Cisco Crosswork Network Services Orchestrator Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
A proven multivendor, cross-domain automation platform for service providers and large enterprises, Cisco® Crosswork Network Services Orchestrator (NSO) is the bridge that links business intent to your organization’s underlying physical and virtual infrastructure.
The ultimate success of your automation and orchestration strategy hinges on your ability to link high-level intent to changes in your organization’s infrastructure. Any weakness in the speed, dependability, and capabilities of this connection can undermine your entire strategy.
NSO is both a bridge and a powerful automation and orchestration platform that connects service and application frameworks with the underlying physical and virtual infrastructure. It offers a rich set of northbound interfaces, enabling seamless integration with a wide variety of tools and systems. Its extensible southbound architecture allows NSO to work across multiple vendors and domains, providing broad interoperability.
By loosely coupling the top and bottom layers of the service stack, NSO empowers application and service owners to focus on innovation and enhancing customer experience without worrying about the complexities of infrastructure deployment. At the same time, it enables operations teams to optimize and manage the infrastructure confidently, without risking disruption to applications and services. This dual capability makes NSO a comprehensive solution for end-to-end network automation and orchestration.
Crosswork NSO as a bridge
Crosswork NSO has been shaped by nearly a decade of helping service provider and enterprise customers automate everything from simple device turn-up, to cross-domain automation, to sophisticated full lifecycle service management. The real world success of NSO stems from a series of unique capabilities:
● A rich and diverse set of northbound APIs and software interfaces that allow straightforward integration into existing business systems and operational tool chains
● A multivendor device abstraction layer that uses Network Element Drivers (NEDs) to mediate access to both Cisco and more than 1000 third-party physical and virtual device types
● Globally scalable, highly available data store for both configuration and state information
● Sophisticated integrated tools for maintaining state integrity, troubleshooting, and auditing
Taken together, these features deliver a fast, dependable, scalable, cross-domain, multivendor automation solution with a rich set of functionality and unmatched flexibility.
Table 1. NSO offers a rich set of features with real world benefits
| Feature |
Benefit |
| Comprehensive software interfaces |
● Easily integrated into northbound systems with a wide variety of APIs, SW interfaces, and language bindings ranging from programmatic or Remote Procedure Call (RPC)-based protocols (such as NETCONF, RESTCONF, and JavaScript Object Notation [JSON]-RPC) to language bindings like Java and Python, NSO also provides human-to-machine interfaces, such as a web UI and a set of CLIs.
|
| Multivendor |
● Supports Cisco infrastructure along with over 1,000 third-party device types, controllers, and cloud services via Network Element Drivers (NEDs). NEDs enable rapid onboarding and seamless management of new devices, significantly reducing time to market, operational risks, and complexity in diverse multivendor environments.
|
| Cross-domain |
● A single tool to efficiently manage and automate large, complex, multivendor, and multi-domain networks without service disruption.
|
|
● Functionality can be extended through its open APIs and modular architecture. The built-in package manager streamlines the process of extending NSO’s capabilities by providing a structured way to manage and integrate custom functionality.
|
|
| Highly scalable |
● Simplifies large-scale network management by providing a fast, highly available configuration data store, a model-driven programmatic interface, extensive device abstraction with network element drivers, a unified network-wide automation and orchestration interface, and reliable service delivery through sophisticated transaction control.
|
| Model-based |
● A model-based approach using YANG provides a declarative and structured way to define network configuration and operational data, fostering interoperability across diverse vendor devices and allows NSO to interpret and manage configurations consistently. YANG models ensure data integrity through defined constraints and data types, minimizing configuration mistakes and improving network reliability. Ultimately, the model-based approach simplifies complex network environments, making them more agile and easier to manage and scale.
|
| Trusted transactions |
● Ensure reliable network configuration by providing a database-style commitment of configuration changes, performing pre-implementation checks with the ability to roll back configurations if needed, and maintaining bidirectional synchronization to guarantee a consistent network state. This approach helps prevent partial or inconsistent configurations and supports precise control over network changes.
|
| Scalable database |
● NSO's built-in Configuration Database (CDB) provides a scalable database tailored for network management. It features intelligent data handling that loads actively needed data into RAM and offloads less-used data to disk, enabling the efficient management of large device fleets and service volumes on single-node instances. Furthermore, CDB leverages the standardized XPath query language, which provides a powerful and precise mechanism for navigating and selecting specific data elements within its hierarchical structure, thereby enabling efficient querying and manipulation of network configurations.
|
| Highly available datastore |
● The high availability capabilities ensure a globally scalable, reliable, and consistent data store that serves as the definitive source of truth for configuration and operational data, enabling seamless failover, transactional integrity, and efficient synchronization to enhance network reliability and reduce operational risk.
|
| Network-wide CLI |
● Lets users manage all devices in a multi-vendor network through one simple interface that automatically converts commands to each device’s language, making network management easier and more efficient.
|
| Modern web UI |
● NSO offers an intuitive graphical interface, making complex tasks accessible to a broader range of users. It auto-renders underlying device and service models, ensuring that the UI is immediately updated when new devices or services are added, without requiring additional programming.
|
| Precise control |
● Enables real-time, granular, and accurate management of devices and services, allowing operators to make detailed adjustments and deeply monitor network elements. This ensures highly reliable and efficient service delivery with minimal errors or delays. It also enhances automation and agility by providing tight, step-by-step control over network behavior, improving operational responsiveness and reducing downtime. This fine-grained control supports proactive problem detection and rapid resolution, ultimately optimizing network performance and service quality.
|
| Operational visibility |
● Provides real-time, detailed logging and audit trails that capture all changes and actions, ensuring comprehensive operational transparency. It monitors key service performance metrics such as availability, response times, and resource utilization through its insights feature, accessible via both CLI and web UI. NSO supports role-based access control to track who makes changes and when, enhancing security and operational visibility. This combination of real-time data, detailed metrics, audit logs, access control, and service-resource correlation enables precise management and rapid issue resolution within the NSO-managed network environment.
|
| System-wide observability |
● For broader network observability and assurance, Cisco integrates NSO with external solutions like Splunk and Provider Connectivity Assurance. These integrations provide end-to-end visibility across the entire network ecosystem, delivering network performance analytics, root cause identification, and AI-driven proactive monitoring. This holistic observability spans multiple domains, technologies, and vendors, enabling proactive network performance management, faster problem detection, and improved Mean Time To Resolve (MTTR) for network issues.
|
| Intelligent service lifecycle management |
● Patented FASTMAP technology—service developers only need to write the service creation logic, and NSO intelligently calculates all the required changes to update or remove services based on that logic. This unique approach simplifies workflow design, reduces manual effort, and accelerates the deployment and modification of network services by automatically determining the delta between the current and desired service states, ensuring consistent and efficient service lifecycle management.
|
| Containerized delivery |
● NSO offers a modern, container-based packaging and deployment approach that enhances operational efficiency, portability, and scalability. It enables rapid deployment, consistent environments, simplified management, and seamless integration with container orchestration platforms, supporting flexible and scalable network service automation.
|
| Brownfield services reconciliation |
● Provides a robust framework for managing and automating existing network configurations, ensuring smooth integration, consistency, and control over legacy and multi-vendor environments without requiring a clean slate deployment.
|
| Out-of-band service protection |
● A new paradigm for handling device out-of-band changes and keeping services up to date with device configuration without device syncing. NSO ensures service integrity in brownfield networks starting with release 6.5 by automatically detecting and integrating local changes, allowing seamless coexistence with other controllers or operators making concurrent network modifications.
|
| Efficient compliance reporting |
● NSO's compliance reporting provides continuous auditing to ensure network configurations adhere to organizational and regulatory standards, helping to identify and remediate deviations promptly. The compliance reports enable detailed visibility into device configurations across multi-vendor environments, facilitating consistent enforcement of policies and reducing risk.
|
| Access control |
● Using Network Access Control Model (NACM) for role-based access control in NSO provides granular control over user access to network configurations and operations. It allows administrators to define specific groups and rules, determining precisely what data and commands each role can access or execute within the NSO environment. This ensures that users have only the necessary privileges, enhancing security and preventing unauthorized changes to the network.
|
| Adhering to government-mandated security standards |
● Using Federal Information Processing Standards (FIPS) with NSO ensures that all cryptographic operations within the platform adhere to stringent government-mandated security standards, which is crucial for organizations with strict compliance requirements. This compliance helps protect sensitive network data both at rest and in transit by restricting NSO to use only FIPS 140-3 validated cryptographic modules and algorithms, thereby mitigating security risks and enhancing overall data integrity.
|
| Making it easy to build and test |
● NSO integrates smoothly with CI/CD pipelines by supporting automated testing and deployment workflows through its model-driven architecture and rich northbound APIs, enabling rapid, reliable service development and delivery. Its lightweight design allows it to run efficiently on user hardware such as laptops, making it accessible for developers to build, test, and iterate services locally before deploying to production, thus accelerating the CI/CD process and reducing infrastructure overhead.
|
| Extensive documentation and development resources |
● AI-assisted documentation and extensive development resources, such as interactive LABs and examples. Integrated Design Environment through the NSO Developer Studio, providing quick development of new services.
|
| Flexible consumption |
● 1-year and 3-year licenses and Smart Licensing
|
Cisco NSO has three architectural components:
1. A model-based programmatic interface that allows for control of everything from simple device turn-up and configuration management to sophisticated, full lifecycle service management
2. A fast, highly scalable, highly available configuration data store that serves as a single source of truth
3. A device abstraction layer that uses Network Element Drivers (NEDs) to mediate access to both Cisco and more than 1000 third-party physical and virtual devices
Crosswork NSO has a modular and flexible architecture
Cisco NSO has three elements, each of which is licensed separately:
1. A software license for each NSO server that runs the actual NSO services, maintains the datastore, interfaces with northbound software among other things. For each primary server, you can also license a special High Availability (HA) license for a backup server.
2. A Network Element Driver (NED) license for the software that allows a particular network device like a router or firewall to be automated by the NSO server
3. A Right to Manage (RTM) license that allows a network device to be managed by NSO
Successful execution of an automation strategy is as much about people and process as it about tools such as NSO. You may find you need to augment your capabilities in these areas as you embark on your automation journey. In support of that, Cisco Services offers a full portfolio of services across the project lifecycle, from advisory services, to implementation and support, to customization. In addition, our Cisco Solution Plus partners also offer professional services related to their offers.
Cisco environmental sustainability
Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.
Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:
| Sustainability topic |
Reference |
| Information on product material content laws and regulations |
|
| Information on electronic waste laws and regulations, including products, batteries, and packaging |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation, and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
| New or revised topic |
Described in |
Date |
| Edited “Extensible” Section in Table 1 to include CNFO |
Page 4, Table 1, “Extensible” |
October 13, 2022 |
| Removed reference to ESC (no longer shown in figure 2) |
Page 7, Figure 2 |
October 13, 2022 |
| New features have been added to Table 1, and the feature descriptions have been enhanced for clarity. |
Page 4-6, Table 1 |
September 29, 2025 |