Cisco SD Access Solutions & Architecture
Table of Contents
Organizational networks are very complex. Any organization with several branches can be placed in a network through WAN connections. Of course, in this situation, we will have many devices in the physical layer, including routers, network switches, firewalls, servers, wireless network controllers, etc. This is what makes it difficult to manage the entire network.
For an IT expert, perhaps the best condition is to have a general and deep view of the entire network. But the best possible case is to segment your network and let each segment dynamically implement these security policies.
Software-Defined Access or Cisco SD Access together with Cisco DNA are designed for specific purposes in the network.
Cisco SD-Access license is the evolution of the old Campus LAN designs in networks that directly implement the organization’s decisions. Cisco SD Access is equipped with a package of applications that run as part of the Cisco Center DNA software to design, prepare, apply policies and facilitate the creation of a smart wired and wireless network campus.
Cisco SD Access provides visibility-based automatic segmentation to isolate user, device, and application traffic without physically redesigning the network. In Cisco SD Access, the user access policy is automatic, and it is possible to ensure whether these policies are correctly established for users, equipment, and network applications.
This is achieved by using unified access policies across LANs and WLANs, creating a consistent user experience on every part of the network without compromising security.
Cisco SD Access solution review
Cisco SD Access enables IT transformation by improving the visibility, definition and application of group-based access policies and achieving policy consistency across the enterprise from users to applications. Cisco SD-Access license includes some basic elements, including:
Save time using Cisco SD-Access
By using Cisco SD-Access, you can drastically reduce the time required to manage and improve network security.
In traditional networks, each device was managed separately, which was very time-consuming. Also, human error was inevitable. Cisco SD-Access uses Cisco DNA Center to control and manage network components based on Cisco DNA. Cisco SD-Access is not time-consuming to implement and can be quickly configured in the network.
By using a controller element, you can consider the network in logical blocks called fabric. Cisco SD-Access Fabric uses virtual network overlays to support segmentation and scheduling at scale.
Virtual Network Overlay uses a control layer to keep endpoints up-to-date in their network location, as endpoints on the network are constantly changing. In general, by isolating network traffic, it reduces complexity and improves scalability and convergence.
Cisco SD-Access Fabric provides several key capabilities, including host dynamics regardless of data volume and network size, Layer 2 and Layer 3 segmentation, and wireless integration. Other capabilities include intelligent services for program identification, traffic analysis, traffic prioritization and order for optimal performance and operational effectiveness.
To create modern infrastructure, Cisco always equips its production devices and updates them. These new products are always in line with advanced capabilities based on standards and can be developed.
Cisco SD Access architecture
This licensed solution consists of five basic layers, which include:
This layer includes hardware elements, such as routers, switches and wireless operating systems, interfaces and communication links, virtual switches (clusters) as well as hardware and software servers.
At runtime, the network layer is on top of the physical layer. This layer can be divided into two subsets:
Includes settings, protocols and tables as well as stacking or device virtualization for devices that provide a transport layer.
It includes configurations, transport protocols, policies, and tables related to equipment that provide a logical layer on top of the network underlay.
Network underlay is similar to layer 2 and 3 and has the most connection with the physical layer. But its focus is to transfer data packets to the devices in the network. Fabric overlay is mainly a logical (tunneled) network that connects almost all network devices and abstracts the complexities and limitations inherent to the (physical) layer. These two layers form an important part of the Cisco SD-Access solution, so that they work together to transfer data packets to the equipment participating in SD-Access.
It includes system management software and strategic subsystems such as automation, authentication and analysis. In fact, the management of the network layer is the responsibility of the control layer.
This layer is divided into three categories, which include:
Basic and fabric automation
Includes settings, protocols and program tables to support the automation of network devices and related services (Cisco Network Controller Platform (NCP).
Assurance and analysis
The licensed Cisco SD-Access includes configuration, protocols, and application tables to support the collection and analysis of user, network, and application states (Cisco Network Data Platform (NDP).
Identity and policy services
Contains configuration, protocols, and application tables to support end-line identification and identity services (Cisco Identity Services Engine (Cisco ISE).
These subcategories of the controller layer form an abstraction layer to hide the complexities and dependencies of managing many network devices and protocols. Whenever you add, remove, or update something in the SD-Access structure, these subcategories are responsible for making sure they are added, removed, or updated correctly.
Cisco SD-Access license contains elements that users interact with. In particular, the graphical user interface (GUI), as well as APIs and Command Line interfaces (CLI), if necessary, users communicate with the controller layer through the management layer. This layer can also be divided into more layers, although A variable method, as different user workflows can be exposed as separate (smaller) programs or merged as separate steps into a single (larger) program.
There are two types of programs:
Cisco DNA center settings
Contains controller settings, APIs and tables to support communication between subsystems as well as integration of common services.
Cisco DNA Center programs
Workflow tools and application data provide the context to support various user workflows (such as design, policy, provisioning, and assurance). Cisco DNA Center settings are similar to settings in other network management systems. But they also include specific tools and settings for integration between controller subsystems, as well as APIs for integration with various external systems.
Cisco DNA Center applications are designed for simplicity and perform actions based on core user workflows defined by Cisco DNA such as design, policy, provisioning, and assurance.
The important part of this layer (from an architectural point of view) is that these two types of applications form how the user interacts with the SD Access solution, how Cisco DNA Center interacts with partner systems, and intent-based. It is a flexible and customizable user interface and user experience system (UI / UX) that allows the evolution of the solution in the future.