The next era of enterprise networking – continuously aligning the network to changing business needs with intent-based networking solutions.
In today’s world, the emergence of artificial intelligence, the Internet of Things (IoT), the cloud, ever-expanding amounts of data, and increasingly complex cybersecurity threats are changing the technology landscape at breakneck speed. Applications and services are moving everywhere in the enterprise – from the remote edge to branch offices, to HQ, and all the way to data centers in public-, private-, and hybrid-cloud environments. As a result, the data center is no longer a place but instead is defined as wherever the data is created, processed, and used. The expanding use of diverse IoT devices, apps, and accompanying data is resulting in new distributed compute models, together with exponentially greater levels of scale and complexity. Mobile users expect immediate and high-performance connectivity at all times, everywhere, and on any device over Wi-Fi and public 4G (and soon 5G) networks. Cybersecurity threats are becoming increasingly sophisticated and dangerous across a broader attack surface that is no longer contained within well-defined perimeters. This dynamic technology landscape is a reality for all organizations, their employees, and their customers, and is the engine for the digital economy. So IT is feeling the pressure to address all these trends, typically with a constrained budget and limited talent pool.
The need for a new kind of network
In this environment, it is critical for IT leaders to adopt a radically new approach to networking. The current rigid and largely manual lifecycle management approach is no longer sustainable for deploying, maintaining, and updating networks, and it cannot scale to meet the growing complexity. For an organization to flourish in the digital economy, the network needs to be able to adapt quickly to changing business requirements or “intent.” The network needs to support an increasingly diverse and fast-changing set of users, devices, applications, and services. It needs to ensure fast and secure access to and between workloads wherever they reside. And for the network to work optimally, all this needs to be achieved from end to end, between users, devices, apps, and services across each network domain – campus, branch, WAN, data center, hybrid cloud, and multicloud. Which means that organizations need a new, integrated architecture for each domain and also a way to align to application performance and security needs across domains of the enterprise network.
The new network needs to:
● Align to the business
Enable new digital business initiatives, not hold them back. The network needs the agility to quickly and dynamically realign with rapidly changing business objectives.
● Deal with growing complexity
Be easier to configure, operate, and maintain in the face of growing scale and complexity. Current operational models are not scalable or sustainable.
● Assure service performance
Provide full visibility into how the network is operating and provide assurance that the network is supporting the desired business initiatives and achieving compliance. It also needs to identify any discrepancies and recommend fixes.
● Reduce risk
Identify and neutralize security threats before they cause harm. Multicloud, IoT, and mobile adoption open up new threat vectors that the network needs to constantly protect against.
How do you get there? With Intent-Based Networking (IBN), the emerging industry model for the next generation of networking. IBN builds on Software-Defined Networking (SDN), transforming from a hardware-centric and manual approach to designing and operating networks to a software-centric and fully automated one that adds context, learning, and assurance capabilities. Your intent-based network captures business intent and uses analytics, machine learning, and automation to align the network continuously and dynamically to changing business needs. That means continuously applying and assuring application performance requirements and automating user, security, compliance, and IT operations policies across the whole network.
How does intent-based networking work?
Intent-based networking captures and translates business intent into network policies that can be automated and applied consistently across the network. The end goal is for the network to continuously monitor and adjust network performance to assure the desired business outcome. Ultimately, this is achieved through a closed-loop system with the following functional building blocks - translation, activation and assurance.
For intent-based networking to achieve its full potential, these three functions build on a programmable network infrastructure (Figure 1):
Intent-based networking
● Translation: Capabilities that tell the network what to do to achieve the desired business outcome (intent), based on a consistent and verified policy the network can act upon.
◦ Example: Translate a business intent that the finance department needs highly-secure and uninterrupted service levels for its month-end reporting application into network-relevant policies. These policies may define the segmentation, security, and application service-levels for the network to implement.
● Activation: Deployment of the expressed policies throughout the network infrastructure, by automating systemwide changes to all relevant network and security devices.
◦ Example: Apply priority service levels for all users and applications on the secure finance reporting segment across network and security devices in each network domain (data center, campus, WAN, and branch).
● Assurance: Continuous monitoring and verification that the desired intent has been applied and business outcome has been achieved. This can include remediation through recommended corrective actions and ongoing optimization through predictive analytics.
◦ Example: Use network telemetry to monitor and analyze the finance application performance against desired outcomes, including remediation, optimization, and corrective actions as appropriate.
