© 2017 Cisco and/or its affiliates. All rights reserved.
Transforming the Network for the Digital BusinessDriven by Software Defined Platforms
Hugo Padilla Prad
Enterprise Networks – Digital Acceleration Team
CCIE Emeritus #12444
Cisco Forum – Kiev, November 14th
© 2017 Cisco and/or its affiliates. All rights reserved.
Retail Healthcare Education
Transportation Finance Government
The Network is the Cornerstone of Digital Success or Failure
Scale Complexity Security
© 2017 Cisco and/or its affiliates. All rights reserved.
Is the Network Ready to Provide a Digital Foundation?
Network
Yesterday`s Network
SecureReliable
Performance
© 2017 Cisco and/or its affiliates. All rights reserved.
Is the Network Ready to Provide a Digital Foundation?
Network
Yesterday`s Network
SecureReliable
Performance
Today
Visibility Compliance
Cloud Ready Programability
© 2017 Cisco and/or its affiliates. All rights reserved.
The Network needs to deliver more Value
Visibility Compliance
Cloud Ready Programability
TodayTomorrow
Analytical Insight
BehaviourAware
FullyAutomated
© 2017 Cisco and/or its affiliates. All rights reserved.
The Potential is for a Complete Autonomic Environment
Tomorrow
Analytical Insight
BehaviourAware
FullyAutomated
Vision
© 2017 Cisco and/or its affiliates. All rights reserved.
Software Defined PlatformDelivering Intent Based Networking
Software Defined Networking Software Defined Platforms
Application
SD Controller
Network devices become one
Fabric
Intent or
Instruction
Automation
Application
SD Controller
Network devices become one
Fabric
Learned Intent
or Instruction
Automation
AI, ML, Policy
control, Insights
Real Time
Analysis/Learning
© 2017 Cisco and/or its affiliates. All rights reserved.
“ Intent-based networking systems monitor, identify and react in real time
to changing network conditions.” – Gartner
Rewriting the Networking Playbookwith Intent-based Networking
© 2017 Cisco and/or its affiliates. All rights reserved.
Intent-based Networking with Cisco
Digital Business
Intent Context
Security
Learning
Network
Powered By Intent. Informed by Context.
SecurityMobile IoT MultiCloud
Business Goals
Insights
© 2017 Cisco and/or its affiliates. All rights reserved.
Cisco’s Intent Based Networking
Shift IT Time to Business Focus
Network Provisioning Time Savings
67%
Improve Issue Resolution
80%
Reduced Security Breach Impact
48%
Reduced Operating Expense
61%
© 2017 Cisco and/or its affiliates. All rights reserved.
Business Imperatives
How do you defendagainst threats?
How do you scale for the mobility & IoT
explosion?
How deliver a great user experience?
How do you manage across a multi-cloud
world?
Security Scale Assurance Cloud
Ransomware IoT Mobility SaaS
© 2017 Cisco and/or its affiliates. All rights reserved.
Security
© 2017 Cisco and/or its affiliates. All rights reserved.
Data
Ava
ilabili
tyEvolution of Security Threats
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved.
Secure Segmentation and Onboarding:Software Defined Access
Completely Automated | Policy follows Identity | Minimize Lateral Threat Movement
Guest Virtual Network
Group 5 Group 6
IoT Virtual Network
Group 3 Group 4
Employee Virtual Network
Group 1 Group 2
Users
Devices
Apps
Drag policy to apply
IT Simplicity
• No VLAN, ACLs or IP Address management required
• Single network fabric
• Define one consistent policy
Security
• Simplified Micro-Segmentation
• Policy enforcement
Solution
© 2017 Cisco and/or its affiliates. All rights reserved.
Seeing and Acting on ALL Threats
How Do You Provide Security While Maintaining Privacy?
Encrypted Traffic
Non-Encrypted Traffic
of organizations are victims of malicious activity*
80%
of attacks used encrypted traffic to evade detection*
41%
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. © 2017 Cisco and/or its affiliates. All rights reserved.
Machine Learning Identifies Malware Infrastructure view of the data
Google Search
Firefox self-repair
Bestafera Malware
Encrypted Traffic Analytics
Malware in Encrypted Traffic
Security AND Privacy
Detection: 99.99% Accuracy
Solution
© 2017 Cisco and/or its affiliates. All rights reserved.
IoT
© 2017 Cisco and/or its affiliates. All rights reserved.
‘Shadow’ Internet of Things Coming to Every Business
63M network connections per second by 2020
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved.
Automate IoT Deployments at ScaleSoftware Defined Access
Before: Box by BoxManual | Error Prone
After: AutomationScalable | Simple
Mass Scalability | Users, Device & IoT Segmentation | Policy-based Automation
ProvisionPolicyDesign 5hours
5minutes
5hours
4minutes
15hours
2minutes
Solution
© 2017 Cisco and/or its affiliates. All rights reserved.
