The Network. Intuitive - Netteam A/S · Silver-level QOS for Patients but Best Effort QOS for Visitors Location-awareness and usage statistics Any subnet anywhere for IP mobility

René Andersen System Engineer

November 22, 2017

DNA, ETA, SDA, C9K. NETTEAM Event

The Network. Intuitive

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Cisco DK

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKDCN-2489 2

Cisco Digital Network Architecture (DNA)

LOWER RiskREDUCE

Cost & ComplexityInnovate FASTER

New Requirements for the Digital Age

Insights &Actions

Security & Compliance

Automation& Assurance

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Challenge for Enterprise IT - Doing more with Less

Spent of

Network

Operations

$60B

Resources

Data growth

Connected devices

Threat surface areas

Organizations

intend to be

digital-ready

within 2 years

3xmore

An evolved world needs a network evolved.


I have Security regulations to follow, yet I can’t report on

Compliance and Risk are greater than ever

Network Manager

I want to Simplify deployments and Automate some functions, but don’t trust the network to do it by itself

Network Operations

I want to provide Assurance to my users that I can

Accelerate time to resolution of problems and prevent problems on the network before they start

Network Manager

I need to Replace or Augment my existing Infrastructurewhile maintaining investment in tools and training

Security Operations

Customer RequirementsBuying and Solution Relevancy Triggers


New

Announcements

See and Act on All ThreatsEncrypted Traffic Analytics(Sept 2017)

Cisco DNA Center(Jul 2017)

Assurance with Network Data Platform(Nov 2017)

Catalyst 9000 Portfolio with Programmable ASICs

9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)

Networking at the Speed of Software

Software-Defined Access (For existing and next-gen infrastructure) (Aug2017)

C97-739094-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.

Hardware centric

Manual

Fragmented security

Network data

Cisco is rewriting the network playbook

Built-in security

Automated

Software driven

Business insights

Traditional network The Network. Intuitive.


Business outcomesPowered by Cisco DNA™The new network

Only Cisco DNA delivers such a transformative network

Built-in security

Automated

Software driven

Business insights

Reduce risk

Save money

Make moneySecurity built-in

Cloud Service Management

Virtualization

Automation Analytics


Automation

Abstraction & Policy Control from Core to Edge

Open & Programmable | Standards-Based

Open APIs | Developers Environment

Cloud Service ManagementPolicy | Orchestration

Virtualization

Physical & Virtual Infrastructure | App Hosting

Analytics

Network Data, Contextual Insights

Network-enabled Applications

Cloud-enabled | Software-delivered

Principles

8

Cisco Digital Network ArchitectureDNA Overview

Networks Phys/Virtual

DNA CenterAPIC-EM + ISE + NDP

Insights & Experiences

Automation& Assurance

Security & Compliance

111011011000001

000111100111101

001000100001

Catalyst

9000 Switch

Stealthwatch

NetFlow with

enhanced

telemetry

Machine

learning

Spot malware in

encrypted traffic

DNA-Center

Cognitive Threat

Analytics

Automated policy

enforcement for

segmentation

Act on Encrypted Threats for Wired and Wireless

1. Source : Identifying Encrypted Malware Traffic

with Contextual Flow Data, Oct 2016

2. Making Digital Transformation Real, IDC

2017

84% of breached health records in 2016 resulted from hacking incidents2

Threat Detection

Accuracy1

False Positives*

http://dl.acm.org/citation.cfm?id=2996768


Intent-based Network Infrastructure

DNA Center

AnalyticsPolicy Automation

The Network. Intuitive.Constantly learning, adapting and protecting.


Key Challenges for Traditional Networks

Slower Issue ResolutionComplex to ManageDifficult to Segment

Ever increasing number of users

and endpoint types

Ever increasing number of

VLANs and IP Subnets

Multiple steps,

user credentials, complex

interactions

Multiple touch-points

Separate user policies for

wired and wireless networks

Unable to find users

when troubleshooting

Traditional Networks Cannot Keep Up!

