The basic tasks of IT have not changed much over the past decades. The changes usually referred to the technologies used, not the processes or requirements used or imposed on IT. This state of affairs continued as long as IT remained solely a service department, and IT participation in the core business of the enterprise was extremely limited.

Today we are witnessing rapid changes, the source of which has become the ubiquitous digitalization of modern business - companies are actively using modern technologies to gain competitive advantages.

In March 2016, Cisco introduced a new architecture for corporate networks - the Cisco Digital Network Architecture or the Cisco Digital Networks Architecture . What is the new architecture? What are its main features and differences? What tasks solves and what advantages does it have? These and many other questions will be answered in this article.

Figure 1. - Cisco Digital Network Architecture - Cisco DNA

In the conditions of IT digitalization, it becomes a key participant in the business process. A qualitative change in the role increases the importance of IT in the structure of the enterprise, but it is not given for free - new demands are made on IT, which are often impossible to implement in the framework of familiar processes and technologies.

   ,      <b> -</b>.    –        .     ,          .            ,     ,   ,      . 

Another task that modern IT is intended to solve is the transparency of the processes occurring in the infrastructure and applications of the enterprise. Despite the long existence of various technologies for assessing the state of the network, such as, for example, SNMP or Netflow, these technologies, being a very effective way of obtaining statistics, do not have built-in tools for generating analytics. And even with external analysis systems, these technologies are not able to present a picture of what is happening from the point of view of business applications.

Do not forget about the requirements that arise at the interface between IT and the main business. This interaction was most vividly demonstrated by Gartner as a Bi-modal (Bi-modal) IT concept. One of the key features of this approach was the already mentioned automation. In the case of a bi-modal approach, we are talking about automating processes not only within the IT department itself, but even more so when IT interacts with the business.

Finally, the IT budget varies slightly from year to year, and CIOs are forced to distribute funding among several often competing initiatives, trying to combine support for the existing infrastructure with the development and implementation of new technologies necessary for business, while not forgetting to ensure information and network security and compliance with various regulatory requirements.

And here IT faces the extremely difficult task of finding an effective balance to ensure all of these requirements.

Cisco DNA architecture

         ,  Cisco   2016       <b>Cisco Digital Network Architecture</b>. Cisco DNA –  ,   -     . 

First of all, Cisco DNA combines both existing and proven Cisco solutions and technologies that have not been previously used in the corporate segment, for example, such as SDN and NFV. Second, Cisco DNA identifies and describes recommended interactions for all products and solutions used within an architecture using open software APIs. Third, Cisco DNA integrates such solutions into logical blocks that, in turn, address all the previously reviewed IT tasks of a modern digital enterprise - simplifying and automating IT processes, accelerating innovation, obtaining comprehensive analytics about the network, applications and users, reducing risks , costs and expenses and, of course, effective and automated interaction with the core business.

DNA Virtualization

At the core of any IT technology is infrastructure. One of the basic principles of Cisco DNA is the widespread use of virtualization , as a way to significantly improve the efficiency of the use of available IT resources. As part of Cisco DNA, virtualization has for the first time affected the network infrastructure. In many ways, this was made possible thanks to the rapid development of virtualization technologies for network functions NFV, which in the past few years have gained considerable popularity among telecom operators. Cisco DNA has made NFV technology available to corporate customers. What does this mean in practical terms? Many of the network functions that were previously available only in the form of specialized equipment are now available in a virtualized form, while fully retaining all the functionality of hardware analogs. Most Cisco hardware solutions already have a virtualized version. These include the Cisco CSR1000v, the software equivalent of the flagship platform of the Cisco ASR 1000 router, and Cisco ASAv, the equivalent of the Cisco ASA firewall, and the virtualized versions of the Cisco Web Security Appliance monitoring and filtering system and many others.

Using NFV for IT means much more efficient resource management. Those projects that previously required specialized hardware platforms, and the time it took to execute such projects from weeks to months, can now be deployed in hours or even minutes. It often does not require bench testing or installation work - all changes are made within the available x86 pool of resources located in the central or remote office of the enterprise.

