Automation products are often not bi-directional with network equipment

◉ Third-party products lack Cisco’s deep understanding of the network and platforms

◉ Lack of tight integration between the hardware and software platforms

◉ Lack of cross-domain visibility between the campus, data center, and the cloud

◉ Reliance on legacy SNMP protocol which provides limited visibility and control

◉ Limited AI capabilities due to lack of data quality and domain specialization

Out-of-the-box automation with Cisco DNA Center

While there are various barriers to network automation, there are some pragmatic methods by iterating on non-change and/or non-production automation activities, leading to some “quick automation wins.” Below are some “quick automation wins” examples available out of the box with Cisco DNA Center automation.

◉ Network Device Configuration Backup and archival of all network devices.

◉ Integration with ServiceNow, which automats auto-population of trouble tickets.

◉ Automated creation of network availability baselines and compliance reporting.

◉ Automated creation of user experience baselines and reporting.

◉ Maintenance mode to enable/disable monitoring during change windows.

◉ Automated network performance testing with MRE (Machine Reasoning Engine) and features such as Truetrace and path trace to automate and expedite troubleshooting.

◉ Automated packet capture for network anomalies.

◉ Redundant Link Monitoring.

◉ RMA Automation workflows.

◉ Automated creation of application health and reporting.

◉ Software Upgrade Cycle

Granular Automation Control

In looking at Cisco DNA Center’s automation suite, Cisco DNA Center not only provides automation features but also provides the granular control to enable workflows and actions from manual to AI-assisted to selectively autonomous change management. Let’s look at the three modalities of automation possible with Cisco DNA Center:

Manual (clickOps) is where many organizations are today; all administrative actions are performed by or initiated by an operator. Numerous automated workflows need manual initiation, but they still automate numerous repetitive steps such as SWIM for software updates. Additionally, some of these can be automated through templates and EEM (Embedded Event Manager) triggers.

Figure 1. Cisco DNA Center (SWIM) Software Image Management Cycle

AI-Assisted is where leveraging the depth of knowledge, streaming telemetry, and Cisco’s vast knowledge and experience in running networks; Cisco DNA Center can identify issues and use the MRE to suggest troubleshooting steps and possible remediation. MRE is a network automation engine that uses AI (artificial intelligence) and ML (machine learning) to automate complex network operation workflows. This feature encapsulates human knowledge and expertise into a fully automated inference engine to help you perform complex root cause analysis, detects issues and vulnerabilities, and either manually or automatically perform corrective actions.

Figure 2. Cisco DNA Center Compliance automation with configuration drift

Autonomous Change Management (ACM) provides for Cisco DNA Center to be enabled to perform and enforce automated actions on the network under predefined conditions and events. As today’s networks grow at incredible rates with new demands, manually managing all aspects of the network is no longer feasible for humans. Nor do most organizations have staff watching alerts every second of the day. The integration of AI/ML into the automation engine enables Cisco DNA Center to regularly tune the network based on predictions and models, which can greatly optimize the user experience and network performance.  Compare human intervention as the ax vs. AI-driven automation doing it with a scalpel.  This can be the difference between a system taking proactive measures vs. correcting an issue after it occurred.

Doing a left shift and taking automation to the next level, depending on the intents and architecture of the network, there are several highly automated deployment models, such as the Software-Defined Access (SDA), User Defined Networking (UDN), and AI-RRM, which are highly ACM deployments within the Cisco DNA Center solutions suite.

Focusing on automation outcomes and benefits

Focusing on outcomes, as organizations embark on network automation, there are various success metrics and business outcomes that can be tracked, such as:

Tangible Metrics	Intangibles
Faster moves adds and changes Consistent Configuration Quicker MTTR Reduction in network issues Improved security posture	Team Agility Ability to scale at speed Bridging the IT skill gap

Source: cisco.com

Continue reading

How Cisco DNA Assurance Proves It’s ‘Not a Network Issue’

When something in your house breaks, it’s your problem. When something in your network breaks, it’s everyone’s problem. At least, that’s how it can feel when the sudden influx of support tickets, angry phone calls, and so on start rolling in. They quickly remind you that those numbers behind the traffic visualizations are more than numbers alone. They represent individuals. That includes individuals who don’t notice how the infrastructure supports them until suddenly… it’s not.

The adage that “time is money” applies here, and maybe better than anywhere else. Because when users on the network cannot do what they came to do, the value of their halted actions can add up quickly. That means reaction can’t be the first strategy for preserving a network. Instead, proactive measures that prevent problems (ha, alliteration) become first-order priorities.

That’s where Cisco DNA Center and Assurance comes in, and along with it, Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) v2.0, the DNAAS course.

Let’s Start with Intent

This will come as no surprise to anyone, but networks are built for a purpose. From a top-down perspective, the network provides the infrastructure necessary to support business intent. Cisco DNA Center allows network admins and operators to make sure that the business intent is translated into network design and functionality. This ensures that the network is actually accomplishing what is needed. Cisco DNA Center has a load of tools, configs, and templates to make the network functional.

What is Cisco DNA Assurance?

Cisco DNA Assurance is the tool that keeps the network live. With it, we can use analytics, machine learning, and AI to understand the health of the intent-based network. DNA Assurance can identify problems before they manifest into critical issues. DNA Assurance allows us to gauge the overall health of the network across clients, devices, and applications and establish an idea of overall health. From there, we can troubleshoot and identify consistent issues compared to the baseline health of the network — before those issues have a significant impact. We don’t have to wait for an outage to act. (Or react.)

