November 25, 2019
4 Ways Cisco SD-Access Improves Network Management and Security
By simplifying network automation, Software-Defined Access delivers useful capabilities such as segmentation and intent-based policy implementation.
The emergence of Software-Defined Access (also called “SD-Access,” or simply “SDA”) fills that void. SDA is powered by Cisco’s Digital Network Architecture Center or DNA-C. The technology is still emerging, but many organizations are successfully using it to simplify the deployment and management of network components such as switches, wireless controllers and firewalls.
Here are some of the most important early use cases of SDA.
One organization CDW works with adopted SDA specifically because it is expanding, and its IT leaders wanted a simple way to set up new sites. The technology allows the company to automate campus deployments, giving its IT team the ability to easily deploy multiple switches and other access-layer equipment at a site, and then replicate the environment in multiple locations.
Segmentation and Security
For this same company, network segmentation was very important. Officials needed an easy way to keep laptops, smartphones and Internet of Things sensors separated logically, and SDA gave them the ability to set up this segmentation simply through a graphical user interface and/or application programming interfaces rather than requiring complex manual processes.
When CDW conducts penetration testing for customers, we inevitably find that a number of vulnerabilities have been caused by simple human errors in configuring access layer infrastructure. SDA can help solve for that. Using SDA to deploy networks reduces this risk by focusing on intent-based policy creation. SDA uses DNA-C to convert intent to configuration, then pushes that configuration to all components in the network, limiting misconfiguration.
Similarly, SDA helps organizations to enhance security and simplify network management by easing the creation of guest networks. Organizations can’t control what sorts of viruses might be on a guest machine, of course, but by keeping these machines isolated on a guest network, they can prevent threats from spreading through a corporate network.
Some tools, such as Cisco Meraki, Cisco ISE and Aruba ClearPass are already effective at simplifying the management of guest wireless networks but can be difficult to implement when it comes to wired networks. With SDA, organizations can easily set up policies at the enterprise level, allowing them to enact the same rules for guest devices across wired and wireless connections.
Finally, SDA helps organizations to implement intent-based policies across their networks. This is a big win, as many companies have struggled with this issue in recent years. For example, SDA can enable a company to provide a certain level of access for corporate users, regardless of where they are on the organization’s network or which tools or devices they’re using to connect. Using SDA, a network administrator can create an overall policy within DNA-C (expressing the organization’s “intent”), and then that policy is pushed out across the entire access layer of the network. Rather than requiring IT teams to specifically configure different components, SDA allows networking teams to make their intent known once, and then automatically apply that intent everywhere.
None of these capabilities are new, per se — but the ability to achieve them with this level of automation is. Even sophisticated IT shops have historically struggled to effectively implement network segmentation and consistent access policies. SDA reduces the number of resources required to achieve these objectives and helps companies roll out these capabilities where they might not have had them before.
This blog post brought to you by: