Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco.

Similar documents
Več kot SDN - SDA arhitektura v uporabniških omrežjih

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Cisco Software-Defined Access

Next Gen Enterprise Management and Operations with Cisco DNA

Problem: Traditional network management tools are limited and do not address network needs

Assure the Health of Your Network

Cisco SD-Access Hands-on Lab

Cisco Software Defined Access (SDA)

SD-Access Wireless: why would you care?

Software-Defined Access Wireless

Software-Defined Access Wireless

Software-Defined Access Wireless

Cisco SD-Access Building the Routed Underlay

DNA Automation Services Offerings

Networking in the Digital Era

Software-Defined Access 1.0

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco

Automating Enterprise Networks with Cisco DNA Center

Technologies for the future of Network Insight and Automation

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

Software-Defined Access 1.0

Cisco Software-Defined Access

Automatisierung im LAN Der Start in eine neue Ära des Networkings

Routing Underlay and NFV Automation with DNA Center

Identity Based Network Access

Tech Update Oktober Rene Andersen / Ib Hansen

Licenses & Networking for everybody: DNA

Cisco IWAN Application 2.2 on DNA Center, Quick Start Guide

Cisco ONE Software Overview. October 2017

Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для маршрутизации и коммутации.

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

IWAN APIC-EM Application Cisco Intelligent WAN

Cisco IWAN Application on DNA Center Quick Start Guide, Release 1.1 Patch 1, Limited Availability

P ART 3. Configuring the Infrastructure

SD-Access Wireless Design and Deployment Guide

Cisco ONE New Way Buying & Consuming Cisco NW Software! Thomas Latzer Enterprise Networking Lead Cisco Systems

Cisco DNA Center Migration to Release 1.2.5

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Distributed Branch Deployment Costs

Cisco Software-Defined Access

Cisco Wide Area Bonjour Solution Overview

Next generation branch with SD-WAN and NFV

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Simplify and automate your network with Cisco DNA

About Clients, on page 1 Monitor and Troubleshoot the Health of a Client Device, on page 10. Monitor and Troubleshoot the Health of All Client Devices

Delivering Enterprise SDN. Now. Simplify and Automate Your Network for Digital Transformation

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Cisco DNA Center Assurance and Analytics

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Cisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

Cisco Digital Network Architecture

Transforming the Network for the Digital Business

Cisco SD-WAN and DNA-C

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

DNA Assurance. Predict Network Failures Before They Become Issues

Cisco Digital Network Architecture Center User Guide, Release 1.1

Borderless Networks. Tom Schepers, Director Systems Engineering

Digital Network Architecture

Software-Defined Access Design Guide

Cisco DNA. Digital Network Architecture.

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Evolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800

Cisco SD-Access Policy Driven Manageability

Cisco Virtual Managed Services

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

CertKiller q

Compare Security Analytics Solutions

Assurance Features and Navigation

Services Summary. Deliverables. Location of Services. Services Assumptions & Exclusions. General Project Management

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Manage Your Inventory

Software-Defined Access Deployment Guide

Cisco Digital Network Architecture The Network Helps Enable Digital Business. Aleksandar Stepancev, EN PSS Balkan October 2016

Cisco APIC-EM Components and Architecture, page 3. About the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), page 1

Intent Driven Network Operations with AppFormix Advanced Analytics Platform. Joseph Li

Cisco Digital Network Architecture The Network Enables Digital Business. Rene Andersen Cisco DK

Software-Defined Access Deployment Guide

Cisco DNA Center FAQ

Get Started with Cisco DNA Center

Simplify and Automate Your Network with Cisco DNA. Brink Sanders Managing Director, Software and Network Transformation 12 May 2017

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Cisco ONE for Access Wireless

DNA Center: The evolution from traditional management to intent based automation and assurance

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Cisco ACI App Center. One Platform, Many Applications. Overview

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Troubleshooting with Network Analysis Module

2012 Cisco and/or its affiliates. All rights reserved. 1

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)