We’re no longer stuck in this red-light or green-light situation, where the network is either working or it’s not. When the light goes from green to yellow, we can start saying, “Hey, why is that happening? Let’s get to the root cause and fix it.”

Obviously, this was all-important before the big shift to hybrid work environments, but it’s even more critical now. When you have a problem, you can’t just walk down the hall to the IT guy, you’re sort of stranded on an island, hoping someone else can figure out what’s wrong. And on the other hand, when you’re the person tasked with fixing those problems, you want to know what’s going on as quickly as possible.

One customer I worked with installed Cisco DNA Assurance to ‘prove the innocence of the network.’ He felt that being able to quickly identify the network problem, especially if it was not necessarily a network issue, helped to get fixes done more quickly and efficiently. DNA Assurance helped to rule out the network or ‘prove it was innocent’ and allow him to narrow his troubleshooting focus.

Another benefit of DNA Assurance is that it’s built on Cisco’s expertise. 30+ years of experience with troubleshooting networks and devices have gone into developing Assurance. Its technology doesn’t just give you an overview of the network, it lets you know where things are going wrong and helps you discover solutions.

About the DNAAS course

Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) v2.0 is the technology training course we developed to teach users about Cisco DNA Assurance. The course is designed to give a clear understanding of what DNA Assurance can do and to build a deep knowledge of the capabilities of the technology. It’s meant to give new users a firm handle on the technology while increasing the expertise of existing users and empowering them to further optimize their implementation of DNA Assurance.

One of the things we wanted to do was highlight some of the areas that users may not have touched on before. We give them a chance to experience those things and potentially roll them into tangible solutions on their own network. It’s all meant to be immediately actionable. Users can take this course and instantly turn back around and do something with the knowledge.

Labs are one of the ways that we’ve focused on bringing more of the experience to users who are taking the course. New users are going to interact with a real DNA Center instance, and experienced users are going to have the chance to see new configurations. We build out the fundamental skills necessary to use DNA Assurance, rather than focusing on strict use cases.

We treated it like learning to drive a car. We could teach you all the specifics about one highly specialized vehicle, or we could give you the foundational skills necessary to drive anything and allow you to work towards your specific needs.

Overall, students are going to expand their practical knowledge of DNA Assurance and gain actionable skills they can immediately use. DNAAS is an excellent entry into the technology for new users and an equally excellent learning opportunity for experienced users. It helps build important skills that help users to get the most out of the technology and keep their networks running smoothly.

Source: cisco.com

Continue reading

Want SASE? Just Add Software!

Twenty-first-century networking

It seems like a simple idea. All you want is to get the network to do what you intend it to. Nothing more, nothing less. But in today’s world, there are so many factors when it comes to networking: more users, more devices, security concerns, various domains, distributed applications, cloud, artificial intelligence (AI), 5G, IoT — the list goes on and on.

Cisco’s SD-WAN can help you. It transforms a legacy manual network into a software-defined overlay that helps both automate deployment and management and provides more intelligence with policies for path selection to improve user experience. Those policies are then applied consistently across the network, a network that now uses insights and automation to continuously monitor and adjust network performance to meet your business intent. Think of it as a continual feedback loop of incremental improvement.

Building upon the connectivity of SD-WAN, secure access service edge (SASE) is an architecture that combines connectivity and security. Coined by Gartner in 2019, SASE unifies SD-WAN networking and security services into a cloud-delivered architecture to provide access and security from edge to edge — including the data center, remote offices, roaming users, and beyond.

Is your wide area network underpinned by a 1000 Series ISR? Are you running 4000 Series ISRs? Do you have a few ASR 1000 Series units? Did you have a Cisco ONE license? Did you recently renew your Software Support Service (SWSS) on those devices? Consider this: the Cisco routing devices you currently have in your wide area network may already hold your ticket to entry into the world of SD-WAN and SASE.

You don’t need a forklift

“How can that be?” you may be wondering. The answer lies in the magic of software.

Think of it this way. In the past, if you wanted to upgrade the performance of a car, you had to swap out hard parts. Camshafts. Differentials. Transmissions. Engines.

Today, many cars just need a software update to the engine control module (ECM). Dinan for BMW. Cobb Tuning for Mitsubishi. And of course, Tesla and its downloadable software updates to unlock the high-performance “Ludicrous Mode.”

Figure 1. Tesla Driver Console

Not a car buff? Then how about mobile phones? Same hardware, but new Android or iOS software with added functionality. For example, the iPhone 6S came out in September 2015 running iOS 9. Six years and an equal number of major software releases later (iOS 15.2 was released on December 13, 2021), the iPhone 6S can be still upgraded to iOS 15.2.

Why shouldn’t it be the same for networking hardware? Upgrade the software and enjoy new functionality on your old hardware. Did you know that your Cisco routers are also software-based? This may enable you to migrate from traditional routing to SD-WAN with the hardware you have today. You may even have the Cisco DNA software entitlement already and not know it!

