cisco digital network architecture - csloxinfo digital... · cisco digital network architecture:...

Cisco Digital Network Architecture:Enabling Enterprise Networks for the Digitalized Business

Therdtoon THEERASASANA

[email protected]

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

…And Creating New Priorities for Digital Organization

Transform Processesand Business Models

Innovations

Faster Time to Market

Empower Workforce Efficiency and Innovation

Increased Productivity

Better Retention

Personalize Customer/Citizen Experience

Increased Loyalty

Greater Insight

IoTMobility Analytics CloudMobile traffic will exceed

wired traffic by 2017

IoT devices will triple

by 2020

75% of companies planning

to or investing in big data

80% of organizations will

primarily use SaaS by 2018

Cisco DNA


UPS My Choice

Delivery Control

Personalized Service

Customer Experience

Physical and Virtual

RFID Content

Workforce Efficiency

WIP Inventory and

Part Tracking

American Express

Personalized Service

Through Mobile

Starbucks Apps

Order Ahead

Skip the Line

3

Digital Transformation is Moving IT to the Boardroom

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3Cisco DNA


Unlock the Power that Exists in the Network through

Abstraction, Automation, and Policy Enforcement

Cisco’s Enterprise Strategy

Leverage the Power of Existing

Distributed Systems

Enable Network Wide Fidelity to an Expressed

Intent (Policy)

4

Evolution of the Enterprise Network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA


Insights &Experiences

Drive Business

Innovations

Security & Compliance

Real-time and Dynamic

Threat Defense

Automation& Assurance

Speed, Simplicity

& Visibility

The Network Enables Digital Business

Network Requirements for the Digital Organization

5Cisco DNA

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6TECCRS-2700

Insights &Experiences

Security & Compliance

Automation& Assurance

Drive Business

Innovations

Real-time and Dynamic

Threat Defense

Speed, Simplicity

& Visibility

• Visibility into Users behavior, Applications,

Network performances

• Customer has the elements to make

decision faster

Abstraction layer

• Abstraction, Intent, Policy Automation

• Verification of Desired Result Assurance

Wi-Fi Core WAN Cloud

APIC EM

Using the Network as a Sensor for

security threats and then Enforce

Compliancy through Segmentation

Network Requirements for the Digital Organization

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7TECCRS-2700

City OperationsBusiness OperationsCustomer ExperienceWorkforce Experience

• Digital Workforce

• Personalized Workspaces

• Effective Collaboration

• Omnichannel Experience

• Enhanced Points of Service

• Personalized Customer

Experiences

• Business Insights

• Asset Management

• Facility Management

• Citizen and visitor services

• Safety and security

• Ruggedized infrastructure

New Business Capabilities Built on the Network as a Platform

The Network Enables New Experiences


Open

APIs

Network

Function

Virtualization

Policy

Cloud

Analytics

Controllers

Overlays

Open

Flow

Open

Compute

Standards

How do I delivernew applications?

How do I improve security?

How do I achieve speed & simplicity?

How do I learnnew software skills?

Model

Driven

Cisco Digital Network ArchitectureOpen | Extensible | Software-driven

How does thiscome together?

Evolution of Networking Software


Automation

Abstraction & Policy Control

from Core to Edge

Open & Programmable | Standards-Based

Open APIs | Developers Environment

Cloud Service Management

Policy | Orchestration

Virtualization

Physical & Virtual Infrastructure | App Hosting

Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance

Network-enabled Applications

Cloud-enabled | Software-delivered

Principles

9

Cisco Digital Network Architecture


© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10



Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

Cisco DNA


Hosting and Hosted Networking Functions

Subtitle


vBranch

IP

NFVIS

WAAS

IPS

vSwitch

vBranch

IP

NFVOS

WAAS

IPS

vSwitch

Network Interface (UNI)

PEP: Policy Enforcement Point

VirtualizationPhysical & Virtual Infrastructure | App

Hosting

VPCEnterprise Fabric

Encryption

Encryption

Encryption

PEP

Public

Cloud

VPC

WAN Agg

Apps

Apps

WAAS

IPS

WAAS

IPS

UNI

AWS

VPC

Cisco DNA


Software Control: Enterprise NfV


Cisco’s approach to network functions

virtualization (NFV) delivers the elasticity

to invoke innovative capabilities in an

optimal way – whenever, wherever, and

with whatever capacity they are required.

Deploy Validated

Designs in Minutes

“

”

Cisco ONE Foundation

March 2016Controlled Availability:

General Availability

in Cisco ONE June 2016

New!

Full Software Stack to Increase Branch Agility

Central Orchestration ManagementSDN: APIC-EM with Enterprise Service Automation

Freedom of ChoiceHardware: Cisco UCS® E- and C-Series | COTS

Software Intelligence over Hardware

Virtualization Layer: NFV Infrastructure Software

Consistent, trusted network

servicesVirtual Network Functions (VNFs): Cisco® and

Third Party

Cisco DNA


Advanced, Multi-Core, Feature-Rich Routing Silicon

QFPQuantumFlow Processor

Fully Programmable: leveraging the many features of IOS-XE with hardware performance

Scalable: Massive number of CPU cores (40/64), abilityto cascade multiple QFPs = consistent high performance

Advanced on-chip QoS: 100,000+ hardware-based queues, sophisticated traffic shaping and control

Secure: linkage to high-performance crypto capability for secure WAN transport

Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible routing silicon

UADPUnified Access Data Plane

Flexible, Programmable, High-Performance Switching Silicon

Fully Programmable:excellent flexibility, ability to handlenew encaps (VXLAN, GPE, etc.)—hardware speed, software elasticity

Scalable: Massive recirculation bandwidth and low recirculation latency provide excellent tunneling and services support for traffic flows

Advanced on-chip QoS:client–level granularity, sophisticated bandwidth shaping, with integrated on-chip NetFlow for visibility

Secure: integrated on-chip support for MACsec encryption (AES-128, CBC)

Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible switching silicon

VirtualizationPhysical & Virtual Infrastructure | App

Hosting

“People that are really serious about software should build their own hardware”100% Cisco-developed programmable silicon: unlocking the power of DNA at hardware speeds

Operational and Services Uniformity: Routing, Switching, and Wireless consistency

New Foundational Capabilities: HA and operational leadership, state decoupling, net database…

Speed of Innovation Velocity: “Code once and Re-use Many” across multiple places in the network

Foundation for Virtualization:providing for network hosting and integration of virtualized functions (VNFs, containers)

Platform for the Future:the “software stage” for the next wave of Cisco innovation…

IOS-XEThe Evolution of IOS

Taking the Proven Strengthsof IOS to the Next Level

Building on a Strong FoundationOf Hardware and Software Innovation




Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

Cisco DNA


Evolution to a Policy Model


• Express Business Intent

• Translate into device specific policy/configuration

• Leverage Abstraction (the controller knows about the device specifics)

• Automate the Deployment across the Network

• Insure Fidelity to the Expressed Intent (keep everything in sync)

User policy based on user identity

and user-to-group mapping

Employee

(managed asset)

Employee

(Registered BYOD)

Employee

(Unknown BYOD)

ENG VDI System

PERMIT

PERMIT

DENY

DENY

DENY

DENY

DENY

PERMIT

PERMIT

PERMIT

PERMIT

PERMIT

Production Servers Development Servers Internet Access

Protected Assets

So

urc

e

De-coupling of

User Identity and Topology

Much easier to translate business

objectives to network functionality—

Lowers TCO

Con

figu

ration

Controller-based AutomationToday

Traditional Traditional

Policy

Traditional

Policy Policy

Policy based Configuration—Dynamic, able to be automated by the Controller

Over time—Policy grows, static shrinks

AutomationController-Led

Networking Deployment

Cisco DNA


Any given “custom”

configuration has a very

high probability of not being

tested exactly as deployed

“individually—as a one off…”

which introduces

potential issues…

Risk BugsUncertainty Problems

Combinatorial Issues…

Trust

AutomationController-Led Networking Deployment

The automated configuration deployed by the controller will have gone through…

• Joint development by the Cisco Product Teams, the Architects developing

Best Practices, and the Controller Team—“Blessed Configurations”

