1
00:00:01,002 --> 00:00:03,006
- [Instructor] As we examine network automation further,

2
00:00:03,006 --> 00:00:06,007
we want to look specifically at Cisco's DNA Center,

3
00:00:06,007 --> 00:00:10,001
so let's take an overview of exactly what the solution is

4
00:00:10,001 --> 00:00:11,004
and why it's useful.

5
00:00:11,004 --> 00:00:13,007
Cisco DNA Center provides us with both

6
00:00:13,007 --> 00:00:17,003
a command line interface and a graphical interface

7
00:00:17,003 --> 00:00:18,009
for network interaction.

8
00:00:18,009 --> 00:00:22,005
This includes network design, device configuration,

9
00:00:22,005 --> 00:00:25,000
the automatic provisioning of our devices,

10
00:00:25,000 --> 00:00:28,004
and the ability to monitor and troubleshoot the network.

11
00:00:28,004 --> 00:00:31,007
DNA stands for Digital Network Architecture,

12
00:00:31,007 --> 00:00:34,001
and this can be either a physical appliance

13
00:00:34,001 --> 00:00:35,008
deployed in your infrastructure

14
00:00:35,008 --> 00:00:38,007
or there are cloud deployment options as well.

15
00:00:38,007 --> 00:00:40,008
You probably know that this isn't the first

16
00:00:40,008 --> 00:00:42,005
graphical interface that Cisco

17
00:00:42,005 --> 00:00:44,008
has introduced for network management.

18
00:00:44,008 --> 00:00:48,007
Even the Cisco Adaptive Security Appliance firewall line

19
00:00:48,007 --> 00:00:51,002
provided a really good graphical interface,

20
00:00:51,002 --> 00:00:54,009
but Cisco DNA Center is far and away the most useful

21
00:00:54,009 --> 00:00:58,000
and in-depth GUI that Cisco has offered to date.

22
00:00:58,000 --> 00:01:00,004
With Cisco DNA Center in your network,

23
00:01:00,004 --> 00:01:02,006
this has the capability of controlling

24
00:01:02,006 --> 00:01:06,003
all of the Cisco devices found throughout that network.

25
00:01:06,003 --> 00:01:07,001
From the main menu,

26
00:01:07,001 --> 00:01:10,001
there are four main sections that we want to examine,

27
00:01:10,001 --> 00:01:14,009
those being design, policy, provision, and assurance.

28
00:01:14,009 --> 00:01:16,004
The Design section allows you

29
00:01:16,004 --> 00:01:18,007
to create both logical topologies

30
00:01:18,007 --> 00:01:20,002
and physical maps

31
00:01:20,002 --> 00:01:22,007
as a visual reference when you're designing.

32
00:01:22,007 --> 00:01:25,001
We mentioned it previously that the GUI interface

33
00:01:25,001 --> 00:01:26,009
isn't new in the Cisco world,

34
00:01:26,009 --> 00:01:29,007
and likewise, a central management platform

35
00:01:29,007 --> 00:01:31,005
isn't a new concept either.

36
00:01:31,005 --> 00:01:35,001
You may be familiar with Cisco Prime Infrastructure

37
00:01:35,001 --> 00:01:38,008
or the end-of-life product called Cisco's APIC-EM.

38
00:01:38,008 --> 00:01:41,009
If you're a user of either of these platforms,

39
00:01:41,009 --> 00:01:44,006
Cisco DNA has the ability to import

40
00:01:44,006 --> 00:01:49,003
existing topologies and maps directly from these platforms.

41
00:01:49,003 --> 00:01:51,001
Also, DNA Center can leverage

42
00:01:51,001 --> 00:01:54,003
the Cisco Discovery Protocol, or CDP,

43
00:01:54,003 --> 00:01:56,005
to automatically discover devices

44
00:01:56,005 --> 00:01:59,005
and begin building a topology from scratch.

45
00:01:59,005 --> 00:02:02,007
The Policy section allows you to create both user

46
00:02:02,007 --> 00:02:05,001
and device policies for enforcement.

47
00:02:05,001 --> 00:02:06,002
The great thing about this

48
00:02:06,002 --> 00:02:08,007
is that with all of your Cisco devices

49
00:02:08,007 --> 00:02:10,009
under the control of DNA Center,

50
00:02:10,009 --> 00:02:12,009
when you create secure access

51
00:02:12,009 --> 00:02:15,004
or network segmentation policies,

52
00:02:15,004 --> 00:02:18,005
DNA Center will automatically translate those

53
00:02:18,005 --> 00:02:21,007
into device specific configurations

54
00:02:21,007 --> 00:02:24,003
and push those out to the appropriate devices.

55
00:02:24,003 --> 00:02:26,000
This means that you don't have to go

56
00:02:26,000 --> 00:02:28,006
to each individual device in your network

57
00:02:28,006 --> 00:02:31,001
and alter anything like virtual networks

58
00:02:31,001 --> 00:02:33,001
or access control policies,

59
00:02:33,001 --> 00:02:35,007
application policies, all of those things.

