In collaboration with Vishal Gupta


In a recent blog, my colleague Travis Norling described Cisco IT’s motivations and processes for shifting to a software-defined access (SD-Access) fabric network – part of our ongoing journey to an advanced network architecture. In this blog, I will explain the value framework we created to measure SD-Access’s impact, along with outcomes achieved to date.

As SD-Access was deployed across six buildings on Cisco’s San Jose campus, Cisco IT’s Customer Zero organization sought to identify areas where the solution could deliver significant value.

In many IT projects, proof of value is unfortunately an afterthought: organizations often try to justify their IT investments after the solutions are deployed. Typically, this method doesn’t work very well.

Our approach was different: we developed a structured, repeatable, value-driven framework to guide our SD-Access investments ahead of time:

  • First, we researched IT’s pain points and formulated hypotheses for where SD-Access could deliver the greatest value.
  • Next, we identified specific value-based use cases, along with a system for measuring their impact.
  • Finally, as the engineering teams deployed SD-Access, we worked to quantify its value across the use cases. Our use cases and scenario analysis helped us improve solutions on the fly.

4 value pillars show the way

After conducting research and subject-matter expert (SME) interviews, we uncovered four primary “pillars” where SD-Access could drive the greatest value for Cisco IT: 1) Unplanned Changes, 2) Planned Changes, 3) Total Experience, and 4) Security and Compliance (see chart).


When asked to identify the areas where they spend most of their time, our SMEs primarily mentioned activities such as troubleshooting, hardware failure, image management, and configuration changes – all of which can be categorized as either Planned or Unplanned Changes.

Our senior leaders also named Total Experience as a continuing priority, including the experience of engineers managing the access network. This value area will become even more critical as IT teams strive to securely onboard and provision a wide array of IoT devices as part of post-pandemic return-to-office efforts.

Finally, Security and Compliance – and our ability to scale security – remains a major priority as we continually strive to improve our security posture. SD-Access addresses this concern by building detailed sets of rules that can prevent, for example, non-security staff from accessing physical security cameras.


Use cases provide a framework for measuring value

For each of our four pillars, we prioritized the top use cases for measuring value. We based the use cases on scenarios that were the most representative and time-consuming for Cisco IT:

  1. Unplanned Changes: troubleshooting, hardware failure, assurance
  2. Planned Changes: image management, configuration changes
  3. Total Experience: network operations employee experience, customer (end-user) experience
  4. Security and Compliance: segmentation, devices and user onboarding, network access

We then compared the time it took for engineers to complete the tasks required by each of the use cases. To do this, we conducted “A/B Testing” to measure the differences between two distinct states:

  • State A: Traditional access network that requires manual interventions at the device level
  • State B: Approach that leverages SD-Access automation and segmentation ​

We repeated this approach systematically for each of the use cases across the four pillars. It’s important to note that our value determination was not based on testing in a lab environment. Instead, it was quantified in a true production environment, with solutions integrated with the rest of the Cisco portfolio and third-party solutions. ​With this approach, value is represented by the difference between the two states. ​


SD-Access drives time and quality improvements

Our findings were consistent across all use cases: compared with a traditional, manual network approach, SD-Access full fabric offered significant time savings and quality improvements (see chart below).

For example, in terms of Unplanned Changes, SD-Access reduces the time to troubleshoot a client device by 67 percent – and by 99 percent when used with the Cisco DNA Center. For Planned Changes, SD-Access’s automation capabilities decrease the time to perform image upgrades by 78 percent.  Among other findings, SD-Access provided an easier, more time-efficient network operations experience, while also aiding Security and Compliance by, for example, enabling one-time setup across the fabric domain.

We also learned that value is maximized when combining SD-Access and the Cisco DNA Center. In combination, they help to reduce mean time to recovery (MTTR) and provide a better end-user experience.

We look forward to quantifying the benefits of SD-Access for these and other use cases in the months ahead.

Learn more about our journey to an advanced network
architecture by clicking through our interactive journey map

Follow Cisco IT on social!