This blog is one in a series focusing on aspects of Cisco DNA and intent-based networking. #IntentBasedNetworking
Several years ago, I ghostwrote a book chapter for the CEO of an e-commerce company. The gist of the chapter was about the challenge of content management. The challenge, you see, is that everyone describes things differently. That pitching wedge you have in your golf bag? Someone else might call it a gap wedge, an attack wedge, or a dual wedge. Four different names for essentially the same club and they’re all right.
So, what does that have to do with networking? Aren’t switches, routers and access points pretty standard names?
The challenge comes when we try to describe use cases. In your company, you may refer to the act of adding new network equipment as an upgrade. Another organization may call it a deployment. And yet another company might call it onboarding. They’re all right. And all different.
At Cisco, we’re standardizing on a set of key use cases for Cisco DNA. While our naming structure may align perfectly with how you reference use cases, chances are, like those golf clubs, there may be some disconnect. Consider this blog your decoder ring for Cisco DNA use cases. So, if you’re looking for network security and we call it campus network segmentation, you know we’re talking about the same thing. The wide-ranging scope of this subject could easily consume entire volumes—way more than can be covered in a blog—so we’re going to keep our discussion at a very high, conceptual level.
The use cases we will talk about in this blog revolve around pretty common challenges our customers face. In particular, the need to automate the networking for simplicity, the need to secure and segment the network more easily, and the need to use data and visibility for data-driven network insights.
The five use categories we’ve established for Cisco DNA are:
- Network Device Onboarding
- Campus Software Image Management
- Scalable Access Policy
- Campus Network Segmentation
- Campus Network Assurance
Note that these uses are for network access. The WAN has another set of use cases not covered by this decoder ring. So bust open that box of Crackerjacks and let’s get busy decoding. (Apologies for anyone who doesn’t know what Crackerjacks are. Just trust me. You missed out.)
Network Device Onboarding
Network device onboarding seems pretty straight forward. You can put all the main steps necessary to automatically add a new switch, router, access point or other equipment to scale your network in this category. The act of plugging the devices in, configuring them and getting them up and running may vary in process but the concepts are essentially the same. One network may discover or classify a new device differently and that difference may be captured in the name. What about configurations? How are they defined? Can pre-defined templates be applied to the new network equipment for greater consistency? And what do you call it? The same goes for establishing QoS or any of a host of onboarding processes. Regardless of how you categorize, name or execute these tasks, we put them in a Cisco DNA use case bucket called network device onboarding.
Campus Software Image Management
The operating systems that run your network are always a work in progress, with performance improvements and capabilities continually added. That probably doesn’t come as a surprise to you. Much of your work hours are likely spent managing the software patches, security updates and new feature additions constantly introduced to keep networks safe and performing optimally. Our second Cisco DNA use case category—campus software image management—is the home for all of these tasks. This includes the process for identifying which patches and updates are available and which are relevant to your network and devices to add features and capabilities or mitigate security vulnerabilities. It includes the process for pushing new software images and patches to the appropriate devices, testing the impact, upgrading the devices and increasing network availability with image consistency. At Cisco, we categorize all of these interrelated functions as campus software image management.
Scalable Access Policy
The scalable policy Cisco DNA use case is the bucket for all tasks that define how a network should work and how it should be secured. With so many entry points into the network, policy needs to be pervasive across the entire organization. It should incorporate user and device profiles and policies that govern access. While deploying policy is one challenge, enforcing it is another. This is where the security policy must meet business policy, creating visibility as to how users and devices interact on the network and continually validating that the policy. And you’ll need to efficiently scale your access policy for the organization through identity-based virtual networks that can enforce policy between identity groups and leverage the network to make policy improvements. Whatever your organization calls these tasks, they are essentially the same core functions and we categorize them as a Cisco DNA scalable policy use case.
Campus Network Segmentation
Effective network design is built upon the concept of segmentation. Not all network devices and users should communicate with each other. Segmentation is a critical tool for enforcing security policies and ensuring the right level of access across the network. Organizations typically have multiple types of users, applications and data. Some segments of the network process and store highly sensitive business, health or financial information and demand a higher degree of security.
In the past, this segmentation is determined by physical location. However, in today’s network, segmentation is driven by multiple factors, including location, type of wired or wireless network, business function, and user group. While the definition of the underlying policies resides in the scalable policy use case category, the actual act of creating the segmentation is the work of this Cisco DNA use case category. These tasks can include the creation of consistent access policy across the entire network, the maintenance of a seamless user experience, and management of virtual network segments as the network complexity continues to grow. Again, while each of these tasks is the same depending on the segmentation, they may be named differently in different organizations.
Campus Network Assurance
While of the focus on IT vendors seems to be on new devices and infrastructure to deploy, the reality is that much of your day-to-day time is spent on the other side of the coin—making sure everything you deploy runs at its best. Generally, people call this troubleshooting. While that’s important, it really only covers a portion of assurance. Assurance can also include optimization because it continually monitors the network to see how it’s performing. Other IT teams may simply call it monitoring. The bottom line, everything you do to time-effectively ensure consistent network performance and a robust user experience, including all the break/fix, troubleshooting and optimization tasks are part of the Cisco network assurance use case.
In a recent blog, I highlighted five pillars necessary for effective network automation. So, the natural question is how do these Cisco DNA use cases align? While it’s not a one-to-one mapping, they do overlay. The first three pillars—visibility, intent and deployment—all align to the network device onboarding use case category. Campus Software Image Management nestles in the management pillar. Campus Segmentation and Scalable Policy fit with in the intent and extensibility pillars. And, finally, network assurance aligns with extensibility.
Rest assured, when you see our Cisco DNA use cases…
- Network Device Onboarding
- Campus Software Image Management
- Scalable Access Policy
- Campus Network Segmentation
- Campus Network Assurance
…know that we’re saying the same thing as you. That’s because we’ve designed and built Cisco DNA Center to act as your single pane of glass for building, managing, and optimizing the intent-based network in your campus or branch. Or whatever you call it.
Join the conversation! Share your thoughts below and watch out for the next installment of our #IntentBasedNetworking blog series on the promise of intent-based networking.
CONNECT WITH US