Cisco’s strategy for intent-based networking
Cisco has a complete architecture and solution suite to deliver on the vision of applying and assuring intent from client to application by using intent-based networking across all networking domains: data center, campus, branch, WAN, and multicloud (Figure 2). Now you can bridge the gap between what your business needs and what your network delivers. Cisco’s intent-based networking solutions connect users from anywhere to applications and services wherever they are hosted.
Architecture and solution suite for Cisco intent-based networking
Table 1. Cisco’s intent-based solutions
For the campus, branch, and extended enterprise
Use case |
IBN solution/products |
Capabilities |
Benefits |
Automate your network |
Solution: Cisco DNA Automation Product: Cisco DNA Center |
● Policy-based onboarding
● Zero-touch provisioning
● Software image management
● Process integrations with IT Service Management (ITSM) and IP Address Management (IPAM)
|
● Reduced human error and provide greater uniformity
● Quickly and simply onboard new devices
● Provide consistency for better network performance
● Streamlined operations
|
Assure network performance |
Solution: Cisco DNA Assurance Product: Cisco DNA Center |
● Streaming telemetry and contextual data
● Complex event processing with analytics engines
● Correlated insights and contextual cognitive analytics
● Guided remediation
|
● Enable complete visibility into all network devices
● Troubleshoot and find anomalies instantly
● Accurately pinpoint root cause
● Provide single-click resolution and automation
|
Detect and mitigate threats |
Solution: Cisco DNA Security Products: Cisco® Identity Services Engine (ISE) and Cisco Stealthwatch® |
● Enforced policy and compliance
● Multilayered machine learning
● Monitored streaming telemetry
● Encrypted Traffic Analytics
● Network Security Analytics
● Trustworthy systems
|
● Simpler and more secure user access
● Detection of advanced persistent threats
● Instant detection of zero-day malware
● Identification of security threats in encrypted traffic
|
Provide consistent wired and wireless policy from the edge to the cloud |
Solution: Cisco SD-Access Products: Cisco DNA Center and Cisco ISE |
● Network and user segmentation
● Consistent management of wired and wireless network provisioning and policy
● Contextual data on users, devices, and network
● Network-to-IoT environments extended through policy segmentation
● Branch and data center integrations for end-to-end policy management
|
● Ability to secure users, devices, and applications with identity-based policy, regardless of location
● Anytime, anywhere workforce
● Reduced troubleshooting time and access to insights for decision making
● Deliver consistent user experience, whether wired or wireless, and across domains
|
For the WAN
Use case |
IBN solution/products |
Capabilities |
Benefits |
Automate rollout of your network |
Solution: Cisco SD-WAN with vManage |
● Tamper-proof chips that enable zero-trust authentication
● Zero-touch provisioning for self-configuration
● Templatized configurations
● Centralized dashboard for monitoring the bring-up process
|
● Minimize need for advanced technology requirements
● Reduce burden on IT or avoid advanced technology requirements
● Eliminate rogue devices, with zero trust authentication
● Help large enterprises roll out thousands of sites in months
|
Assure network performance through visibility and intelligence |
Solution: Cisco SD-WAN with vManage and vAnalytics |
● Centralized monitoring and advanced analytics
● What-if analysis for different application scenarios
● App QoE scoring for priority applications
● Historic references for troubleshooting and correlating app SLA with network issues
● Policy recommendations for more intelligent handling of network traffic
|
● Use a centralized dashboard for management
● Rapidly troubleshoot and correlate problems
● Understand the context for underperforming apps, sites, and links
|
Provide corporate security and compliance |
Solution: Cisco SD-WAN Security with vManage |
● Ability to define corporate and other segments
● Definition of policies for mapping entities to segments and for moving across segments
● Monitoring of networkwide traffic analytics within segments
|
● Isolate corporate infrastructure from business partners
● Protect connectivity during M&A and divestitures
● Segment lines of business, subsidiaries, etc.