Figure 2. Cisco Router Families

Where the bytes meet the copper

You likely have some or all of the three product families shown above (the ISR 1000 Series, the ISR 4000 Series, and the ASR 1000 Series) supporting your traditional routing network. And they have undoubtedly been doing an exemplary job. But those devices are capable of so much more. In fact, these models can be upgraded to our latest software for routers: Cisco IOS XE SD-WAN. With this new software they can handle your changing traffic pattern: the tsunami of traffic headed to new cloud services and software-as-a-service (SaaS) applications in public clouds and the internet.

Cisco makes this upgrade easy with an SD-WAN conversion tool that greatly facilitates migrating from traditional routing to SD-WAN. This tool analyzes your current router configuration and automatically creates a new router configuration for SD-WAN. Not only does this save countless hours of work, but it also guarantees consistency in the configuration of each branch router. You can even automate the software installation with Cisco vManage zero-touch upgrading.

All it takes to unlock these nascent capabilities is Cisco DNA Software for SD-WAN and Routing. Three subscription tiers are available: Essentials, Advantage, and Premier. Each is aligned to the degree of enhancement network managers need in SD-WAN security, management, and automation. Every Cisco DNA Software for SD-WAN and Routing subscription also includes a perpetual license that covers all aspects of traditional routing, a license that never expires.

Figure 3. Cisco Subscription Licensing for SD-WAN

For those of you looking to continue your journey with SD-WAN into the world of SASE, Cisco provides all the core building blocks of a SASE architecture and Cisco DNA Premier is your tier. Once in place, you can layer on Cisco Umbrella for security, Cisco Duo for zero-trust network access, and Cisco ThousandEyes for internet and cloud visibility. This combination of best-in-class networking, connectivity, security, and extended visibility capabilities helps you deliver an exceptional user experience across a distributed IT landscape. 

You don’t want to miss out!

If you recently upgraded your Cisco SWSS for your routers, you may not have noticed that Cisco DNA Essentials for SD-WAN and Routing are included. This means that initiating the jump into SD-WAN may be a no-cost endeavor for you. You really do owe it to yourself to at least explore the possibility of migrating over to SD-WAN to avail yourself of its benefits, especially if you already own the license to enjoy it.

And finally, don’t let that subscription lapse. The traditional routing perpetual license is nice to have, but there are two things you need to be aware of with that license. First, any network management you enjoy through Cisco DNA Center is contingent upon a valid Cisco DNA license. And second, you will lose the entitlement to use any SD-WAN functionality should the subscription license expire.

Source: cisco.com

Continue reading

Latest Innovations in Cisco DNA Software for Wireless

Cisco has continued to deliver on its promise of innovation in our Cisco DNA software for Wireless subscription. Networking demands are increasing and trends in technology are changing, like the need for a safe and productive hybrid work environment. By deploying the latest innovations in Cisco DNA Advantage software for Wireless along with Cisco DNA Center, you can provide your workforce with improved wireless stability, performance, and security. This leads to increased worker productivity, no matter where they are working from.

What’s new?

Wireless 3D Analyzer: Gain a completely new perspective of the typically invisible Wi-Fi radio frequency (RF). 2D maps that show AP placement on the floor and how RF is propagated from a top-down view no longer cut it because we live in a 3D world. As a network provider, in order to ensure that there is proper wireless coverage in every floor and building, you would need the ability to view wireless RF at different angles in order to discover and resolve RF coverage holes. The wireless 3D map solves these issues by creating an immersive experience that accurately replicates your floor map and all obstacles. This is an incredible addition to our monitoring and network deployment feature set.

Figure 1: Wireless 3D Analyzer

AI-Enhanced RRM: Leverage artificial intelligence to optimize your wireless performance. Traditional radio resource management (RRM) does not consider trends in usage and critical work hours during the day. Radio optimizations are reacting to static threshold alarms as they occur. RRM doesn’t consider the dynamic properties of a wireless network – like the addition of cubicles, furniture, more devices, interference etc. AI Enhanced RRM evaluates two weeks worth of RF data with artificial intelligence to discover patterns and then proactively optimize your wireless before issues occur. This leads to stable wireless connectivity leading to consistent end user experience.

Figure 2: AI-Enhanced RRM

AP Performance Advisories: As your wireless network grows to dozens or hundreds of access points,  underperforming access points can easily go unnoticed. AP Performance Advisories uses machine learning to measure and benchmark client experience parameters across all of your access points. It then flags any underperformers and lists them on the advisory dashboard. This helps identify and isolate poor-performing APs based on end-user experience and enables proactive AP performance optimization efforts to maintain client experience. You can monitor KPIs for these poor-performing APs and investigate further. You can get a view of the top 3 poor-performing APs in a screenshot helping to prioritize which ones to troubleshoot.

Figure 3: AP Performance Advisories

Intelligent Capture: Resolve even the most difficult wireless issues with technical insight into metrics from both a client and access point perspective. It provides support for a direct communication link between Cisco DNA Center and access points, so each of the APs can communicate with Cisco DNA Center directly. Using this channel, Cisco DNA Center can receive packet capture (PCAP) data, AP and client statistics, and spectrum data, allowing you to access data from APs that is not available from wireless controllers.

Figure 4: Intelligent Capture

How can I get these features and more?

If you already have a Cisco DNA Advantage subscription in Wireless along with Cisco DNA Center, you will get to utilize these features at no additional cost to you.

