The agility of a business organization network determines the business agility. Network solutions nowadays provide intent based networking systems which are constantly learning, adapting, and using contextual insight into a network which continuously responds to dynamic IT and business requirements. One such software is Cisco DNA which is an open, software driven architecture which provides the policy, automation, and analytics required to adapt to change, simplify, and scale up operations, protection against threats etc.
We will learn more in detail about Cisco Digital network Architecture (DNA), its features and design principles, use cases etc.
Cisco Digital Network Architecture (DNA)
Cisco DNA presents an architecture representing how network infrastructure can be designed in a way that the network can adopt in a quick manner to meet growing requirements of the organization. The Cisco DNA architecture is based on the below principles on which solution model for designing modern network infrastructure (Design, implement and management) is built:
Design Principle # 1 Security everywhere
Security is an essential part of any IT environment. With increasing attacks of ransom ware, a secure network is very critical to ensure security of data and uninterrupted operations throughout the organization. Using a network as a sensor and enforcer the network infrastructure can support in analysis of threats and risks.
Design Principle # 2 Virtualization
Data plane is segregated from control plane. What if we could virtualized network functions in such a way that software defines what role hardware has without impacting the performance. Network component can fulfil multiple network functions be it switch, firewall, router or any other network function which is invented. Based on these all-network functions are virtualized.
Design Principle # 3 Designed for automation
Designing networks in such a way that automation can take place as automation is key to standardization, delivery of changes across the entire infrastructure.
Design Principle # 4 Cloud service management
Cloud applications demand high availability and capacity. By using cloud network services and policies can be provisioned centrally.
Design Principle # 5 Pervasive analytics
Machine intelligence, big data and analysis of micro flow help with prediction of failures in the network well in advance. Problem or performance behaviour can be predicted in a proactive manner.
Design Principle # 6 DNA ready infrastructure
At the bottom of the infrastructure layer which consists of all network components such as routers, switches, firewalls, wireless controllers etc. irrespective of equipment is physical or virtual. The features of DNA (faster delivery of services, detection of problems and increased flexibility) can be achieved only if network devices are also DNA aware.
Cisco DNA Features
It acts like an intuitive and control centre as its core is intent based network, providing a centralized management dashboard of controller-based automation, network wide assurance and open platform extensibility
- Policy – Network policies which govern the functionality of the network and continuous alignment to fulfil the intent. It facilitates segmentation and automation of user access policies by converting previously separated wired, wireless and IoT environments into one unified fabric. Translation of policies to configurations required by different types, makes, model, operating systems, roles and resources constraints of network devices.
- Automation – designing, provisioning, and configuration management is simplified via a centralized dashboard. It supports discovery of inventory, simplify new device deployment thru plug and play and zero touch provisioning functions, automatically monitors and manages software updates and patches to help to ensure end to end consistency across the network.
- Analytics – Network assurance is improved with rich contextual visibility and monitoring, network wide to make sure that network is performing at its optimal level and as per business goals. Complete network status can be viewed at a glance on a single screen, reduces noise and false positives and accurately identifies significant issues.
- Security – segmentation of network to reduce risk, containing threats, prevent lateral movement of malware, and isolation of infected network endpoints are some of key features. Enables the network to serve as an advanced security scanner for detecting threats even in encrypted traffic, provides network visibility and security analytics to detect and contain threats in rapid manner, enables test and simple segmentation as part of SD-Access solution to control network wide access, enforcement of security policies to meet compliance requirements. Zero trust security is extended throughout the enterprise network by limiting access to sensitive data and critical applications to authorized users only.
- Open Platform – 360-degree extensibility to enable easy data and intelligence exchange with external applications and systems.