Q. What is Cisco DNA Center?
A. Cisco DNA Center is the network management system, foundational controller, and analytics platform at the heart of Cisco’s intent-based network. Beyond device management and configuration, Cisco DNA Center gives IT teams the ability to control access through policies using Software- Defined Access (SD-Access), automatically provision through Cisco DNA Automation, virtualize devices through Cisco
® Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis (ETA). Furthermore, Cisco DNA Assurance collects streaming telemetry from devices around the network and uses AI and machine learning to help ensure alignment of network operation with business intent. In doing this, Cisco DNA Assurance optimizes network performance, enforces network policies, and reduces time spent on mundane troubleshooting tasks. Cisco DNA Center Platform provides 360-degree extensibility with a broad ecosystem of partners and ISVs that allow you to make your network agile and fully in tune with your business priorities. Cisco’s DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass.
Q. What is Cisco’s vision behind Cisco DNA Center?
A. Cisco set out to build the network of the future—a closed-loop system that’s self-learning, self-correcting, and self-contained, delivering true intent-based networking. Cisco DNA Center is a single touch point on top of the network that abstracts the complexity of the network underneath.
● Hide complexity: Cisco DNA Center hides the complexity of manual operation that made the network difficult to operate, error-prone, inefficient, and nonscalable, so that the network is easy and efficient to operate at scale.
● Break silos: Cisco DNA Center breaks the traditional silos of wired, wireless, and WAN, and enables the network to be operated as a cohesive whole.
● Enable cross-domain interworking: Cisco DNA Center connects with campus, data center, security, collaboration, and other domains to enable smooth cross-domain interworking.
● Bridge to the past: Cisco DNA Center seamlessly bridges your current and future networks by supporting both new and existing deployments.
● Tether to the cloud: Cisco DNA Center is continuously informed by the cloud. This allows Cisco to provide updates and upgrades continually, shifting the paradigm from the traditional network upgrade cycle that can extend into months and years.
● Scale as you grow: Cisco DNA Center is architected to manage and automate a large number of devices and endpoints. It is built with micro-services that enable true horizontal scaling as needed.
● Gain a platform for innovation: Cisco DNA Center provides a mechanism for app developers to write apps that reside on top of the network and build upon Cisco DNA Center’s native capabilities, furthering the network’s agility to support business objectives.
Q. What are the key features of Cisco DNA Center?
A. Cisco DNA Center’s key functions can be described as:
● Automation: Fully automate the network infrastructure based on one policy across the entire access network with Software- Defined Access (SD-Access), acting as a single fabric. Accelerate branch deployments with Software-Defined WAN (SD-WAN). Simplify and scale operations by automating day-to-day configuration, provisioning, and troubleshooting.
● Assurance: Proactively predict performance through machine learning to correlate user, device, and application data for contextual business and operational insights. Identify issues and provide actionable insight to deliver better, more personalized experiences.
● Security: Create user and device groups and enforce user policies with a simple drag-and-drop interface. Integrate with leading Cisco security products such as Cisco Identity Services Engine (ISE), Stealthwatch®, and Encrypted Traffic Analytics (ETA).
● Platform: Cisco DNA Center provides an open, extensible platform that Cisco partners can use to create value-added applications that build on the native capabilities of Cisco DNA Center. Such applications can simplify IT workflows, integrate with other technologies such as WAN and data center, and even interact with third-party network equipment.
Q. What is Cisco DNA Automation?
A. Cisco DNA Automation refers to the simplified deployment and automated configuration of network devices based on policies. It is also used for operations to create, change, update, or delete network services. Included are features such as Zero Touch Provisioning (ZTP), Software Image Management (SWIM), as well as all day-0, day-1, and day-N functionality. New features to DNA Automation include: day-0 bulk update, zero-touch device replacement for RMA, and NetFlow automation for Stealthwatch ETA support. For complete details on these features, please consult the Cisco DNA Center datasheet.
Q. What is Cisco DNA Assurance?
A. Cisco DNA Assurance is a fundamental solution within Cisco DNA Center that enables IT to get rich context for the user-to-application experience with historical, real-time, and predictive insights across users, devices, applications, and the network. With telemetry capabilities across the broadest sources of inputs, IT can proactively monitor and be notified of network conditions that require attention, helping ensure that the network operation is delivering on the intent of services, policies, and security.
Q. What is Cisco AI Network Analytics?
A. Cisco AI Networks Analytics works inside Cisco DNA Assurance to increase intelligence in the network, empowering administrators to accurately and effectively improve performance and facilitate issue resolution through three main capabilities:
VISIBILITY – AI-driven baselining: No two networks are the same. AI-driven technologies can learn user trends, services, and application metrics that are specific to your network. Cisco DNA Assurance can then create a customized performance curve for analytical decisions. The AI-driven baseline for the performance parameters that are unique to your network is constantly adapted as your network grows and changes.