Figure 2. - Cisco Enterprise NFV Solution

From the point of view of Cisco DNA, first of all, it is most expedient to use NFV technologies for solving network tasks of a remote office. In many cases, such offices use a standard set of hardware solutions - a router, a switch, a firewall, WAN channel optimization, traffic filtering. As part of Cisco DNA announced a unique solution Cisco Enterprise NFV , which provides the entire life cycle of a virtualized network infrastructure of a remote office of the enterprise. In addition to the virtualized versions of classic hardware solutions already mentioned, Cisco Enterpise NFV includes a completely new development - Cisco Enterprise Service Automation (Cisco ESA) - a software suite for automating the implementation and operation of Cisco Enterprise NFV, as well as special hybrid hardware platforms that support the launch of several VNF on a single hardware platform and provide the combination of such VNF into logical chains (service-chaining), while supporting management through the open software interfaces Netconf API, RESTconf API.

Cisco DNA does not limit customers to using only NFV technologies to provide network services. Modern hardware Cisco solutions in the area of ​​routing and switching continue to be effective solutions for a variety of infrastructure tasks. However, in order for such solutions to meet the requirements and objectives of Cisco DNA, Cisco has made significant additions to the software of its hardware platforms. First of all, we are talking about the availability of open management APIs on all recommended hardware platforms - Cisco Catalyst 3650/3850, Cisco ISR 4000, Cisco ASR 1000 and other popular models. Secondly, for most hardware routers, it has become possible to host any business application directly on the router platform or on the basis of a special module. Here we can talk about almost any applications, including those performing the tasks of collecting telemetry for Analytics or, for example, providing specialized encryption algorithms for connecting various offices of the enterprise in accordance with corporate requirements and standards and many other applications.

DNA Automation

The next key principle of Cisco DNA is Automation and Reliability. By itself, the task of automation is not revolutionary. For many years, manufacturers of equipment and solutions for the corporate segment offer specialized management systems (NMS), which are designed to automate part of the process of interacting with the infrastructure. The advantages of such solutions clearly include deep integration with the serviced solution and, as a result, rich customization and customization of such systems. The disadvantages of such systems are a continuation of their merits. They remain difficult to master and operate, their scope is limited to the relevant part of the infrastructure and does not take into account the specifics of the enterprise’s business applications, integration capabilities based on open APIs do not always meet the requirements of a digital enterprise.

Figure 3. - One network - one policy

Automation within the framework of Cisco DNA is aimed at simplifying and accelerating all major IT processes both for managing the network infrastructure and for interacting with business applications through open APIs. From the point of view of Cisco DNA, the priority is to quickly, easily, and reliably implement the required IT service and ensure the quality assurance of such a service during its subsequent operation, and not the process of choosing one technology or another to implement this service. With this approach, Cisco DNA allows an enterprise to find a unique balance between infrastructure complexity, often necessary to implement any potential IT services, and ease of operation. To implement this approach, Cisco developed and released in November 2015 an innovative solution for automating all processes in the corporate network infrastructure of the Cisco Application Policy Infrastructure Controller - Enterprise Module or Cisco APIC-EM .

Cisco APIC-EM is Cisco's first commercially available SDN controller for a corporate campus and distributed wired and wireless network. This solution organically complements the world-famous Cisco ACI data center architecture. As part of ACI, the function of the SDN controller is performed by Cisco APIC. Thus, with the release of Cisco APIC and then Cisco APIC-EM, Cisco's SDN solution fully automates IT processes and services covering all domains of the corporate network. Cisco APIC-EM, in contrast to the classic concepts of SDN-controllers, has a number of significant advantages. First, along with the ability to use the REST API for programming services on the network, APIC-EM has an intuitive, graphical management interface — any function accessible through the API is also available through the graphical interface and vice versa. This makes it possible to efficiently use APIC-EM in the framework of bi-modal IT, when traditional IT interacts with the infrastructure mainly through a graphical interface, and the DevOps divisions through the API. Secondly, APIC-EM can be used on a network that is already in operation - unlike the classic SDN solutions, the control plane (Control Plane) is not required to be migrated to a centralized SDN controller, which allows maintaining the autonomy of each device at the same time. another hide the complexity of the infrastructure. This is especially important given the distributed nature of the corporate network, for which the classic SDN solutions with centralized control plane are limited to applicable. Thirdly, now Cisco APIC-EM supports all modern models of Cisco equipment for the corporate network. Finally, APIC-EM comes immediately with a set of ready-made applications designed to automate the most frequently encountered operations in the corporate network — the introduction of new equipment (the Network PnP application), the use of Cisco CVD (www.cisco.com/go/cvd) designs and policies (applications IWAN App and EasyQoS App), troubleshooting network failures (Path Tracer app) and others.

