Next Gen Enterprise Management and Operations with Cisco DNA

Next Gen Enterprise Management and Operations with Cisco DNA Ramit Kanda Director PM, Enterprise Network Transformation Prakash Rajamani Director PM, Enterprise Network Transformation BRKNMS 1601

Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, 2017. cs.co/ciscolivebot#brknms-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda Challenges of Going Digital DNA led Network Transformation Day 0 Network Automation Automation with Intent based Policy Day N Monitoring and Assurance Conclusion 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Enterprise Trends driving Digital Transformation 3.64 Devices per Person Advanced Persistent Threats 100K Devices per Admin Mobility Cloud Mobile world requires access to everything everywhere Agility and New Consumption Models 7.5B Things Connected Unmanned devices growing at rapid pace IoT BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

Traditional Networking is complex and cannot meet the demands of a Digital Network WAN Remote VLAN 2 ACL 1 ACL 2 VLAN 1 VLAN 2 VLAN 3 HQ Branch A ACL 2 ACL 3 VLAN 1 VLAN 3 Branch A Setting Up End-End Security Users, Device and IOT Segmentation Enabling Seamless Mobility Secure Connectivity to the Cloud BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

The Cost of Doing Business in the Digital World * Why are companies spending so much? 95% 70% 75% Network Changes Performed Manually Policy Violations Due to Human Error OpEx Spent on Network Changes & Troubleshooting *McKinsey study conducted for Cisco in 2016 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

New Requirements for a Digital Network Security Mobility IoT Cloud Reduce Attack Surface with Segmentation Rapid Automated Threat Containment Consistent Policy for Wired and Wireless Simplified Guest and Mobility Workflows Extend Trust Domain to Building Edge Scalable Device Classification and Policy Controller-based Automation at Cloud Scale Analytics-based Assurance Reduced Network Complexity and Increased Scale BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

Why Existing Tools Not Work Traditional Management Tools Digital Network Ready Management Device/Network Centric Network and its Eco System Feature Configuration Intent and Workflow Based Monolithic and Centralized Distributed and Cloud Scale Network Monitoring Analytics and Insights DNA Network Needs a Platform that Enable Digital Transformation BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

DNA Led Network Transformation

Digital Network Architecture (DNA) DNA Software Capabilities Cloud Service Management Automation Analytics Virtualization DNA-Ready Physical and Virtual infrastructure Automation & Assurance Security & Compliance Insights & Actions Security BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

Introducing DNA Center Policy-Based Network Automation Fabric Network Assurance Simplify Day 0 to Day N Changes Business Intent driven Network Changes Monitoring and Troubleshooting Industry Best-Practices and Policy Compliance Decouple Policy from Network Topology Proactive Issue Identification and Resolution BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

DNA Center: Design, Policy, Provision, Assurance A better way to manage your network Logical workflow to design, provision, set policy Respond to changes faster Monitor end-to-end network performance Predict and act on problems before they happen Pinpoint problems faster Reduce downtime with an end-to-end view instead of hop by hop Manage hardware and software lifecycles Keep up to date, meet compliance and plan for refresh DNA Center: Design, provision, automate policy and assure services from one place BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM Network Data Platform Routers Switches Wireless Controllers Wireless APs BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

DNA Center Automation and Assurance Solution for the Network Open APIs Developer Environment SD ACCESS Access Policy Assurance Open APIs SD WAN Application Policy Assurance Open APIs Complete management of Access and Application Policy over a Fabric Architecture Predictive Analytics and Policy based Network Assurance ITSM Integration AUTOMATION and ASSURANCE Physical and Virtual Infra Deployment Monitoring and Troubleshooting Open APIs APIC-EM NDP Abstraction and Policy Control from Core to Edge Netconf/Yang, CLI, SNMP Intent based policy provisioning- Application QoS Device Onboarding, Software Update, Day 2 Change Management and Configuration Compliance Network Monitoring with Device and End Point Health Brownfield and Greenfield support using Netconf/Yang and CLI based Provisioning Guaranteed Service Level Transnationality - Orchestration and Provisioning Engine Big Data based data collection and stream processing along with integrated analytics BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

Day 0 Automation Network Provisioning

Enterprise Network Deployment Physical and Virtual Router Deployment Automated Underlay - Routed Access (ISIS) Simplified Wireless Deployment BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Network Deployment Consistency using Profile Driven Automation Network Design Before Plan for the network deployment Feature and Capabilities to be enabled based on requirements Topology for network deployment Deployment Standardization During Automated Day 0 Deployment Version management of Profile for Day 2 Change Management Profile Based Deployment Nework Compliance After Configuration Compliance Validation against Profile Remediation of Configuration to Golden Config Simplified Network Deployment Configuration Consistency BRKNMS-1601 Integrated IT Process Flows 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Wireless Deployment Made Simple Profile Mapped to Site WLC Mapped to Sites AP Mapped to Site No Controller (WLC) Configuration required for Wireless Deployment Intent based Workflows Automated Deployment BRKNMS-1601 Cisco Best Practices 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Wireless Deployment Demo

Automation with Intent Based Policies

DNA Policy Vision Resolves Declarative Business Intent Renders into Domain-Specific Language Application/User/Business Driven Policies Network Specific Control Only corporate-owned devices in Group:FinExec can access quarterly results DB Dynamic segmentation based on user/time/location/device

Policy types Access Policy Authentication/ Authorization Group Assignment Based on Authentication methods Access Control Policy Who can access what Rules for x-group access Permit group to app Permit group to group Application Policy Traffic treatment QoS for Application Path Optimization Application compression Application caching DB BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Application Policy

Application Policy: Simplifying Deployment of QoS Enterprise Wide Cisco ONE Foundation Select from Predefined Policies Automated Deployment of QoS config Optimized for Any Infrastructure Improved Application Experience with No Operator Intervention Implements QoS in Minutes The Easy QoS App reduces deployment times for network-wide QoS dramatically. We can now respond to changing application needs via policy-based automation within minutes or even seconds. Enhance Collaboration Experience 300% 50% Reduction in voice jitter Video quality improves QoS rollouts were once 6-month projects costing over $200K. With Cisco APIC EM Easy QoS, we will go from months to minutes with nominal costs. Brian McEvoy, Sr. Network Engineer Symantec BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Application Policy: Deploy End-to-End DSCP Based Queueing Policies EasyQoS in DNAC will seamlessly interconnect all types of hardware and software queuing models to achieve consistent and compatible end-to-end treatments aligned with the expressed business-intent Catalyst 9300 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Application Policy Demo

Access Control Policy

Software-Defined Access End-to-End Segmentation Keep user, device and applications traffic separate without redesigning the network Automate User Access Policy Apply the right policies for user or device to any application across the network Single Network Fabric Enable a consistent user experience anywhere without compromising on security Common user policy for the branch, campus, WAN and cloud BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

DNA Automation SD-Access: Easy Segmentation and Policy Enforcement Add Policy -- Search for policy -- 1 Employee_permit 2 Guest_deny 3 Contractor_deny 4 Isolated_quarantine Policy Details Default Access Permit Bandwidth Limit Disabled Internet Access Enabled Add Policy Entry Drag and Drop Virtual Network Employees Guest Building Management Employees Virtual Network 1 1 1 Marketing Finance 1 1 1 1 Sales HR Operations Strategy Facilities Traditional VLAN and IP address based Create IP based ACLs for access policy Deal with policy violations and errors manually Software Defined No IP address dependency for segmentation Policy follows user from Edge to Cloud Completely Automated Workflows Completely Automated Group-Based Policy Policy from Edge to Cloud BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

DNA Automation SD-Access: Two Level Policy Hierarchy Network Building Management Context 1 Campus Users Context 1 Virtual Network (VN) First level Segmentation that ensures zero Communication between Building systems and Users 2 Security Policy 2 BRKNMS-1601 Scalable Group Second level Micro-Segmentation within a VN that ensures role based access control between Blue-group and Red-group 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Day 2 Automation with Lifecycle and SW- Image Management

Day 2 Change: Software Update

Manual Software Update Workflow Today Software Image Selection Validation Check for Image Update Activate Image Devices Needing Update Copy Image to Device Post Deploy Validation Checks BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

Automated Managing Software Lifecycle 1 Golden Image Definition Use Case: Ensure Consistency of Software for all network devices (by platform type) React to PSIRT and bugs fast Deploy software with confidence Compliance Drift 2 3 Image Update (With Pre and Post Checks) Benefits: Golden Image based workflows drive Software consistency Pre/Post check ensures that software updates do not have adverse effects on the Network Patching provides small updates to react quickly to security fixes BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Software Update Components Image Repository Centralized storage of Network Software, VNF Images and Network Container Images Golden Image By Platform have the Ability to TAG a software version as the golden image in repository Software Compliance Devices not matching with Golden Image are out of compliant with Network Policy Device Image Patching (SMU) Software Update via patches provides the ability to just update what is needed Integration with Cisco.com Enables identification of new patches, PSIRTS for the Golden Image BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

Software Image Repository Repository Remote File Server Image Download Download from network devices Upload file by end user Integration with cisco.com for download BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

Golden Image Device Family Device Role Site Mapping Golden image per device family Device family includes router, switches and wireless (WLC) Devices in the same family classified by role Ex: CAT3850 as a access switch vs distribution switch Golden image to device family at root node Site hierarchy provides override of golden image Ex: Amer uses v16.1 vs APJC uses v3.8 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

Software Update Process Pre Check Software Update Post Check Validate memory/disk space to deploy the new images Collect network parameters to be checked post image update Copy the Image to Network devices Activate the new image on the devices Ensure image is deployed successfully Run network parameter check and ensure it correlates with Pre-Check BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

SWIM Demo

ITSM Integration

Enterprise Integration ITSM Use Case: Deploy the Network Change Close Change Request Create Change Request (Ex: Service Now) Change Lifecycle Network Design Generate Network Config IPAM for IP Address Any Change made to the network need to be tracked for audit External dependencies of the network make the network deployment complex Benefits: Reduce the time and copying the changes from external system (IPAM) Change Management integration automation ensures changes are tracked and closed aligning to IT process BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

DNA N Monitoring an Assurance

Network Quality is a complex, end-to-end problem Impacts Join/Roam Client Firmware Impacts Both* Impacts Both* Client Density AP Coverage Impacts Both* RF Noise/Interf. Impacts Quality/Throughput WAN Uplink Usage Impacts Both* WLC Capacity... Impacts Quality/Throughput End-User Services Impacts Both* Impacts Quality/Throughput Impacts Join/Roam Configuration WAN QoS, Routing,... Authentication Impacts Join/Roam Addressing CUCM ISE WAN DHCP Mobile Clients APs Office Site Local WLCs Network Services DC Prime * Both = Join/Roam and Quality/Throughput BRKNMS-1601 57 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

End-to-end visibility and insights CUCM WAN DHCP Mobile Clients APs Office Site Local WLCs Network Services DC NMS SFCDC SNOW BOX Cloud Apps BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

Insights: Wireless Use Cases Clients Network infrastructure Applications Network services Onboarding Connected experience Coverage & Capacity AP/WLC Monitoring Pro Active Association Authentication IP addresses On-boarding time Misbehaving clients Roaming Radio Interference Throughput Coverage License Utilization Client Capacity Radio Utilization Channel changes Availability, CPU, Memory, Temp Client Count Application Performance User Onboarding DNS, DHCP BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

Example: User Onboarding Issue Search for user with onboarding issues, example a user named George Baker See what is broken and open issue to see details 2 1 h The analysis of why a user/client cannot connect is 2-3 clicks away No additional tools of info is needed Assurance tests all the steps required for client onboarding h BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

Site Connectivity Issue 2 See the details of the issue to get more insights about its impact and get suggestions on how to solve it 1 Navigate to site from search of network health Check what issue is there Service Provider WAN link down ad site SFO BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61

Application Performance Troubleshooting 1 From landing drill down App Health to see which Application have issues 2 Application Health shows you top Apps with performance issues. Assurance enhanced Path trace shows you which segment of the network where the problem occurs (in this example where excessive delays occurs BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

Contextual Correlation and Property Graph Model netflow Dest IP: 2.2.2.2 AVC DDI Source IP: 1.1.1.2 Dest Port: 80? ISE NDP Stream Processing? Topology Dest Port: 80? Location Dest IP: 3.2.2.2 Device BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64

Contextual Correlation and Property Graph Model netflow Dest IP: 2.2.2.2 AVC DDI Source IP: 1.1.1.2 Dest Port: 80? ISE NDP Stream Processing? Topology Dest Port: 80 Location Dest IP: 3.2.2.2 Device BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

Contextual Correlation and Property Graph Model netflow AVC DDI ISE Topology Location Device NDP Stream Processing Source IP: 1.1.1.2 Dest IP: 2.2.2.2 Dest Port: 80? Dest Port: 80 Dest IP: 3.2.2.2 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

Contextual Correlation and Property Graph Model netflow Group: Marketing User: George Baker AVC DDI Dest IP: 2.2.2.2 ISE NDP Stream Processing Source IP: 1.1.1.2 Dest Port: 80? Topology Location Device Dest Port: 80 Dest IP: 3.2.2.2 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67

Contextual Correlation and Property Graph Model netflow Group: Marketing User: George Baker AVC DDI Dest IP: 2.2.2.2 ISE NDP Stream Processing Source IP: 1.1.1.2 Dest Port: 80? Topology Location Device Building 24 1 st Floor Dest Port: 80 Dest IP: 3.2.2.2 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69

Contextual Correlation and Property Graph Model netflow Group: Marketing User: George Baker AVC Access: Applications DDI Dest IP: 2.2.2.2 ISE NDP Stream Processing Owns: endclients Source IP: 1.1.1.2 Dest Port: 80? Topology Location Device Connect: Devices Building 24 1 st Floor Dest Port: 80 WAN QoS Problem Here... Client Density Problem Here... Dest IP: 3.2.2.2 BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

Streaming Telemetry Subscription Publication Programmable Interfaces Physical and Virtual Network Infrastructure NETCONF RESTconf GNMI YANG Data Model Open Native Open Native Configuration Operational Device Features SNMP Interface BGP QoS ACL Periodic or on-change Structured data Priority subscriptions Customized to recipient XML or JSON encoding NETCONF or HTTP/2 transport Increased scale Reduced CPU and bandwidth consumption BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71

Key Takeaways Intent Driven Networking Starts with Policy Profile Based Deployment simplifies Day 0 Deployment and Day 2 Change Management Automation must be thought holistically, as some of the simple tasks take the most amount of time Assurance must be outcomes driven and not problem based BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on www.ciscolive.com/us. Don t forget: Cisco Live sessions will be available for viewing on demand after the event at www.ciscolive.com/online. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74

Provision Assign WLC to Site All the network settings is set on the WLC based on the Site properties The credentials to access the device for the site is pushed to the WLC BRKNMS-1601 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 106