Enterprise IT Today

VLAN Based

HQ

Wired Wireless Badges

VLAN 1 VLAN 2 VLAN 3

Remote

VLAN C

Branch A

WAN

VLAN A

Lighting

BMS

| Disparate Networks | Complex Provisioning | Not Scalable

Branch B

VLAN B

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

DNA SolutionCisco Enterprise Portfolio

APIC-EM Network Data PlatformIdentity Services Engine

Routers Switches Wireless APs

DNA Center

DESIGN POLICY PROVISION ASSURANCE

DNA Center

Simple Workflows

Wireless Controllers


Software-Defined Access

Insights & Telemetry

Automated Network Fabric

Identity-based Policy & Segmentation

Decoupled security policy definition

from VLAN and IP Address to

enable rapid

policy updates

Automation across wired and

wireless for optimized traffic flows,

and workflow-based management

to provide consistency at scale

Analytics and insights into

user and application behavior for

proactive issue identification

and resolution

Networking at the Speed of Software!

Digital IT of the Future: Logical Virtual Network

Lighting

BMS

WAN

Branch B

Remote

Branch AHQ

Agile Fabric Services

Collaboration SecurityAnalytics

Users & Devices

Building Devices

Private & Public

Cloud Resources


Secure Segmentation and Profiling for HealthcareSecure On-boarding of Users and Devices

Before SD-Access After SD-Access

Static Medical

Imaging Devices

Manual IP-based

ACLs for access

policy

Deal with policy

violations and errors

manually

Enable Mobile

Clinical Devices

Mitigate medical

device

vulnerabilities by

providing context-

aware access

control

Policy and access

control follow

identity of the

Device and User

Intuitive

Workflows

Users

Medical

Devices

Apps

Privileged Staff Virtual Network

Devices Virtual Network

Guest Virtual Network

Patients

Lights

Doctors

Visitors

Imaging

Nurses


Lab specific VLAN and

isolated to lab- ACL

Identity PSK for HealthcareGroup-based PSK

SSID

All devices have same PSK

and same access policy

Limited Data center

access with highest

QoS / AVC

Direct Access to

internet only

Key

Cisco123

Key

T36c0#$7

Key

S25c0#$3

Key

C15c0#$4HealthCare-PSK


Healthcare Segmentation Use-Cases

Lights ImagingPatients Visitors

Doctors Nurses

Privileged Access to

patient records

Gold-level Quality of

Service for video/voice

Selective Encryption

for certain confidential

traffic

Copy Policy for Audits

Very Limited Access to

Internet only

BYOD policy for

Visitors and Patients

Silver-level QOS for

Patients but Best Effort

QOS for Visitors

Location-awareness and

usage statistics

Any subnet anywhere for IP

mobility of medical devices

Multi-site Fabric for

redundancy of ERs and

OTs

Staff Partners

Limited Access to

databases

Silver-level Quality of

Service for video/voice

BYOD dependent on Org

priorities


Consistent wired and wireless managementA single network fabric

Before SDA After SDA

• Repeated policy work

for wired-wireless

• Roaming issues

across L3 domains

• Chase down IP

addresses for

troubleshooting

• Consistent

management across

wired-wireless

• Optimal traffic flows

with seamless

roaming

• Seamless roaming in

Fabric and non-Fabric

domains

Campus-Wide RoamingWired and Wireless

ConsistencySimplified Provisioning

Roam

is L2

Seamless

Roam

Policy stays

with user


Automate IoT Deployments at ScaleSubtended Node

Connected

Lighting

Employee

Network AEmployee

Network B

Before SDA After SDA

• Complex

segmentation of IoT

and user traffic

• Chase down IP

addresses for

troubleshooting

• Static endpoint

management

• Intuitive identity-

based segmentation

with device profiling

• Built-in visibility and

granular policy control

• Dynamic endpoint

management

Users, Device and IoTSegmentation

Policy based Automation

Purpose Built Switches for IoT

IP

Surveillance

Subtended Node


Dynamic Logical Topologies with Overlays (Stateless Tunnels)

Traffic for Wired and Wireless is carried inside Overlays

Policy Context is carried inline with Traffic

Network Fabric – Normalized Transport for Wired & WirelessSoftware-Defined Access