If you do not have a Cisco DNA Advantage subscription or if you have a Cisco DNA Essentials subscription, the time to upgrade is now. We will continue to innovate and add more wireless features to our advantage tier.

Source: cisco.com

Continue reading

Improving Application Experience with Deep Network Visibility

In the not-too-distant past, everything in the application and networking stack was under IT’s control. Workloads lived securely in the on-premises data center—people sat in their campus offices connected to the secure wireless network, and an MPLS service with an SLA connected branch offices to the data center and each other.

Today, workforce productivity depends on cloud and SaaS applications that often rely on the public cloud infrastructure, which in turn depends on the internet as part or all the WAN connectivity. The internet paths depend on a multitude of ISPs, CDNs and advanced network services. Hybrid and native clouds applications are mostly containerized, so performance can be affected by the communication paths among the microservices, both in the data center and cloud. The total application experience as perceived by the workforce is dependent on the performance of all the components of applications and network connections acting in concert. If one element falters, the whole experience can be impacted.

NetOps and DevOps need to understand the interdependencies among the component applications and tune the enterprise network and internet paths accordingly. A unifying view can only be provided by the network fabric that monitors and analyzes the full stack of interlacing components: from the foundational network data layer to the software-defined WAN to application containers in the cloud. With the workforce accessing applications from literally everywhere, all the time, IT requires pervasive, real-time monitoring of network, internet, and application performance with auto-healing capabilities. This is Deep Network Visibility, driven by software-defined controllers and network analytics that enable ​action, policy, and automation.

Visibility Begins with a Comprehensive Historical View

To improve application experience, IT needs tools to record, analyze, and report on network and application activity at a massive scale to build a deep historical data set against which to apply AI and Machine Reasoning tools. Hybrid and cloud applications consist of multiple micro-components connected by east-west traffic in the data center or cloud service. Continuous monitoring and analysis are needed to optimize application experience because many inter-application communication issues are transitory and difficult to replicate. Application performance needs to be recorded for machine analysis to determine recurring issues and root causes. Deep Network Visibility from the perspective of the application requires:

◉ Application experience as measured by ThousandEyes, NetFlow, and AppDynamics.

◉ Dependency graph to the underlying composite application services and infrastructures.

◉ Comprehensive availability and performance data on each of the supporting components such as composite application services, public cloud services, ISPs, networking devices, compute and storage infrastructure.

The irony of having mountains of telemetry and activity logs awaiting analysis by overworked IT teams is that there is too much noise in too much data for humans to deal with in a timely manner. When the volume of data is beyond human scale and below human sensitivity, machine reasoning (MR) can automate the analysis of trillions of bytes of switch and router telemetry, wireless radio fingerprints, and network access point interferences to uncover patterns in the chaos, and turn the findings into actionable insights and automated mitigation actions.

Automated Visibility with AI Network Analytics

To make full use of the deep historical and real-time data, IT can take advantage of an analytics software stack that can:

◉ Use purpose-built applications to augment human engineers in NetSecOps with Insights into network performance and security vulnerabilities.

◉ Leverage machine-speed analytics and knowledge-base Machine Reasoning Engine (MRE) to unburden NetSecOps from mundane monitoring tasks to focus on proactive digital transformation projects with DevOps.

◉ Achieve massive collection, storage, and analysis of diverse data lakes—collections of anonymized network and application telemetry based on volume, velocity, and variety of data to compare performance and security metrics.

For several decades, Cisco has been building a data lake of worldwide, anonymized customer telemetry in parallel with a knowledge-base of expert troubleshooting experience, both of which are available to machine reasoning algorithms under the command and control of Cisco DNA Center. With Cisco AI Network Analytics, NetOps can, for example, be forewarned of increases in Wi-Fi interference, network bottlenecks, uneven device onboarding times, and office traffic loads in the more traditional data center and campus network environments.

Better Outcomes with Data and Automation

Visibility for cloud-based applications, however, needs a different approach as much of the application infrastructure is not under direct control of IT. Direct internet connections to clouds can be unreliable—especially for latency-sensitive applications—unless they are monitored and automatically tuned using cloud onramps.

Gaining deep visibility with Cisco Cloud OnRamps for each of the major cloud services—Microsoft Azure, Amazon AWS, and Google Cloud, as well as colocation, and SaaS platforms—provides the ability to monitor and set performance parameters that are automatically applied to maintain the proper quality of service based on the type of application and cloud provider. Paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels among cloud workloads and edge devices. Cisco AppDynamics and ThousandEyes provide application layer visibility for inter-cloud and intra-cloud dynamics that enables NetOps and DevOps to monitor and identify factors affecting application experience.

Network Analytics + Software-Driven Controllers = Deep Network Visibility

Cisco AI Network Analytics working in conjunction with Software-Driven Controllers also enables Deep Network Visibility. Operational intents and security policies defined in software-driven controllers are compared with telemetry and operational anomalies detected by an MRE to automatically adjust operations or isolate rogue devices. Always-on AI Analytics watch over the distributed workforce and workloads at machine-speed, making automatic adjustments or sending alerts with suggested remediations to appropriate levels of IT personnel or to ITSM applications to log and kickoff trouble tickets. Over time, NetOps and DevOps can fine-tune application performance using a consistent flow of insights from analytics to adapt to changes in workloads, workforce, and workplace.

