SAN FRANCISCO -- Cisco has redesigned how it delivers campus networking, moving aggressively from its roots in hardware to a software-controlled infrastructure that will require operators using its gear to rethink how they do their jobs.
Cisco's new platform, introduced this week at a media and analyst event, is built into an overhaul of IOS, the company's network operating system. Officially called IOS 16.6.x, the NOS runs in a new line of Catalyst switches, called the 9000 Series, which includes the 9400 modular- and 9300 fixed-access switches and the 9500 fixed core.
Above the platform is a central software console called the Cisco Digital Network Architecture (DNA) Center that casts into obsolescence the familiar command-line interface (CLI) engineers have used for decades to program networks one switch at a time. "The CLI is totally deprecated," said Shamus McGillicuddy, an analyst at Enterprise Management Associates Inc., based in Boulder, Colo.
Cisco DNA, introduced last year, is used in the DNA Center to replace the hardware-based green screen with a graphical user interface that displays the network in the form of user groups defined by the operator. For example, each hospital in a medical group could be one group. Clicking on a group would show subgroups, such as one for doctors and nurses, another for patients and a third for suppliers.
Each group and subgroup would have access to the network and data based on policies created within DNA Center. New or modified policies would be sent from the software to the switches for enforcement.
DNA Center gives Cisco an edge over its largest competitor, Hewlett Packard Enterprise, McGillicuddy said. "No one is doing this in the campus world. Cisco has taken the lead."
In September, Cisco plans to add to DNA Center security technology that can detect malware in encrypted traffic without having to decrypt it. In November, the company will roll out network monitoring and troubleshooting capabilities. The features will work off data drawn from the Catalyst switches and Cisco Aironet access points and wireless controllers.
The troubleshooting capabilities could, for example, lead operators to a Dynamic Host Configuration Protocol server problem that's preventing people in a particular group from connecting to the network. A DHCP server assigns IP addresses that let PCs and mobile devices connect to a network.
Scentsy using Cisco DNA
Scentsy Inc., a fragrance company based in Meridian, Idaho, has tested the Cisco DNA Center for applying access policies to the home-based independent contractors that sell its products in the U.S., Europe, Australia and New Zealand, said Kevin Tompkins, a network architect at the company.
Scentsy conducted its field trials on a network of Catalyst 3750 and 3850 switches, which the company plans to replace with Catalyst 9000s. The older switches do not have the advanced data encryption and network analytics of the new systems.
The Cisco DNA software, which Scentsy ran on a virtual machine installed on an x86 server, communicates to the switches through a layer of other Cisco technologies. They include the Identity Services Engine, which enforces security and access policies; pxGrid, which Tompkins described as the communication protocol for connecting the switches to DNA Center; and a policy management engine based on Prime.
"It [DNA Center] is one more layer on top of existing systems that enables them to be a lot more intelligent and more efficient," Tompkins said.
Using Cisco DNA Center will require engineers to change their thinking about operating a network, Tompkins said. Managing a network is no longer about virtual LANs, switches and routers. Instead, it's about policy creation and deployment.
Tompkins warned that companies with products other than Catalyst 3850s or 9000s would have to continue using legacy tools to manage them. Therefore, engineers will find it difficult to apply the same policy created in the software console across the network.
"That's going to be a challenge," Tompkins said.
Also, companies should not try to replicate the legacy network design in DNA Center, he said. "If you're not taking advantage of this new methodology, you're not really getting any benefit out of it. You might as well stay with the legacy technology."
APIs for third-party products
Cisco has built APIs in DNA Center and the Catalyst 9000s for running third-party applications. The switches, for example, support Puppet and Chef, which are open source tools for writing scripts used in configuration management. The software console can connect to security products from Infoblox and AlgoSec.
Cisco's APIs won't work with all technology. Rather than open them up to all comers, the company will expand support gradually.
"We are having active conversations to see how far customers are willing to take this," said Sachin Gupta, the head of enterprise product management at Cisco. "We're not quite ready for anyone to load what they want."
Cisco will sell DNA Center and the rest of the software associated with the new campus networking platform on a minimum three-year subscription license that includes support. Cisco sells the hardware separately.
Royal Caribbean Cruises, which has been testing DNA Center and the new switches for the last five months, is in contract negotiations with Cisco.
"They have people in their business who are really trying to transform the thinking around how they go to market, and I think they're thinking about it properly," said Royal Caribbean CIO Michael Giresi. "We'll see how that ends up coming through the commercial aspect of the offer."
Deployment options for Cisco campus switches
How the campus LAN is evolving in the enterprise
Unifying wired and wireless campus networks