INSIGHT – Intelligent issue analysis: When every device is sending streaming telemetry, every client is communicating errors, and applications are subject to deep packet inspection, the IT team can suffer from data overload. There is too much noise from too much data! Cisco AI Network Analytics uses machine learning to make sense of all this data, accurately detect performance issues, and ignore unusual, but harmless, network anomalies. This reduces noise and false positives while identifying issues that have the greatest impact on your network. Comparative analytics leverages AI technologies to improve network performance consistency across branch offices through comparative benchmarking between peers or sites. Teams can correctly identify network optimization opportunities and allocate IT resources intelligently.
ACTION – Accelerated remediation: Cisco AI Network Analytics uses machine reasoning to perform the logical troubleshooting steps that an engineer would execute to resolve a problem. This helps users detect issues and vulnerabilities, perform complex root cause analysis, and execute corrective actions faster than ever. Machine reasoning accelerates remediation, making your team more precise in problem solving and more productive overall.
Cisco AI Network Analytics is a standard part of Cisco DNA Assurance and is included in the Cisco DNA Advantage licensing tier.
Q. What kind of data does Cisco DNA Center collect, how does it use the data, where does it keep the data, and for how long does it keep the data?
A. There are three types of data that are collected by Cisco DNA Center:
Local Network Telemetry: Cisco DNA Center collects data from several different sources and protocols on the local network, including the following: traceroute; syslog; NetFlow; Authentication, Authorization, and Accounting (AAA); routers; Dynamic Host Configuration Protocol (DHCP); Telnet; wireless devices; Command-Line Interface (CLI); Object IDs (OIDs); IP SLA; DNS; ping; Simple Network Management Protocol (SNMP); IP Address Management (IPAM); MIB; Cisco Connected Mobile Experiences (CMX); and AppDynamics
®. The great breadth and depth of data collection allows Cisco DNA Center to give a clearer picture of the state of the network, clients, and applications. This data is kept on the Cisco DNA Center appliance and is available for a period of 14 days. Local Network Telemetry is not transported to any other server or to the cloud.
Anonymized Cloud Telemetry: Cisco DNA Center customers with active Cisco DNA Advantage software licenses can elect to use Cisco AI Network Analytics for increased network performance and easier troubleshooting. Cisco AI Network Analytics uses a cloud-based machine-learning engine to provide this additional level of intelligence. In this case, the Local Network Telemetry is anonymized so that any specific local information is not included in the data sent to the cloud. This includes the following: product serial numbers, product MAC addresses, network user names, network group (SGT) names, and other customer-specific information within the data. Once the Local Network Telemetry is completely anonymized, it is uploaded to the Cisco AI Network Analytics cloud server for processing. By default, Cisco DNA Center does not send Anonymized Cloud Telemetry. Customers must turn on the Cisco AI Network Analytics option in the “Cisco DNA Center Settings” menu and accept the terms for Anonymized Cloud Telemetry before this data is sent to the cloud.
Cisco DNA Center Product Usage Telemetry: Cisco DNA Center is configured to automatically connect and transmit product usage data to Cisco. Product usage telemetry is used by Cisco to improve appliance lifecycle management for IT teams deploying Cisco DNA. This data helps product teams serve customers better. Product Usage Telemetry is fed into an aggregated analytics engine to proactively identify potential issues, improve services and support, facilitate discussions to gather additional value from new and existing features, and assist IT teams with inventory report of license entitlement and upcoming renewals. Users may opt out of the collection of Product Usage Telemetry by turning this feature off in the “Cisco DNA Center Settings” menu.
Q. What analytic functions does Cisco DNA Center provide?
A. The most common analytic functions enabled by the wealth of data collected are increased visibility, proactive troubleshooting, and guided remediation. Visibility into network operations is enhanced by the breadth of data collected from several sources and placed into a single consistent view. “Network time travel” in which the exact conditions in the past can be examined to determine the root cause of any trouble helps in proactive troubleshooting, where any fleeting situations can be caught and resolved before they can become major problems. Finally, Cisco has put its 30 years of networking experience into Cisco DNA Center and is able to provide step-by-step instructions for solving problems ranging from wireless degradation to a lack of sufficient WAN bandwidth.
Q. How can Cisco DNA Center accelerate organizations’ digital transformation?
A. By making networks more virtualized and programmable, Cisco DNA Center allows quick changes so as to keep enterprise networks in sync with business process requirements, allowing quick introductions, modifications, and deletions of business applications. Cisco DNA Center exposes APIs that enable integration with external applications. Using these APIs, these applications can further automate networks to keep pace with changing business needs. This is particularly useful to organizations that are transforming themselves digitally and require their networks to be agile and support rapid changes.