• Testing by Cisco’s Solution, System, and Devtest teams

against the deployment use cases developed jointly, above

• And will be deployed by 1000’s, with any unforeseen situations

addressed ASAP due to widespread and standardized deployment

Greatly increasedprobability of success

Controller-Led NetworkingBridging the Gap to Increased Success in Network Deployment and Use


Deploy, Report, Measure, Adjust, Repeat


Analytics

Instrumentation Telemetry Correlation

Measure and Adjust

Click here to Correct

Always Correct this way

(and never ask me again)

Applications

Automated Deployment

Network

Endpoints

Run Reports

Discover user insights

Deliver relevant content

APIC EM

AnalyticsNetwork Data, Contextual

Insights

Cisco DNA




Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

Cisco DNA


Cloud-Enabled Networking


Plug & Play

CMX

Business

Analysis

Branch TeleworkerCampus/HQ

• Telemetry

• Continuous Innovation

• Cloud Enabled Audits

Cloud ConnectedSimplicity | Speed

Branch

TeleworkerCampus/HQ

Hybrid Cloud

AWS | Rackspace| Azure|

Cisco Intercloud

CSR1000V

VPC/ vDC

vASA

FTDv

StrataWatch

WAN

Cloud DeliveredInnovation | Insights

Cloud EdgeIaaS Scale | Flexibility

Branch TeleworkerCampus/HQ

Cisco DNA


Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

20




Configuration Management Today


jafrazie$ ssh [email protected]

[email protected]'s password:

cho# conf t

Enter configuration commands, one per line. End with CNTL/Z.

cho(config)#

Task

Oriented

Human

Friendly

Easy To

Replay

No

Special

Tools

Software Unfriendly Syntax/format changesNo Common Data

ModelNo Error Reporting

Cisco DNA

mailto:[email protected]


Open Device Programmability


Other vendors…

RESTCONF NETCONF gRPC

Data Model

Configuration

StandardDevice Specific

Device Features

Interface BGP QoS ACL …

Operational

StandardDevice Specific

Open Device Programmability

Physical and Virtual Network Infrastructure

AutomateSet Get

Cisco DNA


Embracing Tools


DevopsOrchestration

Automation

tcollector

Monitoring/ Analytics

Cisco DNA




Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

Cisco DNA


Digital Network Architecture – Vision


APIs

APIs

WAN VNFs Campus VNFs DC VNFs Cloud VNFs

UNI UNI

IntentTelemetry

Service Definition & Orchestration

Enterprise Controller

(Policy Determination)

Cloud

Data Center

Internet

PEPCampus

Int. Acc

PEP

PEP

PEP

PEP

PEP

PEP

PEP

WAN / Branch

PEPPEP Apps

Apps

Apps

SP

WAN AggBranch

Branch



Cloud Service ManagementPolicy | Orchestration

Enterprise Fabric

Network Function Virtualization

Cisco DNA


Common Policy and Orchestration – Vision


APIs

APIs

WAN VNFs Campus VNFs DC VNFs Cloud VNFs

UNI UNI

IntentTelemetry

Service Definition & Orchestration

Enterprise Controller

(Policy Determination)

Cloud

Data Center

Internet

PEPCampus

Int. Acc

PEP

PEP

PEP

PEP

PEP

PEP

PEP

WAN / Branch

PEPPEP Apps

Apps

Apps

SP

WAN AggBranch

Branch



Network Enabled

Applications

Enterprise Fabric

Network Function Virtualization

GUI

Prescriptive

Customized

Model-based

Topology

Easy QoS Plug & Play

Path

Optimization

Service

Instantiation

Analytics

Segmentation 1

Segmentation 2

Segmentation 3

Localized or

network-wide

Service Chaining

Cisco DNA


Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights

Insights &

Experiences

Automation

& Assurance

Security &

Compliance



Principles

27


© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27Cisco DNA


Automation


from Core to Edge





Virtualization


Analytics

Network Data,

Contextual Insights



New!