Underlay Network

Overlay Network

Encapsulation


First level Segmentation that ensures

zero Communication between Building

systems and Users

1

Virtual Networks

Second level Segmentation within a

Virtual Network that ensures role

based access control between Two

Groups

Groups

1

2

Identity-based Policy – Segmentation & Access ControlSoftware-Defined Access

IoT Virtual Network

Group 3

Employee Virtual Network

Group 1 Group 2

Routers Switches Wireless AP WLC

Group 4

Group 5

2

Default Permit

Custom Deny

Default Deny

Intelligent Policy

Simplified Network Wide

Intelligent Policy enforcement

Based on your Identity, not on your Address

Campus

Building 2

10.18.1.0/2410.17.1.0/24

EmployeeCampus

Building 1

ISE / AD NDP

C

BB

DNA

Center

APIC-EM

10.0.255.310.0.255.1

Prod Server5 SGT 8 SGT

CLASSIFICATION

Employee – SGT 5

Employee

App_Serv

Prod_Serv

App_Serv Prod_Serv

Permit All

Permit All Deny All

Permit AllDeny All

Deny All

So

urc

e

Destination

Egress Policy

#WWST #CISCOVT #CISCOSE

New in 1.1 - Border AutomationConfigure a Distributed Border node


“Easy QoS” - QoS in OverlaySDA Fabric - Applications

End to End PolicyCampus, Branch, WAN and DC Integration

AUTOMATIONAPIC-EM

POLICYIdentity Services

Engine (ISE)

ASSURANCENetwork Data

Platform (NDP)

DNA Center

Employee

Virtual Network

Group 1 Group 2

IoT

Virtual Network

Group 3 Group 4

Roam is L2

Seamless

Roam

Policy stays

with user

Firewall

SD - Access At a GlanceSoftware Architecture For The New Enterprise

Distributed Fabric

with consistent experience

across wired and wireless

Automatic

Integration for

critical servicesFABRIC ENABLES ANY

SERVICE OR POLICY ON

ANY PORT

Contextual Visibility and

Troubleshooting

Policy Mobility

with no Topology

Dependence


DNA Assurance Network Fabric Health Page


Proactive Issue Identification and Faster Issue ResolutionPowered by Network Data Platform

FIX

Fix real time issues and get

insight into historic trends and

errors

PREDICT

Predict Client and network

issues before they occur

Machine Learning

0100101100010111001

00101011001011000

InsightsInfrastructure Data

Crowd Sourcing

AnalyticsSensor Data

COLLECT

Rich network data including AAA,

DNS, DHCP, ISE, OS, NetFlow,

syslog, SNMP


New in 1.1 - Fabric Assurance Insights: SDA Use-Cases

Control Plane Data Plane Policy PlaneClient

Onboarding

Edge to Control Plane

Border to Control Plane

CP performance

Routing protocols

Border and Edge connectivity

Border node health

Edge node health

Device to Services (DHCP, DNS, AAA)

ISE connectivity

Border node policy

Edge node policy

Client / Device DHCP

Client Authentication

Client Authorization

Device

CPU, Memory

TCAM Tables

Modules

Temperature

Power (POE)

Clients

Applications

Services

Network Infrastructure


Policy

• Virtual Networks• ISE, AAA, Radius

• Endpoint Groups

• Group Policies

Assure

DNA CenterSD-Access 4 Step Workflow

Design

• Global Settings

• Site Profiles• DDI, SWIM, PNP

• User Access

Provision

• Fabric Domains• CP, Border, Edge

• FEW / OTT WLAN

• External Connect

Assurance

• Network Health

• 360o Views• FD, Device, Client

• Path Traces

Planning & Preparation

Installation & Integration

31

Assure Assure

Provision Assure


SD-Access SupportA single fabric for your digital ready network

WirelessRoutingSwitching

AIR-CT5520

AIR-CT8540

Wave 2 APs (1800, 2800,3800)

Wave 1 APs* (1700, 2700,3700)

Catalyst 9400

Catalyst 9300

Catalyst 9500

Catalyst 4500E Catalyst 6K Nexus 7700

Catalyst 3850 and 3650

AIR-CT3504

*with Caveats

**Future

NEW

NEW

NEWNEW

Subtended

Catalyst Digital Building

Catalyst 3560-CX

NEW

IE Switches** (2K/3K/4K/5K)

ASR-1000-X

ASR-1000-HX

ISR 4430

ISR 4450

ENCS 5400**

ISR 4351

ISR 4331

CSRv

Network

Provisioning Time

Savings

67%

Improve Issue

Resolution

80%

Reduced Security

Breach Impact

48%

Reduced Operating

Expense

61%

Shift IT Time to Business Focus


SD-Access Customer TestimonialsSD-Access Customer Testimonials

"Transportation is at a disruptive shift.

With SD-Access we can consolidate our

locations across the country with

consistent policy in one solid view.“

"SD-Access is transformational in how our

IT can securely and remotely provision

cruise ships around the world."