AI and MRE also provide customized recommendations on updates and patches for controllers. Upgrading controllers carries a certain risk given the complexity and many differences among existing network configurations. Knowing in advance what affect an update can have—and even if it applies to the existing configuration—can bring peace of mind to the process. Does a specific configuration warrant a patch if that issue is not relevant? If not, then there is no reason to force an update that is not required. Are controllers running an OS version with active PSIRT vulnerabilities? NetOps is alerted to put a higher priority on upgrading those specific controllers. Automation and visibility go hand in hand to make operation teams more efficient so they can spend time on more valuable tasks.

Deep Visibility Provides Operational Simplicity and Serviceability

Deep Network Visibility is the foundation of a network and security operating model that ensures application experience and trust. The ultimate outcome of attaining Deep Network Visibility is to make all the operations teams—NetOps, SecOps, DevOps and CloudOps—able to work together to raise the levels of serviceability across the application infrastructure. Automations that support Deep Network Visibility simplify operations by eliminating many of the time-consuming and tedious tasks of network monitoring and troubleshooting. I will address how Cisco DNA Center delivers specific capabilities for the four network personas in a future blog post.

At Cisco, we believe: “The more you can see, the more you can solve. The more you can solve, the more you can automate. And the more you can automate, the more resilient and agile your entire business becomes.” Automation with Deep Network Visibility is key to ensuring that application experience delivered to the workforce and customers meets or exceeds expectations.

Source: cisco.com

Continue reading

What’s New in Cisco DNA Software: SD-WAN and Routing

Introduction

The enterprise networking business seems to always be in a state of flux. Entrants, features, solutions ebb and flow into and out of the market like tides at a beach in Florida. We know that you have come to trust Cisco as your enterprise networking partner and rely on us to ensure that the networking and security tools at your disposal are the sharpest and most fit for purpose in the market. In the spirit of continual improvement, and our goal of delighting our customers, we are happy to announce the following improvements to Cisco DNA Software for SD-WAN and Routing.

All good things come in three …

Cisco has made substantial changes to Cisco DNA Software for SD-WAN and Routing subscriptions all effective and implemented by the end of December 2021. The changes fall into three distinct areas: Cisco DNA for SD-WAN and Routing tier improvements, expanded bandwidth tiering, and right-pricing the Cisco DNA for SD-WAN and Routing Solution. We’ll discuss each of them in turn.

This section covers changes made to Cisco DNA Essentials for SD-WAN and Routing. Cisco is moving several features previously available in Cisco DNA Advantage down into Cisco DNA Essentials. Specifically, we have moved several Cloud Networking and Security features to Cisco DNA Essentials to enhance our SD-WAN and Routing entry-level offering for small and medium businesses, and to meet the needs of price-sensitive customers. Additionally, we have increased the VPN limitation in Cisco DNA Essentials to 4+1 (User/Management VPNs). The list and chart below speak to the feature additions in Cloud Networking and in Security to Cisco DNA Essentials for SD-WAN and Routing.

Cloud Networking functionality moving to Cisco DNA Essentials

◉ Essential Cloud OnRamp for IaaS, SaaS, and Colo

◉ Multicloud: GCP, AWS, Azure

Security functionality moving to Cisco DNA Essentials

◉ Cisco AMP with SSL proxy

◉ Basic URL filtering

As you can see, no changes were made to the feature functionality of, or license quantities included with, Cisco DNA Premier for SD-WAN and Routing.

Bandwidth Expansion

We have two changes in this section. First off, we have expanded Bandwidth Tier availability to all Cisco’s SD-WAN capable device families. Customers purchasing Cisco ISR and Cisco ASR devices now have the ability to select bandwidth tiers instead of individual bandwidth levels. Secondly, Cisco has increased the nominal and aggregate bandwidth capacities of Tier 0 and Tier 1 bandwidth purchases. Please consult the below chart detailing those changes.

We intend to slowly phase out the Discrete Bandwidth Level pricing construct in favor of the Tiered Bandwidth approach. You can assume that by the end of March, 2022, Tiered Bandwidth will be the only selection available.

Right-Pricing

Following the time-honored tradition of saving the best for last, pricing for Cisco DNA Essentials and Advantage for SD-WAN and Routing was given a once over and deemed lacking. Our analysis showed that price-sensitive customers were having difficulty aligning the cost of the subscription to the benefits of the subscription. The analysis also covered the competitive market and found there was room for improvement there as well. As a result, Cisco has revamped the subscription pricing for Cisco DNA software for SD-WAN and Routing, aligning the cost to the benefit and making Cisco much more competitive in the marketplace. The pricing adjustments will only be made to the Tiered Pricing option (Tiers 0/1/2/3), and not to the Discrete Bandwidth Level pricing. Pricing for Cisco DNA Premier for SD-WAN and Routing remains unchanged.

We won’t go into the grisly details here in this blog, but as a new subscriber, you will enjoy across the board list price reductions between 10% and 20% for Cisco DNA Essentials and Advantage subscriptions purchased in an Enterprise Agreement. If you’re looking at a la carte purchases, the list price reduction could be as high as 25%!

Source: cisco.com

Continue reading

Connecting people, places, and things – Cisco Networking innovations for hybrid work

The world is changing and the structure of connectivity between users, businesses, and devices has entered a new dimension. The rate of transformation has accelerated, including major advances in collaboration and access to applications and data from anywhere. However, remote connectivity has enlarged the attack surface for cyber criminals and troubleshooting outside your corporate border is challenging.