Figure 4. - Cisco APIC-EM in bi-modal IT

And the most important thing is to begin acquaintance with Cisco APIC-EM, it is enough to register on the Cisco DevNet developer portal and get access to the APIC-EM sandbox (sandbox) accessible to everyone.

DNA Analytics

The implementation of Cisco DNA Automation allows customers to significantly simplify and speed up the implementation and operation of IT infrastructure to meet the requirements of business applications or even with their direct participation (DevOps model), but does not generally mean quality control of the services provided. To solve this problem, Cisco DNA offers the DNA Analytics Solution Group. Analytics tools, receiving “telemetry” from corporate infrastructure and applications, are capable of real-time performing various types of analysis of the status, behavior and trends, both for the IT services themselves and for users consuming these services, as well as to assess how much the result corresponds to the agreed quality of service. For the formation of such telemetry, special lightweight applications can be used that are placed directly on devices and / or virtual machines.

Illustrative examples of analytics systems for Cisco DNA are Cisco Tetration Analytics and Cisco Connected Mobile Experience (CMX) . Cisco CMX is an innovative technology designed specifically for wireless networks that allows you to collect, analyze and provide information on the location of wireless clients in a convenient form, create profiles of their behavior and presence in a wireless network — this and other information can be used by the company's main business units. to create unique personalized services for commercial customers. In turn, Tetration Analytics is the latest Cisco platform for forming analytics within the data center. Tetration Analytics uses software and hardware sensors to analyze the behavior of users and applications in the data center, radically increasing the transparency of the processes occurring in the data center.

DNA Security

The speed and quality of the services provided is important only if there is a sufficient level of protection for both the infrastructure itself and the consumers of IT services - users and applications. In these circumstances, ensuring and controlling security plays a crucial role.

Cisco DNA integrates state-of-the-art Cisco solutions to provide information and network security — mentioning Cisco ISE, Cisco Stealthwatch as an example. Software and hardware components at all levels of architecture are equipped with specialized means of access control and threat detection. Special emphasis is placed on the use of technology TrustSec and MacSec. Cisco DNA used solutions based on these technologies - Network as a sensor (Network-as-a-Sensor) and Network as a means of control (Network-as-Enforcer) . These technologies are transparently supported, both at the level of infrastructure and by means of Automation and Analytics of Cisco DNA.

DNA Cloud Services

Another feature of the modern IT world has become the active use of public or private cloud services for solving corporate tasks. Cisco DNA is already offering a number of cloud-based solutions that allow customers to get services from the Cisco cloud or provide related services based on their own data centers. Among such solutions, of course, mention should be made of the Cisco CMX Cloud, a cloud implementation of the Cisco Connected Mobile Experience analytics.

Cisco DNA is a set of various technologies and solutions, both software and hardware. To simplify the process of selecting and ordering solutions that provide the benefits of Cisco DNA, Cisco has incorporated licenses for most DNA software components into the new Cisco ONE Software licensing model . When purchasing infrastructure equipment under this licensing model, the customer can be sure that he also acquires the right to use unique Cisco software products that implement Cisco Automation, Analytics and Virtualization tasks.

findings

To summarize, the Cisco Digital Network Architecture is a revolutionary IT architecture for any modern enterprise. Cisco DNA allows customers to drastically reduce costs in the implementation and operation of IT infrastructure and services, accelerate the process of IT innovation, while protecting existing and future investments and, importantly, IT to become part of the core business and ensure its growth and predictability.

Useful links:

Materials on Cisco DNA