Simplifying the Branch Network

Data Collection and Background Tasks

Cisco SP Wi-Fi Solution Support, Optimize, Assurance, and Operate Services

Cisco ISR G2 Management Overview

Cisco Integrated Services Virtual Router

Cisco APIC-EM Network Path Visualization v1

New trends in IT. Network Functions Virtualization (NFV) & Software Defined-WAN

SDN+NFV Next Steps in the Journey

Transcription:

The image part with relationship ID rid2 was not found in the file. The image part with relationship ID rid2 was not found in the file. Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco. Денис Коденцев Инженер-консультант, CCIE

Новая эра сетей Cisco анонс 20 июня 2017 DNA Center Инновационное решение для внедрения и управления корпоративной сетью и сетевыми сервисами DNA Assurance & Analytics Анализ и проактивное обнаружение проблем Software-Defined Access Универсальная сетевая фабрика с динамической микросегментацией Enhanced Network as a Sensor Обнаружение вредоносного ПО в зашифрованном обмене (без расшифровки) Коммутаторы Catalyst 9000 Первые специально созданные в рамках DNA коммутаторы Лицензирование с поддержкой подписки Дополнительные сервисы от Cisco

Тратится на эксплуатацию $60B * сетевой инфраструктуры в год во всем мире (зарплата, инструментальные средства) Почему компании тратят настолько много? Рост трафика в 10x* к 2019 ИТ службы вынуждены поддерживать больше подключенных устройств (как пользовательских, так и других IoT как пример) ИТ службы вынуждены работать с большим числом уязвимостей и угроз безопасности

Корпоративные сети сегодня сложные WAN Remote VLAN B VLAN 1 VLAN 2 VLAN 3 HQ Branch A VLAN A Branch A VLAN B Управление множеством VLAN Работа с различными сетями Работа с множеством разных политик - LAN, WLAN, WAN, ЦОД Масштабирование увеличивает сложность эксплуатации 4

Cisco Digital Network Architecture DNA Overview Network-enabled Applications Principles Cloud Service Management Open APIs Developers Environment Automation Abstraction & Policy Control from Core to Edge Policy Orchestration DNA Center Analytics Network Data, Contextual Insights Insights & Experiences Automation & Assurance Open & Programmable Standards-Based SD-A, SD-WAN Virtualization& ENFV Physical & Virtual Infrastructure App Hosting Security & Compliance Cloud-enabled Software-delivered 5

DNA Center единый интерфейс для автоматизации и аналитики DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE DNA Center Identity Services Engine APIC-EM Network Data Platform Routers Switches Wireless Controllers Wireless APs

Зачем нам DNA-Center?

Что такое SD-Access? Основные понятия и терминология Identity Services Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes ISE B B Campus Fabric C DNA Controller Analytics Engine Fabric Wireless Controller Control-Plane Nodes DNA Controller Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context Identity Services External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition Analytics Engine External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status Control-Plane Nodes Map System that manages Endpoint to Device relationships Fabric Border Nodes A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Fabric Edge Nodes A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric Fabric Wireless Controller A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric 8

Зачем нам Software Defined Access? Is your Campus Network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network Segmentation (w/o implementing MPLS) Role-based Access Control (w/o end-to-end TrustSec) Common Policy for Wired and Wireless (w/o using multiple tools) Consistency Across Campus, WAN and Branch (w/o using multiple tools) With DNA SD-Access, you can overcome these challenges and provide your organization with the infrastructure required to meet your business objectives. Come to this session to get a look into the DNA SD-Access architecture, including a closer look at each of the technologies that bring this to life! J 9 9

Как устроен Cisco DNA-Center?

Автоматизация и аналитика DNA Архитектура API GUI API DNA-Center Design Provision Policy Assurance API Cisco ISE 2.3 Identity Services Engine API DNA Automation App Policy Infra Controller EN Module API DNA Assurance Network Data Platform NETCONF SNMP SSH AAA RADIUS EAPoL SDA Fabric HTTPS NetFlow Syslogs Cisco Switches Cisco Routers Cisco Wireless 11

Автоматизация полного цикла DNA Center DNA Automation Telemetry, alerts, violations Network inventory, topology, and configuration DNA Assurance Network and telemetry configuration Streaming telemetry & network data

Интеграция ISE и DNA Center Автоматизация политик и контроля доступа Cisco Identity Services Engine Authentication Authorization Policies Groups and Policies Campus Fabric PxGrid REST APIs Fabric Management Policy Authoring Workflows Cisco DNA Center 13

Корреляция и машинное обучение Ingest Network & Contextual Telemetry Process and Analyze Streams of Data Visualize and Act 0I000I 0I000I 0I000I II0I 0I I II0I 0I I II0I 0I 00I I 0I000I 00I 00I 0II0 II0I 0II0 I 0II0 0I0 I000I 0I0 I00 0I0 I00 I0II 0II0 I0II I0II II0I 000 0I0 I00 II0I 000 II0I 000 0I000I I0II 0I000I 0I000I II00 II0I 000 II00 II00 I0I0 0I000I I0I0 I0I0 0I0 000 II00 0I0 000 0I0 000 0II0 I0I0 0II0 0II0 0 II 0I0 0000 II 0 II III I 00I 0II0 III I 00I III I 00I 0I0 0 II 0I0 0I0 00I III I 00I 00I II0I 0I0 II0I II0I I0II 00I 00I I0II 00I I0II 00I 00II II0I 0I0I00II 0I0I 00II I0 0I0I 0 I0II II 00I I0 0 0I II I0 0 I00I 0I II 00II I00I 0I0I I00I 00II I0 000II 0I II 00II I00I 00II Phase 1 Phase 2 Phase 3 Data Processing Data cleaning Feature creation Data normalization & enrichment Baselining & trending Relationship modeling Complex Event Processing Behavior analysis Anomaly detection Pattern recognition Machine Learning Event clustering & correlation Prediction Natural language processing Recommendation Real-time visibility One click (drill down) root cause analysis

Анализ состояния каждого клиента сети Summary: Is the client connected and is the link connection good? Connected Throughput issues Link Error Wired Client Health Key Services DNS reachable Onboarding Port Up/down Yes/No Authenticated, IP Yes/No BRKCRS-2814 15

Потоковая телеметрия Расширенная телеметрия там и тогда, когда это требуется With streaming telemetry (FCS in July in the 16.6 train) we will support collection of many KPIs as close as possible to real time Подписка Programmable Interfaces Physical and virtual network infrastructure NETCONF RESTconf GNMI Interface YANG data model Open Native Open Native Configuration Device features BG P QoS ACL Operational SNMP Публикация Periodic or on change Structured data Priority subscriptions Customized to recipient XML or JSON encoding NETCONF or HTTP/2 transport Increased scale Reduced CPU and bandwidth consumption

Сбор контекстной информации ISE Notification of end user authentication and authorization (positive/negative) Notification on group-based policy being downloaded by devices End user identity and context pxgrid SGT bindings, Group based policies Telemetry SGT applied to port Policy Enforcement Status SGT Counters Access Policy Push Device level enforcement and changes Access policy application and changes Identity and end user information End to End visibility

Сбор контекстной информации IPAM Infoblox Grid Publish pxgrid Grid Subscribe Per Pool: - Network Block - Start / End Address - Lease Time - Addresses Assigned - Options Assigned RESTful API, SNMP General Information: - Pool Name or ID - Pool State (Enabled / Disabled) General Stats (per pool and per client device): - Any latency values - # Discovers - # Offers - # Requests - # ACKS - # Declines - # NAKs

Простота использования : Пример 1 Главная страница какие главные проблемы наблюдаются в вашей сети? Landing page tells you: Overall health of your network, clients, and applications Where in the world the most serious issues are happening Your top 10 issues and trends

Reliable scoring to assess client health in real-time Incorporation of diverse network data types Variety Accurate alerting for fast root cause analysis Velocity Live end-to-end visibility brings together multiple data sources at high volumes and speeds Volume Veracity

Простота использования : Пример 3 Мгновенное обнаружение причин проблем с SDA-фабрикой и/или политиками CTS 1 Quick visual of the fabric overlay tells you 2 where you might have issues Assurance-enabled path trace tells you where policies are failing

Как выглядит жизненный цикл сети с DNA-Center?