Our customers are looking for solutions for hybrid work, providing agility for users to securely connect from work, home and everywhere in between. Businesses must empower their hybrid workforce with seamless access to cloud applications and high-quality collaborative experiences. IT is also tasked with maintaining security, control, and governance across devices, networks, clouds and those applications.

Our latest Networking innovations provide advanced analytics and insights to improve operations for remote IT operators, along with greater integration with storage and cloud providers for more seamless and secure access to applications and data. Learn more about how these innovations can improve the user experiences to support hybrid work environments below.

Wireless 3D Analyzer in Cisco DNA Center

Simplified Operations for the Workforce and Workspace

To better support the demands of the hybrid workspace, the Cisco DNA Center release 2.2.3 brings exciting upgrades that enable IT to improve wireless performance, facilitate zero trust networking, and support smart building deployments.

With the new Wireless 3D Analyzer, Cisco announces the first true 3D wireless indoor propagation tool. Use your mouse to move around and visualize where signal is propagating through the actual architectural design of your office. You can simulate adding walls or reorganizing the workspace to accommodate your return to office plan. Then do a simulation of the new wireless network design to support this new plan so that you buy what you need without over-dimensioning. And IT teams can simulate this office redesign without being in the office themselves.

Now you can enjoy real time visibility over your zero-trust network like never before. Across both your offices and remote workers, a new policy analytics dashboard gives you complete policy and endpoint status at a glance. You’ll see alerts for any attempted policy violations, including spoofing detection, and a granular trust score engine for specific details on endpoint security decision parameters.

Deploying Smart Buildings means supporting more and more IoT endpoints. Network teams struggle to get complete visibility for PoE switch capacity and actual endpoint power consumption without visiting remote branches. Our new PoE Analytics dashboard can show your team actual power usage, available power, and in which ports. The tool then monitors these devices for unusual power consumption and other anomalies. Need to send five new IP cameras to the office in Singapore? Now you can tell the local team what switch ports have power and monitor the usage.

We are also making it easier to add on other Cisco DNA software products to your network with the Cisco DNA Expansion Pack. This new offer allows you to enhance your Cisco Networking solutions with SD-Access, Zero Trust Networking, Encrypted Traffic Analytics (ETA), digital experience monitoring, location analytics and assurance. It provides flexible way to purchase Cisco Identity Services Engine (ISE), Cisco DNA Spaces, Cisco ThousandEyes, Secure Network Analytics (Stealthwatch) and other licenses, appliances, and services in one convenient bundle.

Putting IT in control of Internet traffic

Hybrid work has also shifted traffic patterns, where more traffic runs across the Internet. To securely scale out your network to the Internet, Cisco SD-WAN provides a software-defined approach to managing across your users, branches, clouds and the Internet. Businesses are moving to a multicloud environment that requires secure connectivity everywhere and visibility that extends from into your enterprise network and beyond into the cloud.

Now, more than ever, enterprises need agility to adjust their business models as they continue their journey to the cloud. In this release, we are offering greater interconnection with Cloud and SDCI partners, enhanced multitenancy support and several other advancements for Cisco SD-WAN.

Cisco SD-WAN Cloud Interconnect with Equinix delivers seamless, automated connectivity to multiple IaaS and SaaS environments, without all the complexity. The joint solution enables customers to create network connections to their multicloud deployments with greater agility, reduced operating costs, and increased speed to market compared to classic connectivity options. ​

Managing multi-domain networks and applications has created complexities and IT requires a simple approach. The integration of Cisco SD-WAN Cloud Hub with Google Cloud Service Directory allows enterprises to automate SD-WAN policy for custom applications in multicloud based on application profile. ​The solution bridges DevOps and NetOps; now DevOps can define traffic profiles in Google Cloud Service Directory and NetOps can translate those profiles into network policies.

Cisco Cloud OnRamp for IaaS: Azure Secure vWAN extends the SD-WAN policy seamlessly to Microsoft Azure and then it provides analytics via telemetry for troubleshooting in Azure as well as secures connectivity to every type of traffic flow. Cisco is the first Enterprise SD-WAN Partner to support an additional layer of security with support for service chaining with Azure Firewall in the Azure Virtual WAN Hub. This process has traditionally been manual and tedious. With this integration, the guesswork is removed, and customers can save time by automatically securing any traffic whether it originates from branch to host vNets, or vNets to Branch, branch to internet or vNet to Internet.

Many customers rely on a Managed Service Provider (MSP) to build out their SD-WAN. Recent enhancements in Cisco SD-WAN Multitenancy increases both scalability and security, which will increase capacity and density to scale and reduce costs for MSPs as well as large enterprises that require multitenancy. The addition of Reverse Proxy adds a layer through which access to Cisco vManage occurs using a Proxy server providing an encrypted bi-directional communications path. The shared control, management, and orchestration plane across multiple tenants will reduce CapEx. Single pane of glass for management and operations of multiple tenants reduces OpEx and flexibility is increased with support for on-prem and cloud, API support and support for KVM and ESXi.​

The Cisco vManage User Interface (UI) has been updated providing a highly visualized and more intuitive user experience that simplifies network management and onboarding of SaaS, IaaS, and security for network operators with expanded pre-configured templates and guided step-by-step configuration.