● Isolate guest wireless
|
Comply with application SLAs |
Solution: Cisco SD-WAN with vManage and Cloud OnRamp |
● Redundancy that mitigates failure correlation
● Centralized policies that specify SLAs for critical apps
● Continuous monitoring of link telemetry
● Direct Internet Access (DIA) with real-time optimization for critical SaaS apps
|
● Efficient access and optimization for SaaS
● Resiliency of critical apps during extreme failure scenarios
● Central visibility of critical apps and failure correlation
|
For the data center network and multicloud
Use case |
IBN solution/products |
Capabilities |
Benefits |
Assure network availability |
Product: Cisco Network Assurance Engine |
● Continuous analysis and verification of the data center network against intent and policy
● Patented network verification technology to mathematically model and verify networks, and thousands of codified failure scenarios that run right out of the box
|
● Assures network security policies and checks for compliance against business rules
● Provides continuous verification, insights and visibility, and corrective actions
|
Provide policy compliance and enforcement |
Solution: Data Center Analytics and Assurance Product: Cisco Tetration and Cisco Network Assurance Engine |
● Real-time awareness through streaming telemetry for policy violations
● Application and network policies defined with coarse and fine-grained segmentation
● Historical playback of detected deviations in network, servers, VMs, or remote sites
|
● Minimize operational and security risks
● Ensure fast and accurate policy compliance auditing
|
Enhance change management |
Solution: Cisco Application Centric Infrastructure (Cisco ACI®) Product: Cisco Network Assurance Engine |
● Policy-based automation for reduced human error and greater uniformity
● Pre-change staging that predicts the impact of a change
● Post-change verification to help assure compliance with the desired state
● Simulated application behavior that predicts incidents that affect service
|
● Minimize risk of business-impacting outages
● Significant time reduction for IT operations
● Accurate migrations
● Assurance of change
|
Perform guided troubleshooting and remediation |
Solution: Cisco ACI Product: Cisco Tetration |
● Continuous mathematical modeling alerts for more than 5000 codified failure scenarios
● Intuitive user dashboard that logs human-readable smart events of failed checks
● AI recommendation engine that highlights the exact problem and steps to fix it
|
● Faster mean time to detect and remediate
● Reduces number of low-quality IT help desk tickets
|
The Cisco difference
Only Cisco provides a complete intent-based network architecture with built-in network security, policy-based automation, and assurance across all domains, including data center, campus, WAN, branch, and cloud environments.
● Business agility. Through automation and open APIs, Cisco’s intent-based networking solutions are responsive to the changing dynamics expected in the digital economy. New business requirements can be captured and translated into network policy, so users and applications are quickly and securely onboarded.
● Simplified operations. Cisco’s intent-based networking solutions increase operational efficiencies and reduce operating expenses. Network operators can reduce the time spent on network design, implementation, testing, and troubleshooting. After network operators express intent, translation into policy and configurations is fully automated, with consistency and integrity checks.
● Continuous alignment of network to business intent. By using context and analytics to drive network assurance, Cisco’s solutions continuously validate policy alignment and otherwise recommend adjustments accordingly. By aligning policy across network domains we can activate intent end-to-end from users anywhere to applications anywhere.
● Compliance and security. The sophisticated security capabilities integrated throughout Cisco’s solutions provide advanced segmentation, consistent policy enforcement and rapid threat detection and containment even for encrypted attacks.
● Reduced risk. The abstractions, automation, and assurance available with Cisco’s solutions reduce operational risks, inconsistencies in the network, and network outages. Manual, error-prone processes are no longer the norm.
Campus. Branch. WAN. Data center. Cloud. With these traditionally siloed domains, organizations need a holistic network infrastructure strategy across the entire enterprise network.
It should be possible for IT and business intent to be expressed in one domain and then exchanged, enforced, and monitored across all of them. Today, Cisco provides a number of policy integrations between access, WAN, data center and multicloud domains.
For example, Cisco ACI and Cisco SD-Access policy integration maps Cisco ACI’s application-based micro-segmentation in the data center with Cisco SD-Access’s user group-based segmentation across the campus and branch. Now security administrators can automate and manage end-to-end segmentation seamlessly with uniform access policies – from the user to the application. With such segmentation, policies can be set that allow IoT devices to access specific applications in the data center or allow only financial executives and auditors to access confidential data. This is just one example of how Cisco solutions are enabling consistent multidomain policy segmentation and assurance for end-to-end alignment to business intent.
Getting started with intent-based networking
IT teams can begin their journey to a complete intent-based networking model by deploying solutions that address their most pressing use cases in one or more network domains. This could mean getting started with any one of the use cases described in this document, or any other use case that drives clear IT and business outcomes. To find out more about intent-based networking and the associated Cisco solutions go to https://www.cisco.com/go/ibn.
Cisco Services help you accelerate network assurance, gain analytical insight, improve productivity, and lower risk by leveraging Cisco’s unique expertise, best practices, innovative tools, and business and IT insights.
● Get started on your intent-based networking journey at cisco.com/go/ibn.
● Ask your sales representative for intent-based networking demos.