Q. What makes Cisco DNA Center extensible?
A. Cisco DNA Center Platform offers several types of integrations that can be used to develop external applications that build business value by extending core Cisco DNA Center capabilities. These integrations are classified as:
● Intent-based APIs that enable continuous network alignment to changing IT and business needs
● Integration APIs that enable integration of Cisco and third-party IT and network systems for streamlining IT operations across domains that were previously silos
● Multivendor Software Development Kits (SDKs) that allow interaction with network equipment from different vendors
Q. How do you define APIs, SDKs, and adapters used in Cisco DNA Center Platform?
A. Cisco DNA Center Platform exposes intent-based Representational State Transfer (REST) APIs that allow external applications to invoke native automation and assurance services within Cisco DNA Center programmatically. These APIs simplify the process of creating workflows that consolidate multiple network actions and allow users to move away from doing repetitive tasks and towards creating value-added solutions.
Integration APIs are also REST APIs that are used to create adapters whose purpose is to connect Cisco DNA Center with external services as a means for data exchange. Using process adapters, you can connect Cisco DNA Center with IT and network system processes such as ITSM, IPAM, and reporting systems for the exchange of operating information as a means to improve workflows. Similarly, cross-domain adapter allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment.
Cisco DNA Center uses device-specific entities called device packs to communicate with various network elements. SDKs provide the framework on which new device packs can be built. Building new device packs can extend Cisco DNA Center to manage third-party devices.
Figure 1 illustrates the role that Intent-based APIs, Integration APIs, and SDKs play and the extensions they make possible with Cisco DNA Center Platform.
Figure 1. Using Cisco DNA Center Platform intent-based APIs, integration APIs, and SDKs
Q. What are the potential benefits of Cisco DNA Center extensibility?
A. Cisco DNA Center extensibility offers many benefits, such as:
● Streamlining of IT operations by integrating networking into the IT process.
● Moving resources from low-value administrative tasks to high-value policy orchestration and business-enabling tasks.
● Continuous alignment of the network to meet business needs.
● Investment protection that will grow with your organization’s changing needs and expanding business opportunities.
Q. How does Cisco DNA Center integrate with Cisco Stealthwatch
A. Cisco Stealthwatch provides continuous real-time monitoring of, and pervasive views into, all network traffic. Stealthwatch can identify a wide range of attacks, including malware, zero-day attacks, Distributed Denial-of-Service (DDoS) attempts, Advanced Persistent Threats (APTs), and insider threats. Stealthwatch can also help you detect potential threats within encrypted traffic via Encrypted Traffic Analytics (ETA). Cisco DNA Automation can detect and enable ETA devices and send ETA and other telemetry to Stealthwatch. Cisco DNA Assurance enables you to view ETA threat detections right from the dashboard.
Q. How does Cisco DNA Center integrate with Cisco Meraki
A. Cisco DNA Center offers a single management dashboard for Cisco DNA and Meraki customers. Cisco DNA Center uses APIs provided by Meraki to obtain inventory and status of devices. No additional licenses are required for this integration.
Q. How does Cisco DNA Center participate in cross-domain policy integration?
A. Building a common policy framework across the otherwise siloed technologies of campus/branch, SD-WAN, data center, and native clouds presents a challenge to enterprises, since traditionally each technology domain has defined and enforced its own access and service policies. This can lead to inconsistencies and possible security and compliance violations. Cisco SD-Access solution consisting of Cisco DNA Center and Cisco Identity Services Engine, defines and exchanges group-based policies with Cisco ACI, which ensures consistent access control policy application between campus, branch, and datacenter, and protects sensitive data and critical applications.
Q. How does Cisco DNA Center work with but differ from other network management systems?
A. Cisco DNA Center truly provides a single-pane-of-glass control for your enterprise network. It combines basic network management functions with integrations with Cisco Stealthwatch, Cisco Identity Services Engine (ISE), and Cisco Meraki
®, so that organizations can benefit from simplicity.
Q. I have a Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) installation that controls my network. How can I migrate to Cisco DNA Center?
A. Cisco offers an upgrade path to Cisco DNA Center for current APIC-EM users. Not only are all APIC-EM capabilities included in Cisco DNA Center, but APIC-EM configurations can be imported into Cisco DNA Center for a seamless migration process. After migration to Cisco DNA Center, APIC-EM users will also benefit from many additional features such as Cisco DNA Assurance and Cisco DNA Center Platform.