Enterprise NFV

Branch Service VirtualizationControlled Availability, March 2016

New!

New!

Available on DNA-Ready Infrastructure through Cisco ONE Software

APIC-EM Automation Platform

Completely New PlatformAvailable Now

Base Automation: Plug and PlayAvailable Now

Cloud version Controlled Availability, May 2016

Policy Services: IWAN App & EasyQoSAvailable Now | March 2016, respectively

CMX Cloud

Presence Analytics and ConnectAvailable Now in US, April 2016 for ROW

What’s New: Cisco DNA Additions


Automation: Cisco APIC-EM PlatformIndustry-Leading Network Controller

Complete Lifecycle | Consistent End to End

“Unlike other SDN solutions, APIC-EM can be

deployed on our existing infrastructure so we can

move quickly with minimum risk and maximum

investment protection.

CJ Singh, Chief Technology Officer

Backcountry.com

”

Open and

Extensible

Enterprise Scale

and Resiliency

Automation and

Services

“The inherent programmability of Cisco APIC-EM

allows us to drive innovation and improve on user

experience on a world-class infrastructure. It is a

solid foundation to embark on a journey to SDN.

Raj Gulani, Director Product Management

Citrix

”Open

APIs

Group-based

Policy

Clustering

Technology

Cloud Connected

Telemetry

Complete

Abstraction

Cisco APIC-EM

1000sOf DevNet

Developers

160+Customers

Deployments

running up to

4000 devices

Customer MomentumIOS ASIC

Cisco DNA


Automation: Plug and Play


Cisco ONE

Foundation

PnP Available Now

PnP Cloud May 2016 (controlled availability)

Lower deployment costs

79%

”

Plug and play means no more IT

engineers in the field – faster time to

market and dramatically lowered costs.

“

New!

Eliminates

Staging Truck Roll

Cloud-Based Plug and Play

Plug in and

Cloud Provision

Order Controller-Based

Management

Cisco DNA


Plug & Play

Enterprise-wide scale

Automated workflow

79% lower deployment costs

Pre-provision1 Discovery2 Secure Deployment3

Discovery1 Un-claimed Devices2 Secure Deployment3

Network PnP app pre-provisioned

with device SR number

Configure device discovery

• DHCP Option-43 or DNS

• Installer powers on devices

• Devices download image and

configuration

• Installer powers on devices

• Devices securely connect

to APIC-EM server, waiting

to be ‘claimed’

• Network admin claims devices

based on device information

• Device downloads image

and configuration

Configure device discovery

• DHCP Option-43 or DNS

Network PnP app on APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

EM

Device Authentication

Download Image and Configure

Installer

Network PnP app on APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

EM

Device Authentication

Download Image and Configure

Installer

PnP: Pre-provisioning and Discover Workflows

Cisco DNA


Policy Service: IWAN Automation


Optimal Branch Experience Made Easy

Faster deployments85%

”

IWAN automation eliminates tedious

configuration tasks for advanced networking

features. I can configure IWAN with just 10 GUI

clicks.

