Three years ago, 95% of the changes made by the network administrators in organizations were implemented manually. However, the sequential introduction of commands through the CLI interfaces is time-consuming and inevitably generates configuration errors and incompatibilities. According to an analysis by the McKinsey firm (“2016 Study of network operations”), 70% of network policy violations are due to human error, whose identification and remediation amount to up to three-quarters of the total costs of operating and managing the network.

 

During the three years that have passed, the lives of those responsible for managing the network have not improved, but on the contrary. The increase in the number of users – especially of the mobile ones that use multiple devices in BYOD mode -, in Cloud applications and services, in fixed and wireless networks, in networking equipment coming from different manufacturers made things even more complicated. Especially because, in parallel, the threats and computer attacks have multiplied vertiginous.

 

Simplification through automation

The volume and complexity of these challenges are beginning to surpass, slowly but surely, the operating capacity of many companies, which are no longer able to exercise control over the network using the classical methods and tools of network management.

In order to support them and especially the organizations for which the network has become a critical business resource, Datanet Systems recommends an approach based on applying the Software-Defined (SD) concept to the level of user access. The solution proposed by our specialists is Cisco SD-Access, already validated in the market through several implementations made by companies operating extensive networks and with varied topologies.

 

How can Cisco SD-Access help you?

The mission of SD-Access is to simplify the operational processes of network administration and to increase its security level by automating routine processes (configuration, provisioning, identification, and troubleshooting, etc.). However, automation is also used in the end-to-end application of network policies, regardless of their type (wired, wireless or hybrid). Thus, Datanet specialists can help you achieve a reduction in network management effort – together with a reduction in the appropriate operational costs -, a better control of it and, not least, higher levels of flexibility and security.

Specifically – using SD-Access the several hours of work that requires configuring or installing a single switch by manually entering command lines can now be accomplished with just a few clicks from the DNA Center interface. The operation can be performed simultaneously for multiple network equipment, which is very useful, for example, when you want to upgrade all the switches in a campus-wide network or when you want to extend the network. In just a few minutes – not days! – the equipment is fully functional and ready to take over the traffic.

With the same speed, you can also improve your organization-wide security by applying micro-segmentation – all you have to do is create a user group and define the policies that apply to them using the Scalable Group Tags (SGT) protocol, whereby devices on the same virtual network can communicate with each other only if they comply with the rules you set for that group. If you also want to benefit from the advantages of macro-segmentation, the process is similar, only this time you use the Virtual Routing and Forwarding (VRF) protocol, where you make sure that the terminal equipment cannot communicate with each other because they are on different virtual networks. (SD-Access allows you to use both macro and micro-segmentation of the network at the same time and just as easy.)

 

News brought by Cisco  

The main competitive advantage of the solution recommended by Datanet specialists is given by the centralized way in which it operates and supplies the network through a unique Software Defined controller, which eliminates the need to use more specific tools. In the case of SD-Access, the role of the central controller is played by the Cisco DNA Center solution, which represents the “engine” through which network configuration and provisioning, Zero-touch deployments, virtual network and user group creation, operations automation, defining security policies, etc. are performed.

However, the communication between the two solutions is bidirectional – SD-Access acts as a sensor and collects telemetry data from all over the network, which are aggregated and analyzed in the DNA Center using the Machine Learning algorithms and the Artificial Intelligence component. Using the resulting actionable information, you can quickly discover, from a single console, what are the network problems and potential optimizations that can be brought to improve the performance of applications and end-user experience, in order to increase their productivity.

(You can find HERE more information on how DNA Center helps you optimize network operation and prevent malfunctions.)

 

The Cisco Identity Services Engine complements the SD-Access solution

A second key component is the Cisco Identity Services Engine (ISE), which complements the SD-Access solution with a platform through which information about end-user identity and the devices used by them (respectively how they meet specific security conditions) are integrated into the network management. ISE allows the security and segmentation rules of SD-Access to be applied based on the identity of the groups and the status of the terminal equipment, allowing the implementation of network policies to be decoupled from the IP addresses.

In addition, by integrating with other applications (both from Cisco and other manufacturers), Datanet specialists can help you increase the level of automation of security measures, by sharing information about user identity, device status, where it is located, types of resources accessed, log data history, behavior patterns, etc. (You can find HERE more details about the benefits provided by Cisco ISE.)

 

Benefits and costs of implementing the Cisco SD-Access solution 

In addition to the above benefits, using the SD-Access solution you get – according to Cisco data – the following OpEx savings:

• 94% reduction of costs with the optimization of network policies;
• 80% reduction of costs with monitoring, identification, and problem-solving;
• 67% reduction in costs with provisioning.

There is also a substantial decrease (by 48%) of the value of the damages generated by the security breaches.

These are important gains especially for organizations operating extensive architectures that integrate campus networks, WANs, branch networks or IoT projects. But the benefits listed are accessible to a larger number of companies because another unique feature of the Cisco SD-Access solution is that it allows you to reuse multiple components of the network infrastructure you operate (switches, routers, access points, Wireless LAN Check, etc.).

Datanet specialists can help you determine their compatibility level and carry out a step-by-step network equipment upgrade project, in line with your company’s real needs.

We can help you overcome budget constraints through our multi-vendor system integrator competencies, with over 20 years’ experience in network infrastructure projects. In addition, we have the advantage of being the main Cisco partner in Romania and having the largest local team of Cisco technology specialists, which gives us the operational ability to cover from the development, implementation, and customization of the solution, to complete consulting, maintenance and specialized training services. For more details on how we can help you realize the competitive advantages of the Cisco SD-Access solution, contact us.