Managing a safer return to work with Cisco DNA Spaces — An early report

As pandemic restrictions ease, we’re working to manage a safer return to the office. Our strategy includes monitoring workspace density. If people are maintaining the recommended distance, we’ll consider inviting more people back. If not, we’ll pause.

This blog is an update to the initial plans I shared in Helping to keep employees safe by measuring workspace density with Cisco DNA Spaces. As I write this, we’re using Cisco DNA Spaces to monitor workplace density in 20 Cisco offices, including several in Asia Pacific and Europe. Here are our experiences after the first few months, and what’s ahead.

Counts are accurate

Before using Cisco DNA Spaces to monitor workspace density, we needed to confirm that most people in our buildings connect at least one device—phone, tablet, or laptop. In the first offices to open, Seoul and Beijing, we assigned people to count the number of people entering and exiting each floor lobby. The count closely matched the Cisco DNA Spaces count, giving us the confidence to move ahead.

To make sure we don’t count one person with a connected laptop, tablet, and phone as three people, Cisco DNA Spaces groups all devices that log in with the same username. Privacy is a top priority at Cisco, so we don’t capture or store the username. Instead it shows up as a string of random characters (a hash) that can’t be mapped back to a person.

Grouping devices by username was one of our suggestions as “Customer Zero.” While we’re not the first company to use Cisco DNA Spaces, we are the first to use it to monitor workspace density to plan a safer return to work. As Customer Zero we’re giving the DNA Spaces product team our feedback as a customer so they can continually improve the product. We’re also sharing our experiences with other customers, as I’m doing here, to help them get the most value from their own deployments.

More accurate than the access-control system

Before the pandemic, our Workplace Resources (WPR) team estimated building occupancy based on data from the access-control system. But badge-in data has limitations for measuring workplace density. One problem: it doesn’t report when people exit the building. If 500 people enter a building throughout the day, at 4:30 p.m. there could be 500 people (dense)—or 100 (less dense). Another drawback of badge data is that readers typically are only at the building entrance—not on each floor. We don’t know if everyone is on one floor or they’re spread out across all floors.

Cisco DNA Spaces solves both problems. We can see how many people are present right now. And we can also see which floor people are on. We can even divide floors into zones, measuring density by zone.

What if people are too close?

The sooner we find out that too many people are in a particular zone, the sooner we can take action to get back to target density. Using the DNA Spaces Right Now app, we entered rules—for example, no more than 20 people in building 14, floor 1, zone A. if that rule is broken, the app sends an alert to the specified teams—via email, in a Webex Teams space, or another system. Our WPR team prefers Webex Teams alerts so they don’t have to worry about missing an email.

Beyond density measuring

During the pandemic our WPR team is cleaning surfaces more frequently. They can see which areas are the most heavily trafficked (and need more frequent cleaning) by checking the Right Now app. Some of our other ideas:

◉ Show floor occupancy to employees to help them decide when and where to work. We plan to integrate Cisco DNA Spaces with digital signage and our employee self-check app for COVID-19 symptoms, Cisco Office Pass. Employees will see historical occupancy of different areas of the building at different times. (You might have seen this on store and hospital ER websites). We’ll use Cisco DNA Spaces Firehose API to integrate with digital signage and the mobile app.

◉ Bring more kinds of sensor data into Cisco DNA Spaces, such as Cisco Meraki door intrusion sensors and cameras.

◉ Report the location of things as well as people. We could track expensive engineering and test equipment, for example, and alert security staff when wireless devices leave the building with someone other than their registered owner.

◉ Provide wayfinding (aka blue-dot navigation) on a mobile app. We’re already trying this out in the Cisco LifeConnections Health Center.

◉ Improve safety during disasters. When a building is evacuated, we can check if any devices remain connected to Wi-Fi. We’re thinking that employees who want to associate their name with their location will be able to opt in.

