Why Should You Care About Cisco DNA? (An Engineer’s Perspective)
For years, we’ve heard about Software Defined Networking (SDN), and while the hype has been tremendous, we in the engineering community have joked that SDN stands for “Still Does Nothing”. Now that that SDN has been overhyped, marketers have moved on to terms like SD-Access (or SD-WAN) and Digitization. So, when Cisco recently announced their Digital Network Architecture, or DNA, the engineering community reacted with a collective yawn. Just another marketing term, right? Is this just an attempt to erase stale connotations of the first-generation SDN? Not exactly, as it turns out. Where SDN was the automation of network management, Cisco DNA is the automation of the network itself, or “digital networking”.
Why Do We Need Cisco DNA?
The digital network is defining successful companies of the future at a rate faster than perhaps many of us are ready to receive it. We’ve all heard the success stories of Uber and Amazon, and the failures of companies like Blockbuster that haven’t kept pace. Constant innovation and great customer experiences are critical to competing in today’s business. It’s no longer acceptable to take weeks or even months to plan and bring up new sites or applications; they need to be active in days or hours. To manage this demand at the infrastructure, we need a solution that simplifies management and frees valuable engineering resource time to focus on business-enabling designs. To quote Cisco, “the days of worrying about only connectivity and throughput are gone. To survive the digital transformation, you need data on where your users are connecting, how they connect, what applications they use, their connection times, and much more. You need this data in hours, not days. And getting the data is not enough. You need to analyze it.” I believe Cisco is on to something, but I would also add that in meeting with clients daily, I see that the technical talent at most companies struggles to keep pace with the business. Not that their people aren’t talented but rather the IT culture of doing more with less seems to be starving businesses of the very resources they need to accelerate growth.
What is Cisco DNA?
I like to compare DNA to the evolution of wireless networks. If you’ve been working with networks for a while you may remember when wireless access points we configured individually. Then came Cisco’s SWAN architecture (which turned out to be more like the ugly duckling) that was meant to manage groups of access points. Today we use wireless controllers to configure the entire system of AP’s and centrally define and apply users, groups and security policies across an entire organization. The intelligence has been abstracted from the AP which just connects to the controller for configuration. We really wouldn’t think of configuring AP’s individually any longer. To contrast on the wired network side, we still configure routers and switches individually and perhaps manage them with Cisco Prime. Cisco DNA introduces the controller architecture for wired devices, folding in wireless and security, with analytics and business-enabling hooks or APIs.
How Does Cisco DNA Work?
There are three goals of Cisco’s DNA: 1) virtualize everything, 2) enable service management, and 3) provide an open, extensible and programmable interface at every layer. Virtualization means running any service anywhere, on premise or in the cloud. Using Cisco’s IOS-XE, hardware can be abstracted from the OS, and Cisco One (C1) licensing separates the license entitlement from the hardware. Managing the network is primarily done through Cisco’s Application Policy Infrastructure Controller - Enterprise Module (better known as APIC-EM). APIC-EM is the controller that separates business policy from cryptic IOS commands and automatically draws from tested, best-practice configurations and consistently applies policies throughout the network for faster, lower-risk deployments. The open design of DNA allows speed and agility in connecting the business to the underlying infrastructure and security policies, while extracting valuable customer experience data as close to real time as possible.
Is Cisco DNA Secure?
Security is integrated into the DNA solution. Policies can now be managed centrally. By integrating ISE and StealthWatch, along with other “under-the-hood” technologies such as Security Group Tagging (SGT), VXLAN, LISP and others, companies can realize the benefits of policy-based micro-segmentation while masking the complexity. Monitoring and control are available throughout the network and enforceable at the edge. Automatic access to cloud threat databases can provide real-time threat information. Using Catalyst 9000 series switches it is even possible to perform encrypted traffic analysis without decrypting the traffic. Cisco touts that “it takes most organizations between 100 and 200 days to detect a threat. It takes Cisco 13 hours.” Combating the current generation of threats requires next-generation capabilities.
John Chambers, Cisco’s former CEO, said at his last Cisco Live presentation that 25% of the engineers in the room would not be with their companies in 10 years. This would not be due to them moving on, but due to the companies they worked for being left behind. Skilled engineers are still necessary but need to be used wisely; value comes in transforming the business to improve the customer experience. Cisco’s DNA provides automation and consistency, opens the door to better integration with the business and enables comprehensive security and compliance. It’s time for the engineers to cut through the marketing hype and weigh the benefits of DNA.
About the Author:
Jaymes Krueger, CCIE is a Solutions Consultant with Internetwork Engineering with over 30 years in the industry. Before coming to IE, Jaymes worked for over 10 years with our partner, Cisco. He has two kids, plays soccers regularly, and teaches a seminary program in his freetime.