60
00:02:35,007 --> 00:02:37,006
You don't have to do that manually anymore.

61
00:02:37,006 --> 00:02:39,004
Everything is taken care of

62
00:02:39,004 --> 00:02:42,006
by DNA Center in an automated manner.

63
00:02:42,006 --> 00:02:45,009
The Provision section is where policies are associated

64
00:02:45,009 --> 00:02:49,001
to users, devices, or applications.

65
00:02:49,001 --> 00:02:52,000
Here you would create categories of identities,

66
00:02:52,000 --> 00:02:53,006
and in the graphical interface,

67
00:02:53,006 --> 00:02:56,002
you would simply associate a policy

68
00:02:56,002 --> 00:02:59,006
with an identity group in order to assign that policy.

69
00:02:59,006 --> 00:03:01,006
So it's really, really simple.

70
00:03:01,006 --> 00:03:03,009
Let's say you had a list of identities

71
00:03:03,009 --> 00:03:06,006
that included all employee laptops

72
00:03:06,006 --> 00:03:09,000
and you created a policy previously

73
00:03:09,000 --> 00:03:11,002
to limit access to social media

74
00:03:11,002 --> 00:03:13,005
while they're on the enterprise network.

75
00:03:13,005 --> 00:03:16,000
You would simply associate that policy

76
00:03:16,000 --> 00:03:17,007
with the identity group

77
00:03:17,007 --> 00:03:19,004
and DNA Center would automate

78
00:03:19,004 --> 00:03:21,003
all of the configuration for you

79
00:03:21,003 --> 00:03:24,009
and make sure that the security policy is enforced.

80
00:03:24,009 --> 00:03:26,009
A big way this simplifies things

81
00:03:26,009 --> 00:03:30,002
is that these policies will always follow the identity,

82
00:03:30,002 --> 00:03:32,007
no matter where they're at in the network,

83
00:03:32,007 --> 00:03:34,005
they'll always be tied together.

84
00:03:34,005 --> 00:03:37,002
So this eliminates the need for redesigning networks

85
00:03:37,002 --> 00:03:41,001
or for having a lot of complicated VLANs in many cases.

86
00:03:41,001 --> 00:03:44,000
Any new devices introduced into the network,

87
00:03:44,000 --> 00:03:46,000
let's say a new Cisco switch,

88
00:03:46,000 --> 00:03:48,002
would automatically be provisioned

89
00:03:48,002 --> 00:03:50,005
and assigned the appropriate policy,

90
00:03:50,005 --> 00:03:53,001
what's called zero-touch provisioning.

91
00:03:53,001 --> 00:03:55,006
As you can imagine, this would be super helpful

92
00:03:55,006 --> 00:03:58,008
when you're provisioning remote office resources.

93
00:03:58,008 --> 00:04:00,007
And the Assurance section

94
00:04:00,007 --> 00:04:04,001
is where network monitoring and troubleshooting takes place.

95
00:04:04,001 --> 00:04:05,006
This of course deals with

96
00:04:05,006 --> 00:04:07,008
reactive monitoring and troubleshooting

97
00:04:07,008 --> 00:04:10,006
when you receive reports of an issue on the network,

98
00:04:10,006 --> 00:04:13,009
but also proactive and predictive tools

99
00:04:13,009 --> 00:04:16,005
through advanced artificial intelligence

100
00:04:16,005 --> 00:04:18,000
and machine learning.

101
00:04:18,000 --> 00:04:21,000
DNA Center continually collects data analytics

102
00:04:21,000 --> 00:04:24,007
on your network and uses those for assurance purposes.

103
00:04:24,007 --> 00:04:26,003
Things DNA Center can do

104
00:04:26,003 --> 00:04:29,001
with this full visibility into a network

105
00:04:29,001 --> 00:04:32,003
include the ability to predict performance issues

106
00:04:32,003 --> 00:04:33,006
before they happen

107
00:04:33,006 --> 00:04:35,008
and to assist in troubleshooting

108
00:04:35,008 --> 00:04:39,009
with suggested remediation steps when problems are detected.

109
00:04:39,009 --> 00:04:44,004
Let's jump into Cisco's DNA Center Sandbox environment now

110
00:04:44,004 --> 00:04:46,004
found on the DevNet website

111
00:04:46,004 --> 00:04:50,000
and take a look at this graphical interface.

112
00:04:50,000 --> 00:04:51,008
Here on the main landing page,

113
00:04:51,008 --> 00:04:54,002
we get an overview of everything relevant to us

114
00:04:54,002 --> 00:04:55,002
in the network.

115
00:04:55,002 --> 00:04:57,007
We can see summaries of our policies.

116
00:04:57,007 --> 00:04:59,006
We can see the network devices,

117
00:04:59,006 --> 00:05:02,001
the network profiles, and so on.

118
00:05:02,001 --> 00:05:03,005
Up at the very top,

119
00:05:03,005 --> 00:05:06,001
you can see those four main structures

120
00:05:06,001 --> 00:05:08,002
that we already talked about earlier.