Lesson learned: check if building maps are accurate

Here’s a lesson learned from our experience as Customer Zero. Be sure to double-check access point locations, height, and orientation on building maps before uploading the maps to DNA Spaces. In our case, inaccurate building maps complicated deployment for the first few buildings. The maps had “drifted” over time as building layouts changed and access points were installed and moved. If an access point isn’t where you think it is, the reported location of devices connected to that access point won’t be accurate.

Continue reading

Using the New Cisco SD-WAN SDK

What is a Software Development Kit (SDK)?

Put simply this is a set of tools, libraries, and documentation to simplify interacting with a REST API. The Cisco SD-WAN Python SDK is a Python-based SDK for Cisco vManage. The SDK is intended for anybody interested in automating the configuration and operation of Cisco SD-WAN deployments using Python.

What can you do with the SDK? 

The SDK enables configuration and operations of Cisco vManage via Python-based API bindings. In a traditional SD-WAN deployment, nearly all management of the SD-WAN control plane and overlay of VPNs and edge devices is done via the Cisco vManage GUI. The SDK allows automation of vManage via Python without any GUI interaction. The following examples illustrate some of the benefits of interacting with Cisco vManage programmatically.

◉ Integration with other platforms
◉ Basic management of policy or device/feature templates
◉ Backup/restore
◉ CI/CD

So, let’s get started:

Installing the Cisco SD-WAN SDK

The Cisco SD-WAN SDK is available via PyPI, so all that is required is “pip install”. It is also recommended to use a virtual environment. 

You are now able to use the SDK. The SDK has a great help function built-in too, just in case you find yourself stuck. 

Using the Cisco SD-WAN SDK

In this example, we can use the Always-On DevNet SD-WAN Sandbox. First we set credentials as environment variables from the sandbox supplying valid values for the following variables: 

Next, open your python shell, in this example, I am using python. Create an authentication object and call the login function. Once you are authenticated to Cisco vManage, make API calls by creating an instance of the API object you are interested in (e.g. Device, Settings, Local Policy, etc.) and calling the functions from that object. The example below retrieves a list of all devices on the DevNet SD-WAN sandbox. 

Source Code 

You can also get the source code, as the SDK is developed as a community project on GitHub. To get the source code go to DevNet Code Exchange.You can then install the package to your environment for development purposes: 

Continue reading

Securing Remote and Mobile Workers the Webex Way

In this unprecedented time where remote work has expanded and become the norm – Webex continues to innovate to give our customers the tools they need to keep their remote workers secure – whether they’re on the go on their personal mobile devices or safely working from home using company managed devices.

New Mobile Security and Granular Controls

Mobile Webex IT Administrators have been clamoring for more granular policy enforcement tools and also more integrations with their existing tool sets. To solve for both of these, Webex now has integration with Microsoft Intune Mobile Application management, including:

◉ Passcode/Touch ID

◉ Document sharing

◉ Preventing application backup

◉ Disabling screen capture

◉ Enforcing Application Encryption

◉ Disabling Copy and Paste

◉ Remote Application Wipe

And for those customers who aren’t using Intune, Webex allows them to secure the Webex mobile apps by self-wrapping it with their preferred Mobile Application Management solution SDK by providing app binaries.

In addition, Webex now supports AppConfig – the industry standard for Mobile Application Management. Customers can deploy several policies like disable copy and paste across virtually any MDM solution.

Finally, Webex is continuing to augment native Control Hub Mobile Application Management controls and just released a capability to block message notifications on mobile screens to prevent against data loss on unattended devices.

Securing Your Remote Workforce with Granular Tools 

Another capability that we’ve added blocking file share for groups. For instance, you may have a group of contractors in your company and you don’t want to run the risk of your contractors sharing sensitive data files from their desktop – so now you set up policies for groups from sharing their files – based on their group classification in your active directory. Using Cisco Directory Connector – Webex administrators can get group information directly from their active directories – directly from the Webex Control Hub. They can set up groups of people – like contractors vs. employees; investment bankers vs. retail bankers; or groups of those who provide patient care vs. those in financial administration.

Figure 1 – Active Directory groups in Webex Control Hub

Without having to back to their active directories – Webex admins can:

◉ View all active directory groups

◉ Search for a specific active directory group

◉ View all members in an active directory group

◉ View group attributes like usage, type, owner and number of members

Webex Control Hub gets this information by syncing with the customer’s active directory. And customers can choose how frequently they sync and when and what to sync. This is such a streamlined workflow for customers who are accustomed to having to sync by individual user. And we’ll be adding new security controls based on Active Directory groups in the future.

Additionally, Webex Admins can:

◉ Control file upload control or file upload and download control

◉ Only allow people to upload when they are on the corporate VPN network

◉ Define their network location by IP range and IP addresses – and they can enable file sharing restrictions based on those addresses & ranges

New Webex Space Classifications

Webex space classifications can help enable companies to safeguard content by labeling spaces and then having 100 characters of explainer text for each.

Figure 2 – Webex Teams space classifications

Webex administrators can set up any five labels that they want within Control Hub.  Many companies will elect to set their policies around security – for instance:

◉ Public

◉ Private

◉ Confidential

◉ Highly confidential

◉ Restricted

And then the creator of the space would label and add up to 100 characters of explainer text for each space he or she creates.

Additionally, Webex administrators can build data loss prevention policies in their Cloud Access Security Broker – using the APIs that Webex provides – for instance – they could prohibit file uploads in a space that’s classified as “Top Secret.”  Or they can set up policies for when users collaborate with someone outside of their company – and those external users will get an alert that the space they are entering has a classification.

Users also have the ability to elevate the space classification – but they can’t lower the space classification. For instance, if someone in a space starts introducing confidential information in a public space, the creator or space owner could change that space classification to “confidential.”

Unparalleled Security for Remote Work

Whether it’s the ability to secure mobile devices so users can safely use Webex on the go, or granular tools to prevent data leakage – Cisco has unparalleled security to secure your remote work force.

Continue reading

Introducing Stealthwatch product updates for enhanced network detection and response

We are very excited to announce new features of Cisco Stealthwatch! With release 7.3.0, we are announcing significant enhancements for the Stealthwatch Administrator and the Security Analyst to detect and respond to threats faster and manage the tool more efficiently.

Automated Response updates

Release 7.3, introduces automated response capabilities to Stealthwatch, giving you new methods to share and respond to alarms through improvements to the Response Management module, and through SecureX threat response integration enhancements.

New methods for sharing and responding to alarms

Stealthwatch’s Response Management module has been moved to the web-based UI and modernized to facilitate data-sharing with 3rd party event gathering and ticketing systems. Streamline remediation operations and accelerate containment through numerous new ways to share and respond to alarms through a range of customizable action and rule options. New response actions include:

◉ Webhooks to enhance data-sharing with third-party tools that will provide unparalleled response management flexibility and save time

◉ The ability to specify which malware detections to send to SecureX threat response as well as associated response actions to accelerate incident investigation and remediation efforts

◉ The ability to automate limiting a compromised device’s network access when a detection occurs through customizable quarantine policies that leverage Cisco’s Identity Services Engine (ISE) and Adaptive Network Control (ANC)

Figure 1. Modernized Response Management module with new response action options

SecureX threat response integration enhancements

Get granular and be specific with flexible rule configurations that provide the ability to:

◉ Define which alarms from Stealthwatch are shared with SecureX threat response

◉ Base shared alarms off multiple parameters, such as alarm severity, alarm type, and host group

◉ Share alarms from mission critical services with the ability to define incident confidence levels, how target objects are formed, and rule conditions based off targets created for internal or external hosts

Figure 2. Customize which alarms are sent to SecureX threat response by severity

SecureX platform integration enhancements

Cisco’s SecureX platform unifies visibility, centralizes alerts, and enables automation across your entire security infrastructure on a single dashboard. Maximize operational efficiency, eliminate repetitive tasks, simplify business processes, and reduce human errors by:

1. Automating responses with pre-built workflows through SecureX’s orchestration capabilities

2. Creating playbooks with all your integrated security tools through SecureX’s intuitive interface

Figure 3. SecureX’s pre-built workflows and customizable playbooks

Enhanced security analytics

As threats continue to evolve, so do the analytical capabilities of Stealthwatch to deliver fast and high-fidelity threat detections. The cloud-based machine learning engine (Cognitive Intelligence) has been updated to include:

◉ New confirmed detections

◉ New machine learning classifiers for anomalous TLS fingerprint, URL superforest, and content spoofing detections

◉ Smart alert fusion in the new user interface (currently available in beta)

◉ New Stealthwatch use cases including Remote Access Trojan and Emotet malware detections

Figure 4. An example of the new content spoofing detector classifier in action.

Figure 5. Stealthwatch’s new GUI with smart alert fusion.

Easier management

Web UI improvements

Don’t let the setup process slow you down! Optimize installation with web UI enhancements that reduce deployment time and support full configuration of (both?) the appliance and vital services before the first reboot to save time.

Flow Sensor versatility and visibility enhancements

Get visibility into more places than ever before through ERSPAN (Encapsulated Remote Switch Port Analyzer) support now added to Flow Sensors. Benefits include:

◉ Visibility improvements through the ability to see within VMware’s NSX-T data centers to facilitate Flow Sensor deployment and network configuration

◉ Removed requirement of direct physical connectivity

◉ ACI traffic monitoring from Spine and Leaf nodes

Continue reading

Teleworker Solution Using OEAP on Catalyst 9800 WLC

As knowledge workers continue to work remotely, work from home has rapidly escalated from one of many remote work options to “the remote work option”. For Network Administrators, this means enabling employees with the basics –  laptops and corporate network connectivity, and optimizing application delivery despite unpredictable network performance due to bandwidth contention and latency. This can also result in increased tech support calls from the end-user complaining about the VPN connectivity and poor network performance.

Cisco’s OfficeExtend Access Point (OEAP) allows a Network Administrator to extend the secure, scalable, and manageable corporate WLAN across the internet to the Teleworker’s (employee’s) home. This allows the Teleworker to securely connect back to the private network from their home simply using their regular wireless profile and not having to set up a VPN or other type of remote access.  Remote users will be able to connect, have access to corporate resources, and “feel” just like they are connected to the wireless network at the corporate office.

The ease of work from home for employees should not come at a cost of increased administrative load and pre-configuration of access points for network admins. To address this, Cisco’s Office Extend feature makes the remote work option seamless for employees as well as for network administrators using zero-touch deployment.

The simple architecture of OfficeExtend consists of the remote site and corporate office components. The remote site is the home network of the Teleworker and consists of a home router and Cisco’s OfficeExtend Access Point. The Office component consists of Cisco PnP cloud and Catalyst 9800 Wireless LAN Controller.

Cisco OfficeExtend architecture.

How does it work?

Cisco’s Teleworker Solution using OfficeExtend AP focuses on zero-touch deployment and significantly reduces the extra efforts of employee-specific access point configuration. The network administrator does not have to preconfigure the access points and it can be directly shipped to the Teleworker’s home with no configuration. Teleworker will just need to power up the Cisco AP and connect it behind the home router. The AP will boot, connect to the corporate Wireless LAN Controller (WLC), and will start broadcasting the corporate wireless network at the Teleworker’s home.

Admins can use Cisco’s Network Plug and Play (PnP) to provision the AP’s. On the PnP cloud, admins will have the profiles defined for AP’s based on the AP serial number. The controller profile has information about the primary and secondary IP address of the corporate WLC. The admin can simply import the AP serial numbers using a CSV file and assign them a controller profile.