DNA Center - Design Setup Management & Underlay Reachability 1 1. Setup Sites, Buildings & Floors Organize your Regions, Cities & Buildings Import floorplans in CAD, PNG or JPG Virtual layout of Routers, Switches & APs 2. Setup Global & Site-Specific Settings Establish a common set of Global Servers Each Site inherits settings from level above Override Global settings with Site-Specific 3. Setup IP Address Pools or IPAM IP Address Management uses Site hierarchy Add or modify IP Pools manually You can also import from IPAM tools via APIs 4. Setup Wireless SSID Settings Manage Fabric Wireless WLANs per Site Associate the SSIDs with IP Pools Automated setup of the WLC & APs via APIs 23

DNA Center - Policy Setup VNs & EIGs and Policies 2 1. Setup Virtual Networks Add Scalable Groups to a Virtual Network A Default Virtual Network created automatically Option to add / remove new Virtual Networks Enables VN ID on SDA enabled Devices* 2. Setup Scalable Groups Option to import Groups from ISE (or AD) Option to create Groups via Static Mapping Enables SGT ID on SDA enabled Devices* 3. Manage Group Policies Groups provide native SGT based segmentation Intra-VN policies set to Default Permit or Deny Create simple To / From Group-Based Policies 4. Manage VN Policies * VNs provide native VRF network segmentation Inter-VN policies mapped to Firewall instances* * External Connect requires manual configuration. Automation planned for a later release. 24

DNA Center - Provision Setup Overlay Control & Data-Plane 3 1. Setup Fabric Domains Add Devices to one of the configured Sites A Default Fabric Domain created automatically Option to add / remove new Fabric Domains 2. Add Devices & Assign Roles Add SDA capable Devices to the Fabric Domain Designate 1+ Devices as Border and Control All other Devices are configured as an Edge 3. Setup Host Onboarding Add various IP Pools to the Fabric Domain Designate IP Pools for Wired or Wireless Define the Host Authentication and options Option to Static Assignment of Pools to Ports 4. Advanced Settings (Optional) Enable Multicast in the Fabric Domain 25

DNA Center - Assurance Real-Time Data-Collection & Event Correlation 4 1. Assurance Dashboard Network Health Scores (based on 360 Views) Graphical status view of Health and Alarms Track common Network Issues & Trends Universal search for elements of the Network 2. Device 360 Views Summary and Real-time Device statistics Track Issues and Trends of each Device View connected Neighbors, Clients & Apps 3. Client 360 Views Summary and Real-time Client statistics Track Issues and Trends of each Client Initiate Pathtrace per Client Application 4. Application 360 Views Summary and Real-time App statistics Track Issues and Trends of each App 26

Как насчет демонстрации?

А как же Cisco Enterprise NFV?

Ранее для ENFV нужны были 3 системы Enterprise Services Automation (ESA) Provisioning Profile to SN mapping SN, IP for host APIC-EM / Prime Infrastructure Day 0/1 config repository PnP Provisioning REST Office IP vswitch WAAS IPS NFVIS WAN ESA, PI и APIC-EM совместно работают при запуске филиала 2017 Cisco and/or its affiliates. All rights reserved. 29

теперь достаточно одной DNA-Center

в том числе и для Enterprise NFV

Подводя итог

Возможности DNA Center = Подписка DNA Software Cisco ONE Suites or Ala Carte Model ESSENTIALS Layer 2, Routed Access, Base Automation and Monitoring ADVANTAGE Full L3, Segmentation, Software Defined Access, ETA & Assurance Available for Current Catalyst 3K, 4K, 6K and Next Generation Catalyst 9K Series Cisco ONE Suite Essentials Includes ISE Base Ongoing Innovation License Portability Software Support Included OpEx Preference Lower Entry Costs 33

Что Вам понадобится: Упрощенный вид DNA Center Console ISE Console ПО ISE Base & Plus & StealthWatch DNA License Network/OS License Включено в Cisco ONE Advantage Поставляется с устройством Сервер DNA Center, ISE, StealthWatch Сеть Switches, Access Points, Routers

Спасибо! Вопросы?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback