SlideShare a Scribd company logo
1 of 35
Download to read offline
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
The image part with relationship ID rId2 was not found in the file.
The image part with
relationship ID rId2
was not found in the
file.
Как развернуть кампусную
сеть Cisco за 10 минут?
Новые технологии для
автоматизации и аналитики в
корпоративных сетях Cisco.
Денис Коденцев
Инженер-консультант, CCIE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center
• Инновационное решение для внедрения и управления
корпоративной сетью и сетевыми сервисами
DNA Assurance & Analytics
• Анализ и проактивное обнаружение проблем
Software-Defined Access
• Универсальная сетевая фабрика с динамической
микросегментацией
Enhanced Network as a Sensor
• Обнаружение вредоносного ПО в
зашифрованном обмене (без расшифровки)
Коммутаторы Catalyst 9000
• Первые специально созданные в рамках DNA
коммутаторыЛицензирование с поддержкой подписки | Дополнительные сервисы от Cisco
Новая эра сетей Cisco – анонс 20 июня 2017
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Рост трафика
в 10x* к 2019
ИТ службы вынуждены
поддерживать больше
подключенных устройств
(как пользовательских, так и
других – IoT как пример)
ИТ службы вынуждены работать
с бОльшим числом уязвимостей
и угроз безопасности
Почему компании тратят настолько много?
$60B
Тратится на эксплуатацию
сетевой инфраструктуры в
год во всем мире (зарплата,
инструментальные
средства)
*
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Корпоративные сети сегодня – сложные …
Работа с
различными сетями
Работа с
множеством разных
политик - LAN,
WLAN, WAN, ЦОД
Масштабирование
увеличивает
сложность
эксплуатации
Управление
множеством VLAN
VLAN 1 VLAN 2 VLAN 3
WAN
Branch A
VLAN A
Branch A
VLAN B
Remote
VLAN B
HQ
4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction	&	Policy	Control	
from	Core	to	Edge	
Open	&	Programmable	|	Standards-Based
Open	APIs	|	Developers	Environment
Cloud	Service	Management
Policy	|	Orchestration
Virtualization
Physical	&	Virtual	Infrastructure	|	App	Hosting
Analytics
Network	Data,	
Contextual	Insights
Network-enabled	Applications
Cloud-enabled	|	Software-delivered
Principles
Cisco Digital Network Architecture
DNA Overview
SD-A, SD-WAN & ENFV
DNA Center
5
Insights	&	
Experiences
Automation
&	Assurance
Security	&	
Compliance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center
единый интерфейс
для автоматизации и
аналитики
APIC-EM Network Data PlatformIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DESIGN PROVISION POLICY ASSURANCE
DNA Center
Simple Workflows
Wireless Controllers
Зачем нам DNA-Center?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE
§ Control-Plane Nodes – Map System that
manages Endpoint to Device relationships
§ Fabric Edge Nodes – A Fabric device (e.g.
Access or Distribution) that connects Wired
Endpoints to the SDA Fabric
§ Identity Services – External ID System(s)
(e.g. ISE) are leveraged for dynamic Endpoint
to Group mapping and Policy definition
§ Fabric Border Nodes – A Fabric device (e.g.
Core) that connects External L3 network(s)
to the SDA Fabric
Identity
Services
Intermediate
Nodes (Underlay)
Fabric Border
Nodes
Fabric Edge
Nodes
§ DNA Controller – Enterprise SDN Controller
(e.g. DNA Center) provides GUI management
and abstraction via Apps that share context
DNA
Controller
§ Analytics Engine – External Data Collector(s)
(e.g. NDP) are leveraged to analyze Endpoint
to App flows and monitor fabric status
Analytics
Engine
C
Control-Plane
Nodes
B
Что такое SD-Access?
Основные понятия и терминология
B
§ Fabric Wireless Controller – A Fabric device
(WLC) that connects Wireless Endpoints to
the SDA Fabric
8
Fabric Wireless
Controller
Campus
Fabric
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Зачем нам Software Defined Access?
Is your Campus Network facing some, or all, of these challenges?
• Host Mobility (w/o stretching VLANs)
• Network Segmentation (w/o implementing MPLS)
• Role-based Access Control (w/o end-to-end TrustSec)
• Common Policy for Wired and Wireless (w/o using multiple tools)
• Consistency Across Campus, WAN and Branch (w/o using multiple tools)
With DNA SD-Access, you can overcome these challenges and provide your
organization with the infrastructure required to meet your business objectives.
Come to this session to get a look into the DNA SD-Access architecture,
including a closer look at each of the technologies that bring this to life! J
9 9
Как устроен
Cisco DNA-Center?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA-Center
DNA	Automation	
App	Policy	Infra	Controller	– EN	Module
Cisco	ISE	2.3
Identity	Services	Engine
DNA	Assurance
Network	Data	Platform
Cisco	Switches	|	Cisco	Routers	|	Cisco	Wireless
GUI
AAA
RADIUS
EAPoL
HTTPS
NetFlow
Syslogs
NETCONF
SNMP
SSH
API API
API
API
API
SDA	Fabric
Автоматизация и аналитика DNA
Архитектура
Design |	Provision |	Policy |	Assurance
11
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Автоматизация полного цикла
DNA Center
DNA
Assurance
DNA
Automation
Streaming telemetry
& network data
Network and telemetry
configuration
Telemetry, alerts,
violations
Network inventory,
topology, and
configuration
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Интеграция ISE и DNA Center
Автоматизация политик и контроля доступа
Campus Fabric
Authentication
Authorization
Policies
Fabric
Management
Policy
Authoring
Workflows
Groups and
Policies
PxGrid
REST APIs
Cisco Identity Services Engine
Cisco DNA Center
13
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Корреляция и машинное обучение
0I000I
II0I0II
00I
0II0
0I0I00
I0II
II0I000
0I000I
II00
I0I0
0I0000
0II0
0II
IIII00I
0I0
00I
II0I
I0II00I
00II0I0I
I000III
I00I
00II
Ingest Network & Contextual Telemetry
0I000I
II0I0II
00I
0II0
0I0I00
I0II
II0I000
0I000I
II00
I0I0
0I0000
0II0
0II
IIII00I
0I0
00I
II0I
I0II00I
00II0I0I
I000III
I00I
00II
0I000I
II0I0II
00I
0II0
0I0I00
I0II
II0I000
0I000I
II00
I0I0
0I0000
0II0
0II
IIII00I
0I0
00I
II0I
I0II00I
00II0I0I
I000III
I00I
00II
0I000I
II0I0II
00I
0II0
0I0I00
I0II
II0I000
0I000I
II00
I0I0
0I0000
0II0
0II
IIII00I
0I0
00I
II0I
I0II00I
00II0I0I
I000III
I00I
00II
Process and Analyze Streams of Data
Complex Event
Processing
• Data cleaning
• Feature creation
• Data
normalization &
enrichment
• Baselining &
trending
• Relationship
modeling
• Behavior
analysis
• Anomaly
detection
• Pattern
recognition
Machine Learning
• Event clustering
& correlation
• Prediction
• Natural language
processing
• Recommendation
Data Processing
Phase 1 Phase 2 Phase 3
Visualize and Act
Real-time visibility
One click (drill down)
root cause analysis
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Анализ состояния каждого клиента сети
Summary: Is the client connected and is the link connection good?
Wired Client
Health
Connected
Onboarding
Throughput
issues
Authenticated, IP
• Link Error
• Yes/No
Port Up/down • Yes/No
Key Services • DNS reachable
BRKCRS-2814 15
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Потоковая телеметрия
NETCONF RESTconf GNMI
Device features
Interface
BG
P
QoS ACL …
SNMP
YANG data model
Open Native Open Native
Configuration Operational
Physical and virtual network infrastructure
Programmable
Interfaces
Публикация
• Periodic or on change
• Structured data
• Priority subscriptions
• Customized to recipient
• XML or JSON encoding
• NETCONF or HTTP/2 transport
• Increased scale
• Reduced CPU and
bandwidth consumption
Подписка
With streaming telemetry (FCS in July in the 16.6 train) we will support
collection of many KPIs as close as possible to real time
Расширенная телеметрия там и тогда, когда это требуется
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Сбор контекстной информации – ISE
Telemetry
SGT applied to port
Policy Enforcement Status
SGT Counters
Device level enforcement and changes Access policy application and changes Identity and end user information
pxGrid
SGT bindings, Group based policies
Access Policy Push
Notification of end user authentication and authorization (positive/negative)
Notification on group-based policy being downloaded by devices
End user identity and context
End to End visibility
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Сбор контекстной информации – IPAM
Grid Publish
Grid Subscribe
Infoblox
General Information:
- Pool Name or ID
- Pool State (Enabled / Disabled)
General Stats (per pool and per client device):
- Any latency values
- # Discovers
- # Offers
- # Requests
- # ACKS
- # Declines
- # NAKs
RESTful API, SNMP
Per Pool:
- Network Block
- Start / End Address
- Lease Time
- Addresses Assigned
- Options Assigned
pxGrid
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Простота использования : Пример 1
Главная страница – какие главные проблемы наблюдаются в вашей сети?
Landing page tells you:
Where in the world
the most serious
issues are happening
Overall health of
your network, clients,
and applications
Your top 10 issues
and trends
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Variety
Velocity
Volume
Veracity
Live end-to-end visibility brings
together multiple data sources at
high volumes and speeds
Reliable scoring to assess
client health in real-time
Incorporation of diverse
network data types
Accurate alerting for fast root
cause analysis
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Простота использования : Пример 3
Мгновенное обнаружение причин проблем с SDA-фабрикой и/или политиками CTS
Quick visual of the fabric overlay tells you
where you might have issues
Assurance-enabled path trace tells you
where policies are failing
1 2
Как выглядит жизненный
цикл сети с DNA-Center?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center - Design
Setup Management & Underlay Reachability
1
1. Setup Sites, Buildings & Floors
• Organize your Regions, Cities & Buildings
• Import floorplans in CAD, PNG or JPG
• Virtual layout of Routers, Switches & APs
2. Setup Global & Site-Specific Settings
• Establish a common set of Global Servers
• Each Site inherits settings from level above
• Override Global settings with Site-Specific
3. Setup IP Address Pools or IPAM
• IP Address Management uses Site hierarchy
• Add or modify IP Pools manually
• You can also import from IPAM tools via APIs
4. Setup Wireless SSID Settings
• Manage Fabric Wireless WLANs per Site
• Associate the SSIDs with IP Pools
• Automated setup of the WLC & APs via APIs
23
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center - Policy
Setup VNs & EIGs and Policies
1. Setup Virtual Networks
• Add Scalable Groups to a Virtual Network
• A “Default” Virtual Network created automatically
• Option to add / remove new Virtual Networks
• Enables VN ID on SDA enabled Devices*
2. Setup Scalable Groups
• Option to import Groups from ISE (or AD)
• Option to create Groups via Static Mapping
• Enables SGT ID on SDA enabled Devices*
3. Manage Group Policies
• Groups provide native SGT based segmentation
• Intra-VN policies set to Default Permit or Deny
• Create simple To / From Group-Based Policies
4. Manage VN Policies *
• VNs provide native VRF network segmentation
• Inter-VN policies mapped to Firewall instances*
* External Connect requires manual configuration. Automation planned for a later release. 24
2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center - Provision
Setup Overlay Control & Data-Plane
1. Setup Fabric Domains
• Add Devices to one of the configured Sites
• A “Default” Fabric Domain created automatically
• Option to add / remove new Fabric Domains
2. Add Devices & Assign Roles
• Add SDA capable Devices to the Fabric Domain
• Designate 1+ Devices as Border and Control
• All other Devices are configured as an Edge
3. Setup Host Onboarding
• Add various IP Pools to the Fabric Domain
• Designate IP Pools for Wired or Wireless
• Define the Host Authentication and options
• Option to Static Assignment of Pools to Ports
4. Advanced Settings
• (Optional) Enable Multicast in the Fabric Domain
25
3
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center - Assurance
Real-Time Data-Collection & Event Correlation
1. Assurance Dashboard
• Network Health Scores (based on 360 Views)
• Graphical status view of Health and Alarms
• Track common Network Issues & Trends
• Universal search for elements of the Network
2. Device 360 Views
• Summary and Real-time Device statistics
• Track Issues and Trends of each Device
• View connected Neighbors, Clients & Apps
3. Client 360 Views
• Summary and Real-time Client statistics
• Track Issues and Trends of each Client
• Initiate Pathtrace per Client Application
4. Application 360 Views
• Summary and Real-time App statistics
• Track Issues and Trends of each App
4
26
Как насчет демонстрации?
А как же
Cisco Enterprise NFV?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ранее для ENFV нужны были 3 системы…
© 2017 Cisco and/or its affiliates. All rights reserved. 29
WAN
SN,IPforhost
Office
IP
NFVIS
IPS
WAAS
vSwitch
ProfiletoSN
mapping
Provisioning
Provisioning
• ESA, PI и APIC-EM совместно работают при запуске филиала
APIC-EM / Prime Infrastructure PnP
Day 0/1 config
repository
REST
Enterprise Services Automation (ESA)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
…теперь достаточно одной – DNA-Center
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
…в том числе и для Enterprise NFV
Подводя итог…
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Возможности DNA Center = Подписка DNA Software
Cisco ONE
Suites or Ala
Carte Model
ADVANTAGEESSENTIALS
Full L3, Segmentation,
Software Defined Access,
ETA & Assurance
Layer 2, Routed Access,
Base Automation and
Monitoring
Ongoing
Innovation
License
Portability
Software Support
Included
OpEx
Preference
Lower
Entry Costs
Available for Current Catalyst 3K, 4K, 6K and Next Generation Catalyst 9K Series
Cisco ONE Suite – Essentials Includes ISE Base
33
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network/OS License
DNA Center, ISE, StealthWatch
Switches, Access Points, Routers
DNA License
ISE Base & Plus & StealthWatch
Что Вам понадобится:
Упрощенный вид
DNA Center
Console
ISE
Console
Сеть
Сервер
ПО
Включено в
Cisco ONE Advantage
Поставляется с
устройством
Спасибо! Вопросы?

More Related Content

What's hot

What's hot (20)

Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 -  Security Through The Eyes of a HackerCisco Connect Toronto 2017 -  Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Cisco Connect Ottawa 2018 data center - protecting your data with Cisco hyp...
Cisco Connect Ottawa 2018   data center - protecting your data with Cisco hyp...Cisco Connect Ottawa 2018   data center - protecting your data with Cisco hyp...
Cisco Connect Ottawa 2018 data center - protecting your data with Cisco hyp...
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
 
100%-ный контроль для 100%-ной безопасности
100%-ный контроль для 100%-ной безопасности100%-ный контроль для 100%-ной безопасности
100%-ный контроль для 100%-ной безопасности
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018   putting firepower into the next generation fire...Cisco connect winnipeg 2018   putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
 
Presentation asa 5585-x next generation multi-service adaptive security app...
Presentation   asa 5585-x next generation multi-service adaptive security app...Presentation   asa 5585-x next generation multi-service adaptive security app...
Presentation asa 5585-x next generation multi-service adaptive security app...
 
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
Cisco Connect Vancouver 2017 - Cisco's Digital Network Architecture - deeper ...
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018   Putting firepower into the next generation firewallCisco Connect Halifax 2018   Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
 

Similar to Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco

Similar to Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco (20)

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 Cisco Connect 2018 Philippines - software-defined access-a transformational ... Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 
Cisco Software Defined Access - новая архитектура для корпоративных кампусных...
Cisco Software Defined Access - новая архитектура для корпоративных кампусных...Cisco Software Defined Access - новая архитектура для корпоративных кампусных...
Cisco Software Defined Access - новая архитектура для корпоративных кампусных...
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
 
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018   Cisco dna - deeper diveCisco Connect Halifax 2018   Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 
Cisco Connect 2018 Singapore - Cisco Software Defined Access
Cisco Connect 2018 Singapore - Cisco Software Defined AccessCisco Connect 2018 Singapore - Cisco Software Defined Access
Cisco Connect 2018 Singapore - Cisco Software Defined Access
 
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dc
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise:  APIC Enterprise Module SDN in the Enterprise:  APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018   introducing the network intuitiveCisco connect winnipeg 2018   introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitive
 
Brkaci 1090
Brkaci 1090Brkaci 1090
Brkaci 1090
 

More from Cisco Russia

More from Cisco Russia (20)

Service portfolio 18
Service portfolio 18Service portfolio 18
Service portfolio 18
 
История одного взлома. Как решения Cisco могли бы предотвратить его?
История одного взлома. Как решения Cisco могли бы предотвратить его?История одного взлома. Как решения Cisco могли бы предотвратить его?
История одного взлома. Как решения Cisco могли бы предотвратить его?
 
Об оценке соответствия средств защиты информации
Об оценке соответствия средств защиты информацииОб оценке соответствия средств защиты информации
Об оценке соответствия средств защиты информации
 
Обзор Сервисных Услуг Cisco в России и странах СНГ.
Обзор Сервисных Услуг Cisco в России и странах СНГ.Обзор Сервисных Услуг Cisco в России и странах СНГ.
Обзор Сервисных Услуг Cisco в России и странах СНГ.
 
Клиентские контракты на техническую поддержку Cisco Smart Net Total Care
Клиентские контракты на техническую поддержку Cisco Smart Net Total CareКлиентские контракты на техническую поддержку Cisco Smart Net Total Care
Клиентские контракты на техническую поддержку Cisco Smart Net Total Care
 
Cisco Catalyst 9000 series
Cisco Catalyst 9000 series Cisco Catalyst 9000 series
Cisco Catalyst 9000 series
 
Cisco Catalyst 9500
Cisco Catalyst 9500Cisco Catalyst 9500
Cisco Catalyst 9500
 
Cisco Catalyst 9400
Cisco Catalyst 9400Cisco Catalyst 9400
Cisco Catalyst 9400
 
Cisco Umbrella
Cisco UmbrellaCisco Umbrella
Cisco Umbrella
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
 
Cisco FirePower
Cisco FirePowerCisco FirePower
Cisco FirePower
 
Профессиональные услуги Cisco для Software-Defined Access
Профессиональные услуги Cisco для Software-Defined AccessПрофессиональные услуги Cisco для Software-Defined Access
Профессиональные услуги Cisco для Software-Defined Access
 
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...
 
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отрасли
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отраслиПромышленный Интернет вещей: опыт и результаты применения в нефтегазовой отрасли
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отрасли
 
Полугодовой отчет Cisco по информационной безопасности за 2017 год
Полугодовой отчет Cisco по информационной безопасности за 2017 год Полугодовой отчет Cisco по информационной безопасности за 2017 год
Полугодовой отчет Cisco по информационной безопасности за 2017 год
 
Годовой отчет Cisco по кибербезопасности за 2017 год
Годовой отчет Cisco по кибербезопасности за 2017 годГодовой отчет Cisco по кибербезопасности за 2017 год
Годовой отчет Cisco по кибербезопасности за 2017 год
 
Безопасность для цифровой экономики. Развитие продуктов и решений Cisco
Безопасность для цифровой экономики. Развитие продуктов и решений CiscoБезопасность для цифровой экономики. Развитие продуктов и решений Cisco
Безопасность для цифровой экономики. Развитие продуктов и решений Cisco
 
Cisco StealthWatch. Использование телеметрии для решения проблемы зашифрованн...
Cisco StealthWatch. Использование телеметрии для решения проблемы зашифрованн...Cisco StealthWatch. Использование телеметрии для решения проблемы зашифрованн...
Cisco StealthWatch. Использование телеметрии для решения проблемы зашифрованн...
 
Обеспечение бесперебойной работы корпоративных приложений в больших гетероген...
Обеспечение бесперебойной работы корпоративных приложений в больших гетероген...Обеспечение бесперебойной работы корпоративных приложений в больших гетероген...
Обеспечение бесперебойной работы корпоративных приложений в больших гетероген...
 
Новое поколение серверов Сisco UCS. Гиперконвергентное решении Cisco HyperFle...
Новое поколение серверов Сisco UCS. Гиперконвергентное решении Cisco HyperFle...Новое поколение серверов Сisco UCS. Гиперконвергентное решении Cisco HyperFle...
Новое поколение серверов Сisco UCS. Гиперконвергентное решении Cisco HyperFle...
 

Recently uploaded

CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 

Recently uploaded (20)

Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 

Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco

  • 1. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public The image part with relationship ID rId2 was not found in the file. The image part with relationship ID rId2 was not found in the file. Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автоматизации и аналитики в корпоративных сетях Cisco. Денис Коденцев Инженер-консультант, CCIE
  • 2. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center • Инновационное решение для внедрения и управления корпоративной сетью и сетевыми сервисами DNA Assurance & Analytics • Анализ и проактивное обнаружение проблем Software-Defined Access • Универсальная сетевая фабрика с динамической микросегментацией Enhanced Network as a Sensor • Обнаружение вредоносного ПО в зашифрованном обмене (без расшифровки) Коммутаторы Catalyst 9000 • Первые специально созданные в рамках DNA коммутаторыЛицензирование с поддержкой подписки | Дополнительные сервисы от Cisco Новая эра сетей Cisco – анонс 20 июня 2017
  • 3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Рост трафика в 10x* к 2019 ИТ службы вынуждены поддерживать больше подключенных устройств (как пользовательских, так и других – IoT как пример) ИТ службы вынуждены работать с бОльшим числом уязвимостей и угроз безопасности Почему компании тратят настолько много? $60B Тратится на эксплуатацию сетевой инфраструктуры в год во всем мире (зарплата, инструментальные средства) *
  • 4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Корпоративные сети сегодня – сложные … Работа с различными сетями Работа с множеством разных политик - LAN, WLAN, WAN, ЦОД Масштабирование увеличивает сложность эксплуатации Управление множеством VLAN VLAN 1 VLAN 2 VLAN 3 WAN Branch A VLAN A Branch A VLAN B Remote VLAN B HQ 4
  • 5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Automation Abstraction & Policy Control from Core to Edge Open & Programmable | Standards-Based Open APIs | Developers Environment Cloud Service Management Policy | Orchestration Virtualization Physical & Virtual Infrastructure | App Hosting Analytics Network Data, Contextual Insights Network-enabled Applications Cloud-enabled | Software-delivered Principles Cisco Digital Network Architecture DNA Overview SD-A, SD-WAN & ENFV DNA Center 5 Insights & Experiences Automation & Assurance Security & Compliance
  • 6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center единый интерфейс для автоматизации и аналитики APIC-EM Network Data PlatformIdentity Services Engine Routers Switches Wireless APs DNA Center DESIGN PROVISION POLICY ASSURANCE DNA Center Simple Workflows Wireless Controllers
  • 8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public ISE § Control-Plane Nodes – Map System that manages Endpoint to Device relationships § Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric § Identity Services – External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition § Fabric Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Identity Services Intermediate Nodes (Underlay) Fabric Border Nodes Fabric Edge Nodes § DNA Controller – Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context DNA Controller § Analytics Engine – External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status Analytics Engine C Control-Plane Nodes B Что такое SD-Access? Основные понятия и терминология B § Fabric Wireless Controller – A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric 8 Fabric Wireless Controller Campus Fabric
  • 9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Зачем нам Software Defined Access? Is your Campus Network facing some, or all, of these challenges? • Host Mobility (w/o stretching VLANs) • Network Segmentation (w/o implementing MPLS) • Role-based Access Control (w/o end-to-end TrustSec) • Common Policy for Wired and Wireless (w/o using multiple tools) • Consistency Across Campus, WAN and Branch (w/o using multiple tools) With DNA SD-Access, you can overcome these challenges and provide your organization with the infrastructure required to meet your business objectives. Come to this session to get a look into the DNA SD-Access architecture, including a closer look at each of the technologies that bring this to life! J 9 9
  • 11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA-Center DNA Automation App Policy Infra Controller – EN Module Cisco ISE 2.3 Identity Services Engine DNA Assurance Network Data Platform Cisco Switches | Cisco Routers | Cisco Wireless GUI AAA RADIUS EAPoL HTTPS NetFlow Syslogs NETCONF SNMP SSH API API API API API SDA Fabric Автоматизация и аналитика DNA Архитектура Design | Provision | Policy | Assurance 11
  • 12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Автоматизация полного цикла DNA Center DNA Assurance DNA Automation Streaming telemetry & network data Network and telemetry configuration Telemetry, alerts, violations Network inventory, topology, and configuration
  • 13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Интеграция ISE и DNA Center Автоматизация политик и контроля доступа Campus Fabric Authentication Authorization Policies Fabric Management Policy Authoring Workflows Groups and Policies PxGrid REST APIs Cisco Identity Services Engine Cisco DNA Center 13
  • 14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Корреляция и машинное обучение 0I000I II0I0II 00I 0II0 0I0I00 I0II II0I000 0I000I II00 I0I0 0I0000 0II0 0II IIII00I 0I0 00I II0I I0II00I 00II0I0I I000III I00I 00II Ingest Network & Contextual Telemetry 0I000I II0I0II 00I 0II0 0I0I00 I0II II0I000 0I000I II00 I0I0 0I0000 0II0 0II IIII00I 0I0 00I II0I I0II00I 00II0I0I I000III I00I 00II 0I000I II0I0II 00I 0II0 0I0I00 I0II II0I000 0I000I II00 I0I0 0I0000 0II0 0II IIII00I 0I0 00I II0I I0II00I 00II0I0I I000III I00I 00II 0I000I II0I0II 00I 0II0 0I0I00 I0II II0I000 0I000I II00 I0I0 0I0000 0II0 0II IIII00I 0I0 00I II0I I0II00I 00II0I0I I000III I00I 00II Process and Analyze Streams of Data Complex Event Processing • Data cleaning • Feature creation • Data normalization & enrichment • Baselining & trending • Relationship modeling • Behavior analysis • Anomaly detection • Pattern recognition Machine Learning • Event clustering & correlation • Prediction • Natural language processing • Recommendation Data Processing Phase 1 Phase 2 Phase 3 Visualize and Act Real-time visibility One click (drill down) root cause analysis
  • 15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Анализ состояния каждого клиента сети Summary: Is the client connected and is the link connection good? Wired Client Health Connected Onboarding Throughput issues Authenticated, IP • Link Error • Yes/No Port Up/down • Yes/No Key Services • DNS reachable BRKCRS-2814 15
  • 16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Потоковая телеметрия NETCONF RESTconf GNMI Device features Interface BG P QoS ACL … SNMP YANG data model Open Native Open Native Configuration Operational Physical and virtual network infrastructure Programmable Interfaces Публикация • Periodic or on change • Structured data • Priority subscriptions • Customized to recipient • XML or JSON encoding • NETCONF or HTTP/2 transport • Increased scale • Reduced CPU and bandwidth consumption Подписка With streaming telemetry (FCS in July in the 16.6 train) we will support collection of many KPIs as close as possible to real time Расширенная телеметрия там и тогда, когда это требуется
  • 17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Сбор контекстной информации – ISE Telemetry SGT applied to port Policy Enforcement Status SGT Counters Device level enforcement and changes Access policy application and changes Identity and end user information pxGrid SGT bindings, Group based policies Access Policy Push Notification of end user authentication and authorization (positive/negative) Notification on group-based policy being downloaded by devices End user identity and context End to End visibility
  • 18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Сбор контекстной информации – IPAM Grid Publish Grid Subscribe Infoblox General Information: - Pool Name or ID - Pool State (Enabled / Disabled) General Stats (per pool and per client device): - Any latency values - # Discovers - # Offers - # Requests - # ACKS - # Declines - # NAKs RESTful API, SNMP Per Pool: - Network Block - Start / End Address - Lease Time - Addresses Assigned - Options Assigned pxGrid
  • 19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Простота использования : Пример 1 Главная страница – какие главные проблемы наблюдаются в вашей сети? Landing page tells you: Where in the world the most serious issues are happening Overall health of your network, clients, and applications Your top 10 issues and trends
  • 20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Variety Velocity Volume Veracity Live end-to-end visibility brings together multiple data sources at high volumes and speeds Reliable scoring to assess client health in real-time Incorporation of diverse network data types Accurate alerting for fast root cause analysis
  • 21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Простота использования : Пример 3 Мгновенное обнаружение причин проблем с SDA-фабрикой и/или политиками CTS Quick visual of the fabric overlay tells you where you might have issues Assurance-enabled path trace tells you where policies are failing 1 2