Q. How does Cisco DNA Center work with Cisco Prime
A. Cisco Prime Infrastructure 3.5 Update 2 includes a Cisco DNA Center coexistence and migration feature that allows users to export data from Cisco Prime Infrastructure to Cisco DNA Center. The two management and control systems can be operated in parallel in order for IT teams to train and get familiar with Cisco DNA Center before a complete system migration is performed. Teams can begin to migrate as soon as they are comfortable with the new paradigm for automation, assurance, and security that Cisco DNA Center offers. The data that can be exported from Cisco Prime Infrastructure to Cisco DNA Center includes sites and their hierarchy along with floor maps, wireless map settings, access point placements, devices, and Connected Mobile Experiences (CMX) settings. The existing infrastructure managed by Cisco Prime Infrastructure can be exported to Cisco DNA Center to enable the Assurance functionality.
Q. What does Cisco DNA Center mean for service providers?
A. The Cisco DNA Center with its intent-based APIs represents a large opportunity for service providers to add greater value to their business customers by creating and delivering managed business service offers in an effective, differentiable, and profitable way.
Q. What types of managed service might a service provider offer using Cisco DNA Center?
A. Cisco has a rich portfolio in SD-Access which extends across the LAN, wireless infrastructure, and IoT infrastructure that an enterprise client will typically have or planning. A service provider can take this portfolio to create and deliver a Managed SD-Access Service using Cisco DNA Center as the domain controller. The REST APIs in the Cisco DNA Center enable the service provider to manage the service from their operations centers, including all the necessary provisioning, service assurance, and security. A range of managed service offers could be conceived for a service provider such as, but not limited to, Managed Wi-Fi, Managed LAN, Managed Surveillance, Managed Campus, Managed SD-Branch.
Q. How does a service provider support multiservice and multitenancy with Cisco DNA Center?
A. A service provider would deploy Cisco DNA Center as a domain controller in or near the enterprise site receiving the managed service. Cisco DNA Center, through its intent-based APIs, easily integrates into the SP management systems. The recommended solution from Cisco is that such integration be done via the Cisco Managed Services Accelerator (MSX), formerly the Virtual Managed Services (VMS) software platform. MSX provides a single point of integration with the OSS/BSS and inherently supports multiple services, such as SD-WAN and SD-Branch, multitenancy across multiple enterprise clients, and the ability to orchestrate multivendor gear. MSX provides full rebranding for the service provider, and both operations and end-customer portals for visibility and control.
Q. Are any Cisco Services available for Cisco DNA Center?
As your intent-based networking journey continues, Cisco Services helps you extract relevant network data and insights with customized software and integrations that simplify network operations and lower operating costs. In support of Cisco DNA Center and Cisco DNA Center Platform capabilities, Cisco Services provides advisory, implementation, software integration, optimization, solution support, technical training, and managed services. Our Cisco Services experts will help you achieve extraordinary business outcomes and anticipate change so you can pivot quickly, securely, and confidently.
View all services
Q. Are specific professional services available to help me design and implement Cisco DNA Center?
A. The Cisco DNA Center Advise and Implement service helps ensure rapid deployment of Cisco DNA Center for simplified control of wired and wireless environments and intent-based networking across the campus, branch, and WAN. Taking an architectural approach to policy automation and assurance, Cisco experts work with your IT staff to develop a business strategy and use case requirements for Cisco DNA Center. Validated custom designs reduce deployment risk, and proven best practices, tools, and methodologies result in implementation success. Cisco experts work with you to extend the value of Cisco DNA Center with third-party software integration and customized feature enhancements. Using Cisco DNA Center Platform extensibility, this service helps you integrate Cisco DNA Center with IT and business systems for greater IT efficiency.
Q. What kind of technical support is available to support my solution?
A. Cisco Solution Support is a best-in-class technical service that provides the right kind of support for your Cisco DNA ecosystem. Solution Support includes Cisco product support and is essential for the Cisco DNA Center appliance. Your team of solution experts provides centralized support and addresses the Cisco DNA environment as a whole, resolving solution-level issues on average 43 percent more quickly than product support alone to help you maintain reliability and increase ROI.
Q. How do I purchase Cisco DNA Center?
A. The Cisco DNA Center software image (ISO) is shipped with a Cisco DNA Center appliance ready for installation. Please refer to the ordering guide.
Q. How can developers learn about Cisco DNA Center Platform’s Intent-based APIs, Integration APIs, and SDKs for device packs?
A. DevNet, Cisco’s 500,000-strong developer community provides the tools, documentation, APIs, SDKs and use cases needed for you to get hands-on with Cisco DNA Center Platform.
● Learn the platform capabilities and APIs with DevNet Learning Tracks
● Code on real kit with the DevNet Sandbox
● Leverage code from the community with DevNet Code Exchange
● Build solutions with the DevNet Ecosystem Exchange
● Connect with the DevNet Community
● See https://developer.cisco.com/dnacenter
Q. Where can I get more information on Cisco DNA Center?