Michael Giresi, CIO, Royal Caribbean

Raja Ukil, CIO, WiproSebastian Meissner, Network Architect,

Deutsche Bahn Systel

"SD-Access’ segmentation & automation

capabilities drastically simplifies global IT

operations with complete visibility to deliver

new services quickly.“


"The Intel® Xeon® processor D family of

System on a Chip and the Cisco Catalyst

9000 switches push the edge of ‘what is

possible’ with the ecosystem for

containers and application hosting on a

common platform.“

"The Catalyst 9000 has exceeded NASA’s

mission-critical requirements for security

and segmentation...and at twice the

performance.“

Eric Latta, Solutions Architect, NASA

University of ViennaSandra Rivera, Sr. VP/GM, Network

Platforms Group, Intel

“The Catalyst 9000 with open Cisco IOS

XE simplifies operations dramatically and

helps IT create a secure learning

environment for our 10,000 employees

and nearly 100,000 students.”

SD-Access Customer Testimonials


Cisco Catalyst 9000 – Built for SD-Access

First in enterprise

• x86 CPU with app hosting

• Programmable ASIC

• Software patching

Future-Proofed

• IEEE 802.11ax ready

• 100W PoE (IEEE 802.3bt) ready

• 25G Ethernet ready

Industry’s unmatched

• High Availability

• MultiGigabit density

• UPOE scale

SD-Access

integrated

Converged

ASIC

Single Image

Common

Licensing

UADP 2.0

IOS® XE Software

Catalyst 9000 Series 9300 – Fixed Access, 9400 – Modular Access,

9500 – Fixed Core

Security IoT convergence CloudMobility

C97-738949-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Introducing Cisco Catalyst 9300New generation of fixed access

Modular

FansModular uplinks

8x10G 2x40G 4x mGig 4x1G

Modular power supplies

350W 715W 1100W

mGig UPOE

1G UPOE/PoE+

24 Ports

1G Data

48 Ports

* Not available at FCS

Cisco Catalyst 9000

leadership

UADP 2.0

Cisco IOS® XE Software

SD-Access

x86 CPU and containers

Encrypted Traffic Analytics

(ETA)*

AES256/MACSEC256*

Trustworthy systems

StackWise® Virtual*

IEEE1588 and AVB*

NBAR2

Perpetual/fast PoE

Model-driven programmability

Patching/GIR

Streaming telemetry*

2.5G at

the price

of 1G 40G

at the price

of 10G

Only

stackable

switch with

8x 10G

uplinks

Highest

2.5G/mgig

density in

the industry


Introducing Cisco Catalyst 9400New generation of modular access

4-Slot* 7-Slot 10-Slot

Supervisor• Sup-1: 80G/slot access optimized

• Sup-1XL*: 120G/slot core optimized

Access line cards

• 24xmGig + 24xUPOE*

• 48xUPOE

• 48xPoE+*

• 48xData

Core line cards• 24x 10G SFP+*

• 48x1G SFP*

• 24x1G SFP*

Power supply• 3200W AC

• 3200W DC*

• 2400W AC*

*Not available at FCS

Cisco Catalyst 9000

leadership

UADP 2.0

Cisco IOS® XE Software

SD-Access

x86 CPU and containers

Encrypted Traffic Analytics

AES256/MACSEC256*

Trustworthy systems

StackWise® Virtual*

IEEE1588 and AVB*

NBAR2

Perpetual PoE*

Model-driven programmability

Patching/GIR

Streaming telemetry*

Industry’s

highest PoE

scale

Redundancy

now

tablestake

9Tbps

system

b/w


Cisco Catalyst 9500 innovations and benefits

12Px40G 24Px40G 40Px10G + 8Px10G/2Px40G

Granular port densities to address all campus sizes

Depth: 21.8”

Height:1RU

Cisco IOS® Software 16.xSD-Access, MPLS AVB, WRED, NAT, PAT, NBAR2 StackWise® Virtual

High-scale control plane with 2.4GHz x86 CPU with 16 GB DDR4 memory

Internal storage: 16GBExternal storage: 1xUSB 2.0 (front), 1xUSB 3.0 (back)