121
00:05:08,002 --> 00:05:11,003
And if you scroll down to the Network Configurations

122
00:05:11,003 --> 00:05:12,009
and Operations section,

123
00:05:12,009 --> 00:05:15,003
you can see those outlined here as well.

124
00:05:15,003 --> 00:05:17,005
If we take a look at the Design section,

125
00:05:17,005 --> 00:05:18,009
let's click on that.

126
00:05:18,009 --> 00:05:21,000
You can see that you can zoom in

127
00:05:21,000 --> 00:05:23,004
on a particular section of the map

128
00:05:23,004 --> 00:05:25,006
and you can create your own site.

129
00:05:25,006 --> 00:05:28,000
And from here you can add buildings,

130
00:05:28,000 --> 00:05:29,004
you can add different floors,

131
00:05:29,004 --> 00:05:32,005
you can create physical maps that we discussed earlier.

132
00:05:32,005 --> 00:05:34,008
You can also see the import option

133
00:05:34,008 --> 00:05:37,005
to import existing topologies as well

134
00:05:37,005 --> 00:05:42,001
if you're a Cisco Prime Infrastructure user or APIC-EM user.

135
00:05:42,001 --> 00:05:43,005
In the Policy section,

136
00:05:43,005 --> 00:05:44,006
if we go there,

137
00:05:44,006 --> 00:05:47,005
we can see the number of our current policies

138
00:05:47,005 --> 00:05:48,009
that we have in place,

139
00:05:48,009 --> 00:05:51,003
and we'll see the different category groups

140
00:05:51,003 --> 00:05:52,008
for each one of those.

141
00:05:52,008 --> 00:05:55,003
Also helpful is the Policy History page

142
00:05:55,003 --> 00:05:57,000
so that you can scroll down

143
00:05:57,000 --> 00:05:58,005
and see a list of,

144
00:05:58,005 --> 00:06:00,009
a history of revisions that have been made

145
00:06:00,009 --> 00:06:02,004
and the scope of those revisions

146
00:06:02,004 --> 00:06:05,004
just in case you need to roll back any changes.

147
00:06:05,004 --> 00:06:07,009
The Provision section is populated

148
00:06:07,009 --> 00:06:10,001
with our inventory of devices

149
00:06:10,001 --> 00:06:12,004
that are available for provisioning.

150
00:06:12,004 --> 00:06:14,003
Notice that once this loads,

151
00:06:14,003 --> 00:06:16,008
there's going to be an Upgrade Readiness button.

152
00:06:16,008 --> 00:06:19,002
We see that right here.

153
00:06:19,002 --> 00:06:20,007
We have an Upgrade Readiness button

154
00:06:20,007 --> 00:06:22,006
that will allow us to perform a check

155
00:06:22,006 --> 00:06:24,000
for any upgrade needs,

156
00:06:24,000 --> 00:06:25,002
which is very helpful.

157
00:06:25,002 --> 00:06:28,005
If we actually click on an inventory device,

158
00:06:28,005 --> 00:06:30,006
we can immediately see all kinds

159
00:06:30,006 --> 00:06:32,007
of important information about the device,

160
00:06:32,007 --> 00:06:36,000
including the IP and MAC address and lots of other things.

161
00:06:36,000 --> 00:06:39,003
The final section is the Assurance section,

162
00:06:39,003 --> 00:06:41,001
and from here we'll first see

163
00:06:41,001 --> 00:06:43,005
a general health report about our network.

164
00:06:43,005 --> 00:06:46,005
We can see the number of devices that we have

165
00:06:46,005 --> 00:06:49,001
and the type of each device we have in our network,

166
00:06:49,001 --> 00:06:53,003
and including a breakdown of wired versus wireless clients.

167
00:06:53,003 --> 00:06:56,000
We can click the Network Health button,

168
00:06:56,000 --> 00:06:58,002
if we do that View Network Health.

169
00:06:58,002 --> 00:07:00,008
Once that loads, we will see the network health

170
00:07:00,008 --> 00:07:04,003
of our network and we'll see a rating from 0 to 100.

171
00:07:04,003 --> 00:07:06,004
And of course, ours is rated at 100

172
00:07:06,004 --> 00:07:09,000
this being Cisco's Sandbox environment.

173
00:07:09,000 --> 00:07:11,007
At the top, under the Health dropdown menu,

174
00:07:11,007 --> 00:07:14,008
if we look there, we can see the same reports

175
00:07:14,008 --> 00:07:17,004
for both Clients and Applications.

176
00:07:17,004 --> 00:07:20,000
These metrics are part of the machine learning

177
00:07:20,000 --> 00:07:23,005
that DNA Center uses in order to predict issues

178
00:07:23,005 --> 00:07:25,006
and to suggest remediation steps

179
00:07:25,006 --> 00:07:27,006
for any issues that are found.

180
00:07:27,006 --> 00:07:30,007
So that's an overview of Cisco DNA Center.

181
00:07:30,007 --> 00:07:32,000
In our subsequent videos,

182
00:07:32,000 --> 00:07:34,009
we'll look more closely at some of the different pieces

183
00:07:34,009 --> 00:07:38,000
of this architecture.