Workflow for Cisco Teleworker Solution using OfficeExtend AP.

Let’s explore the workflow in detail. After initial boot up, the AP will get the IP address from the home router and connect to the PnP cloud at software.cisco.com. When the PnP cloud receives redirection requests from the AP, it will check for the serial number, assign controller profile, and send the details of corporate wireless controller’s IP address to the AP.  The AP will then use this IP address to form a secure CAPWAP tunnel with the corporate WLC.

Once the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel is formed, the AP will download the latest available software and all the advanced configurations from the corporate WLC. After the AP joins the controller as OEAP it will start broadcasting the corporate wireless network at the Teleworker’s home. The teleworker now can connect to this wireless network using secure enterprise authentication, and access the corporate resources and the internet. To make sure that unauthorized AP’s should not join the corporate WLC, the admin can enable the AP authentication on WLC.

What are the Added Advantages of OfficeExtend AP over VPN?

The OfficeExtend establishes a secure Datagram Transport Layer Security (DTLS) connection between the access point and the controller. With simple onboarding, the end-user does not need to install any VPN software and can connect multiple devices to the corporate network. Having corporate SSID broadcasted at home makes it easy to connect and eliminates the need to ever sign on to a VPN.

Advantages of OfficeExtend AP over VPN.

How does the Teleworker Solution Benefits Network Admin and Teleworker?

Teleworker:

Cisco OfficeExtend AP provides the highest level of security and enables the deployments of additional hardware such as Cisco IP phones. This effectively creates a small office for the employee giving them all the access they will expect while at the office. In addition, the solution allows spouses and children to access the Internet, using custom personal SSID, without introducing additional security risks to corporate policy.

Network Administrators:

By using the same management, operations, and infrastructure as the corporate WLAN, the OfficeExtend solution simplifies the process of extending real-time, high-performance network services to remote locations. Network admins have more control and visibility which helps in troubleshooting any connectivity issues from the Teleworker side and gives them the ability to differentiate issues between ISP versus corporate. Admins do not have to define new security policies and the existing Cisco TrustSec policies can be extended to have a more secure network.

Recommended Products for Teleworker Solution on IOS XE Software 17.3.1 release:

Teleworker Solution on IOS XE Software 17.3.1

Continue reading

Cisco User Defined Network: Defining the Boundaries of Your Network

Networks are the roadways that connect and allow communication to occur between our devices. We take several aspects of our home network for granted. On our home networks, we can have smartphones, personal computers, smart TVs, smart internet-connected video playback devices (i.e., Apple TV and Google Chromecast), and much more. And there’s something unique that our personal home network allows us to do with these devices. It builds routes — paths for data to communicate amongst the various devices — and only amongst the devices on that network. Pretty simple, user-friendly, and convenient stuff, right?

Let’s discuss a specific use case: sharing content from an iPhone to an Apple TV. If we want to share content from an iPhone to an Apple TV, it starts by simply clicking on the AirPlay icon on an iPhone; which allows us to view the Apple TV that may be on our network. This is because our private home network realizes which devices are connected to it, and it is maintaining that information in cache, allowing for quick streaming access from the iPhone to the Apple TV. At home, with just one SSID — of course, you may have more in your particular setup, for example, an additional Guest SSID, but let’s assume we only have one for our scenario — we have simplicity because we’re able to see and utilize the particular link-local-multicast-based protocols (like mDNS based AirPlay) that the smart-devices allow. We can use these services securely and seamlessly on our private network.

That means a neighbor cannot cast to the Apple TV that resides on my personal network from her iPhone unless she joins my home network. Amazing right? And that’s how it should work. Our home network is where we get to define who gets to utilize the functionalities that our smart devices offer.

But now let’s take that same use case and place it into a different setting: we have a university student named Eddy, living at the campus dormitory at his university, with multiple smart devices, including an iPhone, MacBook, Apple TV, gaming console, printer, and more. Just like Eddy, there are many other students in the dormitory that also have smart devices. But there’s only one SSID for Eddy and all the other students to connect to; and all of Eddy’s smart devices (and also those of others) are all connected to the same SSID. Which is fine. Everyone gets to have routes to the internet and can stream content.

So far, so good. But there’s a caveat now. When Eddy tries to AirPlay from his iPhone, not only does he see his own Apple TV, but he also sees all the other Apple TVs connected to his dormitory’s SSID (see Figure 1). He can cast content to his, or any of the other Apple TVs on the network. This can be a problem as there is no ability to control who uses whose personal devices.

Figure 1: Multiple AirPlay sources available for use on a large network.

This is where Cisco User Defined Network (UDN) comes into the picture. With the Cisco UDN solution, networks (even those with the largest pools of devices within the same SSID) can be segmented into smaller, defined networks that allow for users to privatize their smart-device use. For example, in terms of a university dormitory, we can segment the network, so each student is only allowed to use mDNS services amongst their own devices. This way, Eddy’s next-door roommate Mary won’t be able to cast to his Apple TV, and in turn, Eddy won’t be able to cast to hers—while all being connected to the same SSID! Each student will have their own private network, their own unique UDN (see Figure 2). But that’s not all. With the Cisco UDN solution, additional privileges can be assigned so others can use someone else’s smart devices as guest users—which we will discuss later in this blog. It is truly a smart method to privatize and secure your personal set of smart devices on a large enterprise network.

Figure 2: University dormitory network with multiple users.

Your Network, Defined by You

Cisco User Defined Network allows for the segmentation of a large network into smaller pieces, providing for a similar experience to that of a private home network. Cisco User Defined Network’s main intent is the ability to privatize and secure any individual’s set of devices, within a large, centrally switched network.

Privatize

With Cisco UDN, Eddy (see Figure 2) is the only person who has access to his devices. Therefore, Mary and John will not even be able to view the particular devices that Eddy possesses. If for example, they try using an mDNS service, they will be restricted to being able to view and use only the devices on their personal UDN. Now, Eddy can be at peace in knowing that no one will accidentally (or intentionally) try to cast or share content to his devices without his permission. He has created a private network around his set of devices.

Secure

With the ability to be private comes the benefit of security. As Mary cannot share content with Eddy’s devices (without his consent), he has the additional peace of mind of security. This of course, is in addition to the standard security measures taken by the dormitory’s network!

Getting Started

From a user perspective, the only aspect that is required for the Cisco User Defined Network is the Cisco UDN mobile app, and some information from the smart devices that are to be onboarded onto the network (see Table 1). The solution is built with simplicity in mind. Device on-boarding can happen without even being on the network on which the UDN will reside! In our university example, Eddy can onboard his devices to his university’s network and have his UDN created before he even arrives to the location.

*In most cases, the MAC address information will not be required, as the Cisco User Defined Network mobile app will be able to retrieve this information by scanning the home network on which the smart device resides.

The Onboarding Process

The user will download the Cisco UDN app on their smartphone or tablet, and from there will be able to log into the application using the credentials provided to them from their organization’s network administration team. For example, upon signing into the mobile app, Eddy will have the ability to on-board devices using multiple methods: (1) scanning the network for all the devices connected to the network and selecting which ones he would like to onboard or (2) manually adding the information for the device(s) he’d like to onboard by either doing a camera scan for the MAC addresses or by physically entering the MAC address of the device(s) into the Cisco UDN app.

Device Sharing with Guests

Not only can we utilize and use the personal devices we have allocated within our created User Defined Network, but we also have the ability to invite guests and provide access to others to utilize the devices on our personal UDN. This is also done through the Cisco UDN mobile app.

Let us assume that Eddy and John are friends and would like to play video games together on their gaming console. Or let’s say that John has a smart speaker and wants to bring it to Eddy’s dorm and allow for Eddy to also be able to cast music from his personal phone to that speaker. Eddy can invite John to his personal UDN, allowing John the ability to use the devices on Eddy’s UDN. And once John leaves Eddy’s room, Eddy can then remove John from his UDN with just a touch of a button—reclaiming control of his devices. Which is awesome!

Monitor and Control

Not only can devices and guests be added to a specific UDN using the Cisco UDN mobile app, but monitoring and maintenance of the UDN is also a great functionality allowed through the Cisco UDN app. A user can view all the devices on their UDN, see their information, add more devices, reclaim the devices that may be on a different UDN, and remove devices that they don’t want on the UDN as well. With Cisco’s User Defined Network, the privatization, security, and control of one’s own network has never been easier.

Continue reading

Why You Should Renew Your Cisco DNA Software Subscription for Access

As Cisco releases new enterprise networking devices, such as switches, routers, and wireless solutions, you can always count on us to be on the cutting-edge of technology. Capabilities are steadily increasing and improving, and, in today’s devices, this is made possible through software. In the past, devices were mostly static, meaning that the capabilities were built into the hardware where they live and die with the device. Our current Cisco DNA solutions, like our Catalyst 9000 series switches, are completely software-defined, with innovative features in security, policy, assurance, and ease of use. These new features rely on two software components: The software stack which resides on the device, and the software within the network controller which is the orchestrator for the intelligence of today’s intent-based networks.

Why do we need software-defined devices? Networks are becoming more complex as people are connecting through many different applications in the cloud. Let’s look at the healthcare field as an example. Internet of Things (IoT) in healthcare is about using networking technologies to connect life-saving medical devices and applications, which enables machine-to-machine communication and connection, to the cloud. Delivering an intelligent zero-trust network for these many IoT devices requires a combination of software capabilities on network devices, as well as centralized intelligence on the network controller software to see the big picture. As networking demands increase and trends in technology change, Cisco delivers upgrades via software subscriptions in order to keep our devices on the cutting-edge of technology.

There are 2 main reasons why you should renew your subscriptions:

1. Software support. In the past, software support was delivered in its own subscription contract. With Cisco DNA software, SWSS (Software Support Service) is embedded in the subscription stack. You receive our innovative features and support for these features in one contract.

2. Increase the longevity of your hardware with access to innovation. We are able to deliver the latest features and capabilities to you through our software subscriptions at no additional cost to you.

Cisco DNA Software is available in 3 tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier, which offer flexible options for our customers, depending on the complexity of their enterprise network. When we talk about the benefits of software subscriptions, access to innovation is usually at the top of the list. Here at Cisco, this continuous access to innovation is not just an empty claim; let’s show you what we mean. Below you’ll find a series of tables for the features we’ve added to Cisco DNA software, since our launch of Cisco DNA Software subscriptions in 2017.

Let’s start with 2018. Here is a list of features that we added to our Cisco DNA software tiers. If you were a Cisco DNA customer in 2017, you received these features at no additional cost to you:

Cisco DNA Software Features 2018.

Remember, Cisco DNA software subscriptions are nested, so all features in Cisco DNA Essentials are in Cisco DNA Advantage, and all features in Cisco DNA Advantage are in Cisco DNA Premier.

In 2019, we added these additional features and benefits, with no additional cost to you:

Cisco DNA Software Features 2019 Set A.

Cisco DNA Software Features 2019 Set B.

Cisco DNA Software Features 2019 Set C.

Cisco DNA Software Features 2019 Set D.

And then again in 2020 we added the following at no additional cost to you:

Cisco DNA Software Features 2020 Set A.

Cisco DNA Software Features 2020 Set B.

If you were a customer of Cisco DNA software subscriptions back in 2017, you would have received all of these features above on top of the original feature set. We will continue to add more features in 2020 and beyond. We are constantly innovating Cisco DNA software and Cisco DNA Center to keep your network and devices at the forefront of the newest technology.

Continue reading