In a previous release, we provided integrated Unified Communications on the Cisco SD-WAN platform – eliminating the need for a separate UC platform with the associated acquisition and support costs. In this release, we are offering further platform consolidation incorporating the 5G connectivity into Cisco SD-WAN Edge platforms with the new 5G Pluggable Interface Module (PIM) and Cisco mGig WAN module (NIM). ​This eliminates the need for a separate gateway. Manage up to 3.3Gbps of cellular edge routing in Cisco SD-WAN with direct internet access at the branch and connect to multicloud applications regardless of broadband availability.

In addition to all this news, look out for an exciting announcement next week on how Cisco will provide more customer choice and flexibility in expanding Cisco DNA Software capabilities.

Cisco continues to innovate to address the hybrid workplace transformation the world is undergoing. A secure, agile network has never been more important, and our solutions will help you enable a safe return to the workplace, secure work from home and anywhere access to multicloud applications.

Source: cisco.com

Continue reading

Plug & Play (PnP) enables faster onboarding of new offices

Most IT engineers can agree that device provisioning for new offices is tedious, time-consuming, and error-prone. Fortunately, our Cisco IT Customer Zero team—which tries out the latest Cisco solutions and integrations to prove value and share experiences—has discovered that it doesn’t need to be that way.

By leveraging the Plug & Play (PnP) capability in Cisco DNA Center, we’ve managed to slash provisioning time by over 50%, while improving the engineer/user experience, reducing configuration issues, and enhancing security.

Prior to PnP, provisioning new offices was tedious and error-prone

Before PnP, our process was manual and slow, with a high risk of producing errors. In the weeks before we set up a switch, engineers had to scour a 501-page playbook to find the right configuration for the device model and office size. They would then travel to the office and paste in the appropriate code snippets via the command-line interface (CLI).

During this process, engineers could easily type an incorrect character or miss a line/s of code. These types of mistakes were responsible for the vast majority of Day-1 problems. The process also required engineers to remain for Day-1 support.

PnP provides the ability to automate onboarding, eliminating errors and saving time

Today, Cisco DNA Center’s PnP capability allows us to onboard new sites much faster by automating the onboarding of devices and the configuration of underlay routing (Figure 1). Switches automatically connect to Cisco DNA Center and retrieve the correct template, based on their serial number and tags. Engineers no longer have to engage in the time-consuming activity of searching through the playbook for the right configuration. PnP also reduces the need to type command-line instructions and cut-and-paste blocks of code. We are now able to standardize our configuration with the use of templates and version control. Instead of using Microsoft Word or Excel spreadsheets, we can create templates that are used across multiple devices with the concept of variables allowing us to be adaptable to each device using templates and tags, saving time and ensuring compliance. Finally, with PnP, engineers no longer need to go on-site for Day-1 support.

Figure 1: Day-0 provisioning with PnP

PnP enables zero-touch device provisioning – ensuring simplicity, security, and consistency:

◉ Simplicity: When the device boots up for the first time, it automatically reaches out to the PnP Connect Cloud, then is redirected to Cisco DNA Center. From there, we can easily push the required Day-0 and Day-1 configs as well as the software images to the device—lowering the risk of an accidental input.

◉ Security: The device securely connects to the PnP cloud via https and is verified and redirected using its product ID and serial number.

◉ Consistency: This process enables a consistent workflow across all platforms— switches, routers, and wireless LAN controllers—regardless of the number of devices that need to be staged.

The Cisco IT Customer Zero team recently conducted a detailed value analysis to quantify the benefits of Cisco DNA Center PnP (Figure 2). Here is what the Customer Zero team found:

◉ Significant time savings: PnP cut the provisioning time of wireless controllers by 54 percent—from 130 minutes using the manual approach, to 60 minutes using Cisco DNA Center with PnP. Similarly, PnP reduced onboarding time for Cisco Catalyst 9300/9400 switches by 43 percent—from 180 minutes manually to 77 minutes with PnP.

◉ Enhanced NetOps experience: Because PnP does not require actual monitoring during device provisioning, only 45 percent of the provisioning process requires “active engineering time.” As a result, the experience is less tedious and stressful for network engineers.

◉ Better end-user experience: By automating initial provisioning and underlay routing configurations, PnP ensures faster site readiness and seamless user onboarding.

◉ Improved security: PnP enables end-to-end security, from Cisco DNA Center to network devices, from Day-0 to Day-N, with no physical access required.

Figure 2. Key findings: Cisco DNA Center Plug & Play benefits

The Cisco Customer Zero team is committed to exploring other ways that Cisco DNA Center PnP can further drive value by leveraging automation to fuel greater efficiency, better user experiences, and improved security. We are working towards initiatives such as configuration management across multiple Cisco DNA Centers and other automated use cases. Stay tuned…

Source: cisco.com

Continue reading

Monitoring your indoor IoT environment – Cisco DNA Spaces IoT Services

IoT Services Overview

Cisco DNA Spaces is the world’s most powerful location platform that uses existing Wi-Fi infrastructure to give actionable insights and drive business outcomes. Cisco DNA Spaces IoT services has been transforming how businesses measure and interact with their environment at scale. Cisco IoT services has brought hardware, software, and services together to digitize spatial data into actionable intelligence. Businesses are planning occupancy monitoring, air quality testing, contact tracing, and in-room presence use cases with Cisco DNA Spaces to prepare workspaces for a post-pandemic reopening. Enabling all these use cases require seamlessly consuming a ton of data and working with a plethora of devices. So how does an enterprise monitor the health of their IoT environment in an ocean of devices broadcasting data continuously? Enter, Cisco IoT Services Device Monitoring.

