the network. intuitive. - im …im-cloudandsecuritysummit.com/wp-content/uploads/2017/08/1450... ·...

Rajinder Singh

Product Sales Specialist - ASEAN

August 2017

THE NETWORK.

INTUITIVE. Powered by intent,

informed by context.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Intent-based Network Infrastructure

DNA Center

Analytics Policy Automation

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

The Network. Intuitive. Constantly learning, adapting and protecting.


Built on Cisco DNA Built on Cisco DNA

New

Announcement

s

See and Act on All Threats Encrypted Traffic Analytics (Sept 2017)

Reduce OpEx with Simplified Management

Cisco DNA Center (Jul 2017)

Predict Issues Before They Happen

Assurance with Network Data Platform (Nov 2017)

Infrastructure Agility

Catalyst 9000 Portfolio with Programmable ASICs

9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)

Networking at the Speed of Software

Software-Defined Access (For existing and next-gen infrastructure)

(Aug 2017)


Aligned to Digital Network Architecture (DNA)

DNA Center Built-in expertise to manage and deploy end-to-end

network services from a single pane of glass

Software Defined Access Dynamically adapt to changing needs with policy-based

management of the network fabric

Assurance Network and machine learning for consistent worker and

customer experiences

DNA Software: Cisco ONE Software perpetual and new subscription licensing

DNA Software Capabilities

Cloud Service Management

Infrastructure

Automation Analytics

Identity Services

Engine APIC-EM

Network Analytics

Platform

Enterprise

Network

Compute

System

ISR 4000

ASR 1000

Catalyst

9300/9400

WLAN Controller

5520/8540

Aironet

1800/2800/3800

DNA-Ready Physical and Virtual Infrastructure

Catalyst 9000 Series Switches First infrastructure devices purposely designed for DNA

Encrypted Traffic Analytics Uncover hidden threats with new visibility into encrypted traffic


Technology transformations driving the market

• Public Software as a

Service (SaaS)

• Grant proper access

• Protect network data

• Bring your own device

• Devices in the workspace

Security Mobility Cloud applications


Technology transformations driving the market

• Multicloud

• Hybrid

• Bring your own app

• Networking and security

• Advanced threats

• Auto-detect

non-user devices

• Devices everywhere

Cyber security IoT Cloud infrastructure


Traditional networks cannot keep up

Common user policy for the branch, campus, WAN, and cloud

Inconsistent user experience

Complex to configure

Difficult to segment

More users and endpoints

More VLANs and subnets Multiple steps to give

users credentials

Difficult to maintain policy

Separate user policies

for wired and wireless networks

Unable to find users

when troubleshooting


Software-Defined Access Industry’s first policy-based automation from the edge to the cloud

Common user policy for the branch, campus, WAN, and cloud

Intelligent network fabric

Simple, automated workflows

End-to-End Segmentation

Secure users, devices,

and applications with

identity-based policy,

regardless of location

Design, provision,

and manage your wired

and wireless networks

Enable a consistent user

experience anywhere

with insights and analytics into

user and application behavior


Software-Defined Access Open and programmable

• Build and develop with open APIs from Cisco that allow you to

extend and operate your enterprise at scale

DevNet Cisco developer program

• Easily develop apps for integration, automation,

and device-level programming with an open

and programmable network operating system

Cisco IOS® XE

• Accelerate digital transformation with technology

solutions tailored to your business needs

Third Party Application Hosting


Cisco Digital Network Architecture Enterprise portfolio

Cisco DNA Center

Cisco DNA™ Center:

Simple workflows

Design Provision

Policy Assurance

Software-Defined Access

APIC-EM Network data platform Identity Services Engine

Wireless access points

Wireless LAN controllers

Switches Routers


Simplifying how you manage the network

Cisco DNA™ Center: Design, provision,

automate policy, and assure services from one place

• Logical workflow to

design, provision,

set policy

• Respond to

changes faster

• Monitor end-to-end

network performance

• Predict and act on

problems before

they happen

• Pinpoint problems faster

• Reduce downtime with an

end-to-end view instead of

hop by hop

• Manage hardware and

software lifecycles

• Keep up to date, meet

compliance requirements,

and plan for refresh


• Complex segmentation

of IoT and user traffic

• Chase down IP

addresses for

troubleshooting

• Expensive high-voltage

deployments

Adopt Internet of Things (IoT) at scale End-to-end segmentation

Automatic provisioning and policy Automatic security and segmentation

Purpose-built switches for digital building

• Intuitive identity-based

segmentation with

device profiling

• Built-in visibility and

granular policy control

• Optimized for

low-voltage

building deployments

Before SD-Access After SD-Access

Connected

lighting

IP

surveillance

Users and

devices



Users

Devices

Apps

Drag policy

to apply

Group 1 Group 2

Employee Virtual Network

Group 3 Group 4

IoT Virtual Network

Group 5 Group 6

Guest Virtual Network

• VLAN and IP

address based

• Create IP-based

Access Control Lists

(ACLs) for

access policy

• Deal with policy

violations and

errors manually

• No IP address

dependency for

segmentation

• Define one

consistent policy

• Policy follows user

from edge to cloud

Faster onboarding of users and devices Policy automation

Group-based policy Policy from edge

to cloud Completely automated



Roam

is layer 2

Seamless

roam

Policy stays

with user

Seamless wired and wireless access A single network fabric

• Repeated policy work

for wired and wireless

• Roaming issues across

Layer 3 domains

• Chase down

IP addresses for

troubleshooting

• Consistent

management across

wired and wireless

• Optimal traffic flows

with seamless roaming

• Seamless roaming

in fabric and

nonfabric domains

Campuswide roaming Wired and wireless

consistency Simplified provisioning


SD-Access support A single fabric for your digital-ready network

Wireless Routing Switching

Cisco Catalyst®

9400 Series

Cisco Catalyst

9300 Series

Cisco Catalyst 9500 Series

Cisco Catalyst

4500E Series

Cisco Catalyst

6000 Series

Cisco Nexus®

7700 Series

ASR 1000-X

ASR 1000-HX

4430 ISR

4450 ISR

Wave 1 APs

(1700, 2700,

3700 Series)

Wave 2 APs

(1800, 2800,

3800 Series)

3504 Wireless Controller



Cisco Catalyst 3850

and 3650 Series CSR 1000V


Cloud ready IoT ready

Future-ready with Cisco Unified Access™

Data Plane (UADP) 2.0 and open and

programmable Cisco IOS® XE

The new Catalyst 9000 Family – Built for SD-Access

• Find and contain

threats fast with

real-time monitoring

• Detect threats in

encrypted traffic

• Simplify BYOD onboarding

• Manage and secure

wired and wireless from

one device

• Instantly onboard

IoT devices

• Automatically

segment IoT traffic for

better security

• Build applications

through programmability

• Improve application

performance – user

to cloud

Integrated security Mobility ready


Capabili

ties

Catalyst Switching Portfolio Positioning

Voice Data

The Network.

Intuitive. Security IOT Mobility

Access Switching FIXED SWITCH

9300

Up to 480G Stacking

MODULAR SWITCH

9400

9Tbps System b/w

Performance: mGig, 1/10G uplink, 40G uplinks

PoE Leadership: UPOE, Fast/Perpetual PoE

High Availability: NSF/SSO, ISSU (C9400), Patching

Security: ETTA, MacSec 256, IPSec, Trustworthy Systems

IoT Convergence: Perpetual PoE, IEEE 1588/AVB, SD Bonjour

Cloud: Netconf/Yang models, Streaming Telemetry, App Hosting

ACCESS SWITCHING

Fixed PS & FAN

2960-X

FRU PS & FAN

2960-XR

On-device Management, PnP, APIC EM, Prime Infra

• Stacking

• Routed Access

• DNS-AS,

• NaaS, Full Netflow

1/10/40G interfaces with Comprehensive Features at Scale

High Availability: NSF/SSO, VSS

XL-SCALE / MODULAR

6800

Backbone Switching Video

TRADITIONAL

NETWORKING

Scale

FIXED SWITCH

9500

Mobility: eWLC

Software Defined Access (SD-Access)

ACCESS SWITCHING

FIXED SWITCH

3650

Up to 160G Stacking

mGig, 1/10G

10G uplinks

NSF/SSO

Resiliency


Challenge Large global network deployment, challenges to

manage network infrastructure with the many complex

requirements of a modern business:

• $4.7M cost of policy changes

• Up to 18 months per software upgrade cycle

• Over $5M to reduce risk and meet compliance requirements

• $2.4M to manually deploy network

Business Outcomes • 67% reduction in cost of carrying out tasks such as network

upgrade, inventory management, provisioning, and policy

• 48% cost savings by reducing the impact of security breaches

and maintaining compliance

• Issue resolution cost reduced by 80% with a simplified

dashboard, integration with other Cisco® tools, and automation

of monitoring and troubleshooting – providing visibility across

the network

Customer Study

Petroleum customer SD-Access delivers real business outcomes

14% $8.4M $7.6M

$14M

$5.4M

Current With Cisco SD-Access

CapEx OpEx

14%

61%

80%*

Improve issue

resolution cost

48%*

Reduce cost of

security breach

67%*

Reduce network

provisioning cost Reduce network

provisioning cost

* Source: Internal total cost of ownership (TCO) analysis with large enterprise customer

** CapEx reduction based on converging IoT networks


Why Software-Defined Access?

Network access in minutes for any user or device to any application without compromise

Industry’s first policy- based automation from

edge to cloud

Foundation for

Cisco DNA™

Broad

platform support

Give time back to IT

the network. intuitive. - im …im-cloudandsecuritysummit.com/wp-content/uploads/2017/08/1450... ·...

Documents