Up to 2x 950W AC/DC PSU5 x fan trays

Up to 24 ports of QSFP

Nonblocking ports with 5.3MB (shared) packet buffer per portBuilt-in RFID

Extending Cisco

Catalyst 4500X

leadership in fixed

backbone

3x throughput

3x bandwidth

5x buffering

5x CPU speed

4x memory and flash

4x port speed

2.4x 10G port density


Cisco Catalyst 9000 platform transitions

Catalyst

9000

Series

Cisco®

Catalyst® 9400

Cisco Catalyst 9300 Cisco Catalyst 9500

Cisco Catalyst 3850 Copper Cisco Catalyst 4500-E Cisco Catalyst 4500XCisco Catalyst 3850 Fiber 48

Port

Access switching Backbone switching


Catalyst 9K Licensing Ties

DNA Advantage

includes

DNA Essentials

Software Suites for Business Outcomes


Introducing New Software Subscription Licensing

Cisco ONE Suites or Ala

Carte Model

ADVANTAGEESSENTIALS

Full L3, Segmentation,

Software Defined Access,

ETA & Assurance

Layer 2, Routed Access,

Base Automation and

Monitoring

Ongoing

Innovation

License Portability

Software Support

Included

OpExPreference

Lower Entry Costs

Available for Current Generation Catalyst 3K, 4K, 6K and Next Generation Catalyst 9K Series

Cisco ONE Suite – Essentials Includes ISE Base

What’s in each software package?

DNA Center

ISE

Stealthwatch

Encrypted Traffic Analytics (ETA)

Software Defined Access

Assurance

Base Automation & Monitoring

ISE Plus

ISE Base

Stealthwatch

Cisco ONE

Advantage

DNA

Advantage

DNA

Essentials

Cisco ONE A la Carte

Included

ISE Base & Plus

required

ISE Base

recommended

Capable (requires

additional purchase)

ISE Base

recommended

ISE Base & Plus

recommended*

Steathwatch required

* ISE Base & Plus required to troubleshoot network with user name search


Catalyst Support Model

Solution Support

-or-

Smart Net Total Care

- or -

Partner Support Service

*Includes NBD HW replacement + ELL-W provides 90 days of TAC access at business hours and lifetime Software Updates;

SNTC required for IP Services; E-LLW not supported on 4K or 6K

**Includes 24x7 TAC access, knowledge base access, software downloads for DNA only; TAC access for Perpetual stack will

require SNTC or Partner Support or Solution Support

TS Product Level Support

Hardware with Network Stack(Lan Lite, Lan Base, IP Lite, IP Base, IP

Services, Enterprise Services, Ad. IP Services, Ad. Enterprise Services)

AndNBD HW Repl. + E-LLW*

Catalyst 2K, 3K, 4K, 6K

DNA Essentials / Advantage

With Embedded Support**

Catalyst 9K

Hardware with Network Stack(Essentials / Advantage)

AndNBD HW Repl. + E-LLW*

DNA Essentials / Advantage

With Embedded Support**Embedded Support

Optional

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

DNA SolutionCisco Enterprise Portfolio

APIC-EM Network Data PlatformIdentity Services Engine

Routers Switches Wireless APs

DNA Center

DESIGN POLICY PROVISON ASSURANCE

DNA Center

Simple Workflows

Wireless Controllers

© 2017 Cisco Confidential - Internal Use Only

Introducing DNA Add-on Licenses for 3K, 4K, 6K

3650/3850 4500E 68002960X/XR/L

Essentials

Basic

Automation

Basic

Monitoring

Element

Management

Essentials

LAN Base

Basic

Automation

Basic

Monitoring

Element

Management

Advantage

Software-Defined

Access

Assurance &

Analytics

IP Base/ IP Services/

Enterprise ServicesLAN Base

4500X

© 2017 Cisco Confidential - Internal Use Only

Tilbud 1A DNA Center Essentiels licens pakke samt fuld Netflow (2960X vs 9300)

Part Number Description

Service

Duration

(Months)

Unit List Price in $

WS-C2960X-24PS-L Cisco Catalyst 2960X 24 Port PoE 4x1G Uplink LAN

Base --- 3.195,00Uden Stacking (Pris 1195$)

C2960X-DNA-E-24-3YC2960X DNA Essentials, 24-Port, 3 Year Term

License36 610,00

C1FACAT29003K9 C1 2960X Netflow license, Prime, ISE Base 25 36 1.100,00


Service

Duration

(Months)


C9300-24P-E Catalyst 9300 24-port PoE+, Network Essentials --- 5.510,00Med stacking