IoT Services Components

The key components of the solution are comprised of Cisco DNA Spaces IoT Services, Cisco Catalyst 9800 Series Wireless Controllers, Cisco Access Points, and our IoT Partner Ecosystem. The specific roles of each piece of the solution are described below:

All components in the IoT Services architecture communicate with their peers over a data channel to forward measurements and a control channel to pass actionable information. For example, in the network architecture below, Access Points communicate with the Connector over a gRPC data plane while it communicates with the Controller over a CAPWAP control plane.

Data Volume

The vastly scalable data plane enables DNA Spaces  IoT services to ingest and process humongous volumes of data. Partner device broadcasts are either time-driven or event-driven. Beacons, for example, can broadcast advertisements at an astonishingly high frequency while some telemetry devices can be triggered only when certain conditions are fulfilled. As a result, the per-device transmission rate varies widely from every 100ms to once in several days. On average IoT services process, more than 300 million messages per day, and data volume is increasing every day as more and more devices are being scanned.

Read More: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

Needle in a haystack

Analyzing the millions of packets consumed by IoT Gateways, DNA Spaces IoT Services Device monitoring identifies and predicts possible issues in the network’s IoT Infrastructure.

Device Monitoring

Network snapshot

IoT Services provides a snapshot to quickly identify if any Gateway is down in the environment. It also identifies the total number of transmitting IoT devices and how many devices are active currently. This quickly provides customers with an idea of how cluttered the BLE environment in the enterprise may be.

Battery monitoring

Unmonitored devices running out of battery is one of the primary causes of IoT network failures. It adversely affects almost all IoT use cases such as wayfinding, sensor telemetry. Devices advertising with high frequency or transmission power are particularly susceptible to battery drainage. Device monitoring provides a concise view of identifying devices that have critical or low battery life. It also provides information to locate the devices on a map so that network administrators can easily find the device and change its battery.

Active devices

The active devices count provides the number of devices the gateways have scanned in the last 5 mins. If there are too many active devices, it may indicate unmitigated rogue transmissions on the network. On the other hand, if there are too few active devices, it may indicate malfunctioning devices or data channel setup issues.

We are integrating more and more metrics to provide powerful insights into your IoT Network through device monitoring. In combination with network policies, device monitoring can truly transform IoT network management.

Source: cisco.com

Continue reading

Introducing the Cisco DNA Traffic Telemetry Appliance

Add-ons extend the latest technology to legacy systems, like how my old TV turned smart overnight with an additional streaming player. It is even better when the supplements work in cohesion with the primary products to deliver a seamless experience. Imagine if you could utilize the same remote to operate your TV and streaming player.

The Cisco Catalyst 9000 series wired and wireless devices enable enterprises to unlock newer network infrastructure possibilities. For instance, these platforms conduct deep packet inspection (DPI) and provide data streams for services such as the Cisco AI Endpoint Analytics and Application Assurance on the Cisco DNA Center. With Endpoint Analytics, customers are gaining unprecedented endpoint visibility, which is a crucial first step in implementing zero-trust security within the workplace and confidently deploying network segmentation without the risk of shutting down critical network services.

However, several organizations still have a portion of their network infrastructure that has not been migrated to the Cisco Catalyst 9000 series platforms. Those legacy infrastructures cannot perform the deep packet inspection required for advanced analytics. We are introducing the Cisco DNA Traffic Telemetry Appliance to bridge the gap between the new and existing deployments.

The IOS® XE-based telemetry sensor platform generates telemetry from mirrored IP network traffic from Switched Port Analyzer (SPAN) sessions of switches and wireless controllers. The appliance inspects thousands of protocols using the Network-Based Application Recognition (NBAR) technology to produce a telemetry stream for the Cisco DNA Center to perform analytics. The Cisco DNA Traffic Telemetry Appliance can handle 20-Gbps of sustained throughput traffic and inspect 40,000 endpoint sessions for device profiling.

Cisco DNA Traffic Telemetry Appliance serves two use cases: endpoint visibility and application assurance. The Cisco AI Endpoint Analytics service on the DNA Center analyzes the data received from the Telemetry Appliance to provide you with granular endpoint profiling details such as endpoint type, manufacturer, model, operating system, and others. The Cisco DNA Center also receives qualitative application performance metrics from the Telemetry Appliance and calculates application health data for business-critical applications. It analyses essential metrics such as delay, jitter, and packet loss to isolate and troubleshoot application performance issues efficiently.

Next time someone connects a TV to your network powered with the Cisco DNA Traffic Telemetry Appliance and the Cisco DNA Center, you will not only know the make, model, operating system, and other details about the endpoint. But you will also know if the user behind the device is accessing Netflix, YouTube, and other applications.  Remember, as you do this, you will also be operating both the legacy infrastructure and the new add-on appliance from a single controller, the Cisco DNA Center.

Continue reading