  • 23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center - Design Setup Management & Underlay Reachability 1 1. Setup Sites, Buildings & Floors • Organize your Regions, Cities & Buildings • Import floorplans in CAD, PNG or JPG • Virtual layout of Routers, Switches & APs 2. Setup Global & Site-Specific Settings • Establish a common set of Global Servers • Each Site inherits settings from level above • Override Global settings with Site-Specific 3. Setup IP Address Pools or IPAM • IP Address Management uses Site hierarchy • Add or modify IP Pools manually • You can also import from IPAM tools via APIs 4. Setup Wireless SSID Settings • Manage Fabric Wireless WLANs per Site • Associate the SSIDs with IP Pools • Automated setup of the WLC & APs via APIs 23
  • 24. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center - Policy Setup VNs & EIGs and Policies 1. Setup Virtual Networks • Add Scalable Groups to a Virtual Network • A “Default” Virtual Network created automatically • Option to add / remove new Virtual Networks • Enables VN ID on SDA enabled Devices* 2. Setup Scalable Groups • Option to import Groups from ISE (or AD) • Option to create Groups via Static Mapping • Enables SGT ID on SDA enabled Devices* 3. Manage Group Policies • Groups provide native SGT based segmentation • Intra-VN policies set to Default Permit or Deny • Create simple To / From Group-Based Policies 4. Manage VN Policies * • VNs provide native VRF network segmentation • Inter-VN policies mapped to Firewall instances* * External Connect requires manual configuration. Automation planned for a later release. 24 2
  • 25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center - Provision Setup Overlay Control & Data-Plane 1. Setup Fabric Domains • Add Devices to one of the configured Sites • A “Default” Fabric Domain created automatically • Option to add / remove new Fabric Domains 2. Add Devices & Assign Roles • Add SDA capable Devices to the Fabric Domain • Designate 1+ Devices as Border and Control • All other Devices are configured as an Edge 3. Setup Host Onboarding • Add various IP Pools to the Fabric Domain • Designate IP Pools for Wired or Wireless • Define the Host Authentication and options • Option to Static Assignment of Pools to Ports 4. Advanced Settings • (Optional) Enable Multicast in the Fabric Domain 25 3
  • 26. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public DNA Center - Assurance Real-Time Data-Collection & Event Correlation 1. Assurance Dashboard • Network Health Scores (based on 360 Views) • Graphical status view of Health and Alarms • Track common Network Issues & Trends • Universal search for elements of the Network 2. Device 360 Views • Summary and Real-time Device statistics • Track Issues and Trends of each Device • View connected Neighbors, Clients & Apps 3. Client 360 Views • Summary and Real-time Client statistics • Track Issues and Trends of each Client • Initiate Pathtrace per Client Application 4. Application 360 Views • Summary and Real-time App statistics • Track Issues and Trends of each App 4 26
  • 28. А как же Cisco Enterprise NFV?
  • 29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Ранее для ENFV нужны были 3 системы… © 2017 Cisco and/or its affiliates. All rights reserved. 29 WAN SN,IPforhost Office IP NFVIS IPS WAAS vSwitch ProfiletoSN mapping Provisioning Provisioning • ESA, PI и APIC-EM совместно работают при запуске филиала APIC-EM / Prime Infrastructure PnP Day 0/1 config repository REST Enterprise Services Automation (ESA)
  • 30. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public …теперь достаточно одной – DNA-Center
  • 31. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public …в том числе и для Enterprise NFV
  • 33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Возможности DNA Center = Подписка DNA Software Cisco ONE Suites or Ala Carte Model ADVANTAGEESSENTIALS Full L3, Segmentation, Software Defined Access, ETA & Assurance Layer 2, Routed Access, Base Automation and Monitoring Ongoing Innovation License Portability Software Support Included OpEx Preference Lower Entry Costs Available for Current Catalyst 3K, 4K, 6K and Next Generation Catalyst 9K Series Cisco ONE Suite – Essentials Includes ISE Base 33
  • 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Network/OS License DNA Center, ISE, StealthWatch Switches, Access Points, Routers DNA License ISE Base & Plus & StealthWatch Что Вам понадобится: Упрощенный вид DNA Center Console ISE Console Сеть Сервер ПО Включено в Cisco ONE Advantage Поставляется с устройством