C9300-NM-4G Catalyst 9300 4 x 1GE Network Module --- 510,00

C9300-DNA-E-24-3YC9300 DNA Essentials, 24-Port, 3 Year Term

License36 610,00


Tilbud 1B DNA Center Essentiels licens pakke samt fuld Netflow (3650 vs 9300)


Service

Duration

(Months)


WS-C3650-24PS-S Cisco Catalyst 3650 24 Port PoE 4x1G Uplink IP

Base --- 5.200,00Uden Stacking (Pris 1650$)


License36 610,00


Service

Duration

(Months)


C9300-24P-E Catalyst 9300 24-port PoE+, Network Essentials --- 5.510,00Med stacking

C9300-NM-4G Catalyst 9300 4 x 1GE Network Module --- 510,00


License36 610,00


What to Do Next?

49

BRKDCN-2489

Get SD-Access Capable Devices

with C1 DNA Advantage OS License

Get DNA Center Appliances

with C1 DNA Advantage App License

Cisco Services can help you

to Test / Migrate / Deploy

Refresh your

Hardware and Software

Deploy the

DNA Center

SD-Access

Capable

Engage

Cisco Partner & Services

DNA

Center

Cisco

Services

Advisory

Implementation

Technical

Optimization Training

Managed


SD-Access Sales JourneyAlign to Customer Priorities

Qualify Discover Select Lead Sales Motion AdoptSet the Agenda

and Pilot

DNAC Assurance

DNA-Ready Infra Segmentation & Access

Control

SDA

DNAC Automation


Customers Software Defined Access Journey

Assurance

Software

Defined Access

AdvantageEssentials

Base Automation &

Monitoring

Basic Automation &

Monitoring

Assurance

Software

Defined

Access

PNP cloud &APIC-EM 1.6 Update

Cisco Plug and Play Connect (PnP Connect) General Availability

We are pleased to announce the general availability of Cisco Plug and Play Connect (PnP Connect)

Release 1.0. Cisco PnP Connect, a cloud based service, is a component of the Cisco Network Plug and Play

solution and provides automated discovery of an on-premise APIC-EM controller. Additionally, PnP Connect

enables configuration provisioning of devices directly through the cloud, without APIC-EM (beta feature

N-PnP Cloud Redirection Service

PnP-Agent APIC EM

Server

PnP-Agent

Where’s my PnP Server?

PnP Cloud

Redirection Service

Customer

Or Partner

APIC-EM IP

PnP Protocol

CISCO

CUSTOMERCisco Commerce Workspace

Supply-Chain

Customer DB

Customer Order

Smart

Account DB

Device SR# Device SR#

Download Image & Config

APIC-EM Registers IP Address w/ Cloud

APIC-EM EasyQoS App

EasyQoSApplication QoS

Wireless AP

Trust Boundary

PEP

4Q (WMM)

Catalyst 3650

Trust Boundary

PEP

2P6Q3T

Catalyst 4500

1P7Q1T

Catalyst 6500

1P3Q4T

1P7Q4T

2P6Q4T

…

Nexus 7700

F3: 1P7Q1T

WLC

PEP

ASR/ISRs

MQC

Catalyst 2960-X

Trust Boundary

PEP

1P3Q3T

Wireless AP

Trust Boundary

PEP

4Q (WMM)

EM

Applications can interact with APIC-EM via Northbound

APIs, informing the network of application-specific and

dynamic QoS requirements

Southbound APIs translate

business-intent to platform-

specific configurations

Network Operators express high-level

business-intent to APIC-EM EasyQoS

Custom BW Allocation per BW Class

Ability to select BW profile per policy scope

APIC-EM CAA – Life Cycle Management

APIC-EM 1.x PlatformCAA- Life Cycle Management

APIC-EM 1.x PlatformCAA- Life Cycle Management – Hardware EoL

HW End of Sale/End of Support Information


Customers Software Defined Access Journey

Assurance

Software

Defined Access

AdvantageEssentials

Base Automation &

Monitoring

Basic Automation &

Monitoring

Assurance

Software

Defined

Access

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64

Per Jensen

November 22, 2017

Enable secure and consistent network access

DEMO & Deepdive DNA-Center & Software-Defined Access

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

System Engineer Cisco DK

Documents

The Network. Intuitive - Netteam A/S · Silver-level QOS for Patients but Best Effort QOS for Visitors Location-awareness and usage statistics Any subnet anywhere for IP mobility