“IWAN Momentum

Cisco ONE

Foundation

Available Now

Intelligent Path Control

Highly Secure Connectivity

Application Optimization

Transport-Independent

Zero-TouchRollout

Set Application Policy

Gain Visibility and Tune

Point and Click Troubleshoot

Simple Workflows

200+deployments running up to

2500 sites

Cisco DNA


Intelligent WAN (IWAN) Architecture

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

Application Optimization

Enhanced Application

Visibility and Performance

Secure Connectivity

Comprehensive

Threat Defense

Intelligent Path Control

Application

Aware Routing

TransportIndependence

Simplified

Hybrid WAN

Management Automation

33Cisco DNA


Intelligent WAN Deployment Models

Dual MPLS

Internet

Highest SLA guarantees

– Centralized Internet Access

– Expensive

Public

MPLS

Branch

MPLS

More BW for key applications

Balanced SLA guarantees

– Moderately priced

PublicEnterprise

Branch

MPLS+

Internet

Consistent VPN Overlay Enables Security Across Transition

Best price/performance

Most flexibility

– Enterprise responsible for SLAs

Internet

Branch

Enterprise Public

Hybrid Dual Internet

Internet

34Cisco DNA


Policy Service: EasyQoS


Implements QoS in 250 ms

Enhance Collaboration Experience

300% 50%Reduction in

voice jitter

Video quality

improves

Improved Application Experience

with No Operator Intervention

”

The EasyQoS App reduces deployment times

for network-wide QoS dramatically. We can now

respond to changing application needs via

policy-based automation within minutes or even

seconds.

“

Cisco ONE

Foundation

March 2016General Availability in

Cisco ONE May 2016

New!

Select from

Predefined Policies

Automated Deployment

of QoS config

Optimized for Any

Infrastructure

Cisco DNA


Application

Class

Per-Hop

Behavior

Queuing &

Dropping

Application

Examples

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signaling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Forwarding DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

Apply RFC 4594-based Marking / Queuing / Dropping Treatments

Irrelevant

Default

Relevant

36

What Do We Do Under-the-Hood?



New: APIC-EM QoS Automation with EasyQoS


Applications can ALSO interact with APIC-EM

via Northbound APIs, informing the network of

application-specific and dynamic QoS requirements

Southbound APIs translate

business-intent to

platform-specific configurations

Southbound APIs translate

business-intent to

platform-specific configurations as

they are needed

STATIC QoSDYNAMIC QoSAPIC EM

Network Operators express high-level

business-intent to APIC-EM EasyQoS

Cisco DNA


Software Control: Enterprise NfV


Cisco’s approach to network functions

virtualization (NFV) delivers the elasticity

to invoke innovative capabilities in an

optimal way – whenever, wherever, and

with whatever capacity they are required.

Deploy Validated

Designs in Minutes

“

”

Cisco ONE Foundation

March 2016Controlled Availability:

General Availability


New!

Full Software Stack to Increase Branch Agility

Central Orchestration ManagementSDN: APIC-EM with Enterprise Service Automation

Freedom of ChoiceHardware: Cisco UCS® E- and C-Series | COTS

Software Intelligence over Hardware

Virtualization Layer: NFV Infrastructure Software

Consistent, trusted network

servicesVirtual Network Functions (VNFs): Cisco® and

Third Party

Cisco DNA


Cisco 4000 Series ISR + Cisco UCS® E-Series

Cisco® UCS C-Series Cisco ENCS

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco Enterprise Service Automation (ESA) on APIC-EM

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router

(ISRv)

Virtual Firewall

(ASAv)

Virtual WAN

Optimization

(vWAAS)

Virtual Wireless

LAN Controller

(vWLC)

Third-Party VNFs

Cisco DNA

NEW


Customized Network Services for Your Network

APIC-EM with

Enterprise

Service

Automation

vRouter

vFirewall

vWAN optimization

vWLAN controller

Third-party services

Cisco® ISR, UCS® E-Series

Cisco UCS C-Series

x86 server

Select your

network functions1

Select your preferred

platform2

Orchestrate and

automate services3

IT Agility

Run on Any PlatformElastic Services Deploy in Minutes


Cisco Enterprise Network Compute System (ENCS)



Cisco ENCS 5400 Series


ENCS541212-CoreENCS5408

8-CoreENCS54066-Core

ENCS5406 ENCS5408 ENCS5412

CPU 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz

PoE No 200W 200W

Capacity Guidance ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs


Digital Services: CMX Cloud


ConnectDrag-and-drop

customizable portal on

demand

Data on Storefront

Conversion

FrictionlessGuest Onboarding

Presence

Analytics

Zone-based

location analytics

”

Customer Insights and Engagement

CMX Cloud has helped us quickly gain

business insights, so we can enhance the

shopper experience at Santana Row with

easy Wi-Fi onboarding, increased customer

data, and improved customer engagement.

“

Cisco ONE Advanced

Available now.General Availability


New!

Cisco DNA


Inside Cisco CMX Cloud

Gain Insights and

Engage Customers

SaaS consumption

No MSEhardware required

Deploy in less than 20 minutes

Subscribe to Cisco® CMX Cloud and point to wireless infrastructure1

Collect analytics on user behavior2

Set up customized captive portal for guest onboarding3

• Easy templates

• Multiple languages support

• Social logins

• Easily add logo and image

• Send relevant offers

• Capture user information


APIC-EM Path Trace Application


User Trouble Ticket IT Path Trace

NETWORK

Open

Architecture

Network,

Applications

Monitoring

Simple Workflow

BENEFITS

SDN

Easy visual discovery of trouble spots in the

communication path based on 5-tuple info

OpEx for ticket processing decreased by 98%

from 1.6 hours to 1 minute


Path Trace App: Application Flow Visibility


46Cisco DNA

`

Link Source InformationStats: Device, Interface, QoS, PerfmonACL CheckCAPWAP Tunnel


Security: StealthWatch and ISE


Extend Security Everywhere

Infrastructure-Enforced Policy

Network as an Enforcer:Software-defined segmentation with

TrustSec® for assurance and compliance

Network as a Sensor:Real-time situational awareness

and rapid threat detection everywhere

”

The network touches every element

of the digital enterprise – every business

process, device, customer, employee –

and therefore has the unique ability to

detect, analyze, and prevent new forms of

attack by flagging unusual network behavior.

“

Wi-Fi Core WAN Cloud

Rapid Threat Containment

Quickly detect and stop threats

Scales to handle dramatic threat increase

General Availability in

Cisco ONE

Cisco ONE

Adv. Security


Analytic: Conversational Flow Record


• Highly scalable (enterprise class) collection

• High compression Long term storage• Months of data retention

When Who

Where

What

Who

Security Group

More Context

How


NaaS: StealthWatch Labs Intelligence Center (SLIC)


The StealthWatch FlowCollector

collects and analyzes data from

various flow sources

Correlated flow data collected

in (1) with a global threat

feed (SLIC)

Additional threat context by

revealing what infected hosts

are doing within the network

Enrichment with Global

Threat IntelligenceCollection and Behavior Analysis Superior Threat Protection


How TrustSec Simplifies Network Segmentation


Access Layer

Enterprise

Backbone

Voice

VLAN

Voice

Data

VLAN

Employee

Aggregation Layer

Supplier

Guest

VLAN

BYOD

BYOD

VLAN

Non-Compliant

Quarantine

VLAN

VLAN

Address

DHCP Scope

Redundancy

Routing

Static ACL

VACL

Security Policy based on Topology

High cost and complex maintenance

Voice

VLAN

Voice

Data

VLAN

Employee Supplier BYODNon-Compliant

Use existing topology and automate

security policy to reduce OpEx

ISE

No VLAN Change

No Topology Change

Central Policy Provisioning

Micro/Macro Segmentation

Employee Tag

Supplier Tag

Non-Compliant Tag

Access Layer

Enterprise

Backbone

DC Firewall / Switch

DC Servers

Policy

TrustSecTraditional Segmentation


access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467

Network as an Enforcerwith TrustSec

Traditional Security Policy

TrustSec Security Policy

Security Control Automation

Simplified Access Management

Improved Security Efficacy

Network Fabric

Switch Router DC FW DC SwitchWireless

Flexible and Scalable Policy Enforcement

segmentationsoftware defined


Minimize

Costs

IT

Priorities

Increase

ROI

Avoid

Delays

Reduce

Complexity

Mitigate

Risks

Business

Goals

Maximize

Performance

What does my business need?

How can I save time and money?

How do I ensure performance?

Cisco and our Partners can help.

Architecture

Strategy

Where Do You Start?

Thank you

cisco digital network architecture - csloxinfo digital... · cisco digital network architecture:...

Documents