Comparison of Total Workflow Time
The Old Method The New Method
Total Workflow for One DeviceFifty Devices
25minutes50days11hours
© 2017 Cisco and/or its affiliates. All rights reserved.
Assurance
© 2017 Cisco and/or its affiliates. All rights reserved.
Where is IT Spending Their Time?
Finding the Source of an issue, is a complex, end-to-end problem
WAN
Office Site Network Services DC
Client Density
Client Firmware
AP Coverage
RF Noise/Interf.
WLC Capacity
WAN QoS, Routing, ...
WAN Uplink Usage
Authentication
End-User Services
Configuration
Addressing
Impacts Join/Roam
Impacts Join/Roam
Impacts Quality/Throughput
Impacts Both*
Impacts Both*
Impacts Both*
Impacts Both*
Impacts Both*
Impacts Quality/Throughput
Impacts Quality/Throughput
Impacts Join/Roam
APs
Local WLCs
ISE
DHCP
Mobile Clients
CUCM
Prime
43%Of IT time spent troubleshooting;
#1 consumer of time
Source: Cisco DNA Customer Survey, June 2016
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved.
Turn Data into Insights: End-to-End Assurance
On-boarding & connectivity
Configuration compliance
Visibility & performance
Network health
Office Site Network Services DC
WAN
Local WLCs
APsMobile Clients
DHCP
CUCM
NMS
SFCDC
SNOW
BOX
Cloud Apps
Machine Learning Predicts Issues Before It Impacts the Business
Solution
© 2017 Cisco and/or its affiliates. All rights reserved.
IT Services Leader Case Study
Challenge• Invest in digital to improve experience
• Deliver services faster to open revenue streams
• Simplify through hyper automation
Business Outcomes• Time-to-Market: move resources faster,
from 1 week to minutes
• Workforce Mobility: policy follows users
• Client security & data privacy maintained through segmentation
• SaaS Simplicity: higher 0ffice 365 uptime New Resource Deployment
One week to minutes
Solution: Cisco DNA Center, ISE and Catalyst 9K
© 2017 Cisco and/or its affiliates. All rights reserved.
Global PharmaceuticalCase Study
Challenge• Enable researchers across 5 companies
to collaborate
• Maintain security policy
Business Outcomes• Cost Savings: consolidate 5 companies
in new site to 1 network
• Simplified Segmentation: Easy to maintain groups and policy
• Employee Productivity: Increased collaboration across researchers over high performing WiFi
Secure Collaboration
Five companies & one network
Solution: Cisco DNA Center, ISE and Catalyst 9K
© 2017 Cisco and/or its affiliates. All rights reserved.
Cisco Intent Based-Networking Solutions
Users Devices Apps
Connecting Trusted Users to Trusted Devices with an Uncompromised Experience
© 2017 Cisco and/or its affiliates. All rights reserved.
THE SECURE, INTELLIGENT PLATFORM FOR DIGITAL BUSINESS
ReinventNetworking
DeploySecurity
Everywhere
Unlock ThePower Of Data
© 2017 Cisco and/or its affiliates. All rights reserved.
The Journey to the New Network
Cisco and Partner Services Help You Make Your Transformation
Infrastructure ReadinessOpen and Programmable
Policy Based AutomationSimplify, scale network deployment for Cloud,
Mobile, IoT
Intent-based NetworkConstantly learning, adapting, protecting
Analytics for AssurancePredictive performance with machine learning
Secure FoundationRapid threat detection and mitigation
© 2017 Cisco and/or its affiliates. All rights reserved.
DNA Center ApplianceAutomation Software Module
Assurance Software Module
DNA Center Components
DNA Center
Policy Design
Provision Assurance
Router Wireless LANController
AccessPoint
Switch
Cisco® Identity Services Engine
DNA-Ready Hardwareand
Non-DNA-Ready Hardware
© 2017 Cisco and/or its affiliates. All rights reserved.
Catalyst 9000 PlatformWorld’s Most Advanced Enterprise Switches
Catalyst 9300 Fixed Access
Catalyst 9400Modular Access
Catalyst 9500Fixed Core
Programmable Mobile Ready
Cloud Ready
Design
Integrated Security
IoT Ready
DNA Ready Platforms
ASR-1000-X
ASR-1000-HX
ISR 4430
ISR 4450
WirelessRoutingSwitching
AIR-CT5520
AIR-CT8540
Wave 2 APs (1800, 2800,3800)
Wave 1 APs* (1700, 2700,3700)
Catalyst 9400
Catalyst 9300
Catalyst 9500
Catalyst 4500E Catalyst 6K Nexus 7700
Catalyst 3850 and 3650
AIR-CT3504
CSR 1000V
*with Caveats