Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik...
Transcript of Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik...
![Page 1: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/1.jpg)
Cisco Connect 2018 – Software-Defined Access
Henrik Møll, CTO
Gustaf Hyllested Servé, System Engineer
12/4-2018
![Page 2: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/2.jpg)
• Hvorfor er Conscia ”Early Adopters”
• Conscia og SDA
• Intent-based Network
• SDA Deep-dive
• SDA Lessons learned
2
Agenda
![Page 3: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/3.jpg)
• Kunderelevans
• En troværdig rådgiver
• Dybere Cisco engagement
• Motivationsfaktor for vores konsulenter
• En sund forretningsmodel
3
Hvorfor er Conscia ”Early Adopters”
![Page 4: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/4.jpg)
4
Conscia og SDA
Joint kunde PoC mellem
Cisco og Conscia
Cisco launch
Conscia EFTKunde 1
pilotprojekt
Conscia LAB Conscia EFT
Kunde 2 pilotprojekt
SDA lift-offAPIC EM EFT
![Page 5: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/5.jpg)
Intent-based Network
![Page 6: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/6.jpg)
Typiske udfordringer i traditionelle netværk
Løsning af problemertager lang tid
Kompleks at administrere
Svært at segmentere
Hele tiden flere og flere brugere,
og typer af endpoints.
Konstant stigning i antal VLANs
og IP-Subnets.
Mange steps (VM, Vlans, IP subnet)
bruger-login, komplekse
integrationer.
Mange steder at konfigurere og
deraf risiko for manuelle fejl.
Forskellige regler for trådløs og
kablet.
Ved ikke, hvor en bruger er, når der
skal løses problemer.
![Page 7: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/7.jpg)
… Konvertere IT-tid til forretningsfokus
• Spare tid på netværkskonfiguration
• Forbedre tiden for løsning af problemer
• Fleksibilitet og agilitet
• Reducere konsekvenser af sikkerhedsbrister
• Reducere omkostninger ved driften af netværket
7
Software-Defined Access (SD-Access)Hvad nu hvis man kunne …
![Page 8: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/8.jpg)
Intent-based Network Infrastructure
DNA Center
Analytics
Policy Automation
I N T E N T( H E N S I G T E R )
C O N T E X T
S E C U R I T Y
L E A R N I N G
Constantly learning, adapting and protecting.Oversættelse og validering af hensigter:Input: Forretningskrav og politikker (Hvad)Output: Netværkskonfiguration (Hvordan)
Automatiseret implementering:Konfiguration af netværksændringer på tværs af infrastruktur, med automatisering og/eller orkestrering
Kendskab til netværksstatus:Realtids netværksstatus for system (Hvem, Hvad, Hvor, Hvornår), konfiguration af netværksændringer på tværs af infrastruktur, med automatisering og/eller orkestrering
Det intuitive netværk
Sikring af regler og automatisk optimere/afhjælpe:Kontinuerlig validering (realtid) af hensigterne opretholdes, samt håndtering (blokere trafik, modificere kapacitet)
![Page 9: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/9.jpg)
Software-Defined Access
Insights & Telemetry
AutomatiseretNetværkskompleks
Identitets-baseredeRegler & Segmentering
Sikkerhedsregel-definitioner er
afkoblet fra VLAN og IP-adresser
for at muliggøre hurtig opdatering af
regler
Automatisering på tværs af kablet
og trådløs for optimering af trafik-
flows og styrede arbejdsgange for
at sikre konsistens, der kan skalere
Analyse og indsigt i bruger- og
applikationsadfærd for proaktiv
problemidentifikation og -løsninger
![Page 10: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/10.jpg)
12
SDN i en nøddeskal
Data-Plane
Control-Plane
Management-Plane
![Page 11: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/11.jpg)
13
DNA udvider den traditionelle SDN-model
Policy-Plane
Control-Plane
Management-Plane
Data-Plane
Data
Insig
ht
/ Tele
metry
![Page 12: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/12.jpg)
14
DNA – henover de traditionelle afgrænsninger i netværket
Campus CloudDC/ACI WAN
Data
Insig
ht
/ Tele
metry
Policy-Plane
Management-Plane
![Page 13: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/13.jpg)
SDA Deep-dive – Byggeklodserne
![Page 14: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/14.jpg)
• Switche
• Routere
• WLC
• AP
• DNA-C, NDP
• ISE
16
SDA - byggeklodser
![Page 15: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/15.jpg)
• Fysiske switche med scale
• UADP 1 / 2.0 / 3.0 ASICs
• Catalyst 2960-X ikke understøttet
• Catalyst 9000-series med UADP2.0 ASICs og snart en model med UADP 3.0
• Catalyst 9300 edge-node
• Catalyst 9400 edge-node (modular switch)
• Catalyst 9500 border + control-plane-node (eller aggregation / intermediate node)
• Nexus 7700 / SUP2E / M3 large scale border-node
17
SDA byggeklodser - Switche
![Page 16: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/16.jpg)
18
SDA byggeklodser – Switche fortsat… [hw pr0n]
![Page 17: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/17.jpg)
• Flere supporterede switche (begrænsninger på supporterede line-cards/sups etc.). Vær opmærksom på scale!
• Cisco Catalyst 3K (3650/3850)
• Catalyst 4K (SUP8-E,SUP9-E)
• Catalyst 6500-E/6800 (SUP2-T/6-T/X6900-linecards)
• Catalyst 6840/6880
19
SDA byggeklodser – Switche fortsat...
![Page 18: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/18.jpg)
• Afhængig af scale og use-case
• CSR1000v (control-plane, virtual router)
• ISR4000 (border og control-plane-node)
• ASR1000-X/HX (border og large-scale control-plane-node)
21
SDA byggeklodser - Routere
![Page 19: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/19.jpg)
• Access-points - 802.11ac wave1 eller wave2 supporteret(vær opmærksom på caveats ift. wave1-APs)
• 1700, 2700, 3700 (wave1, some caveats)
• 1800, 2800, 3800 (wave2)
• Wireless LAN Controllers
• 3504
• 5520
• 8540
• WLCs fysisk placeret udenfor Fabric – ved hjælp af Multichassis EtherChannel(VSS/vPC) for redundans
22
SDA byggeklodser - Wireless
![Page 20: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/20.jpg)
• DNA-Center appliance – en Cisco UCS-server
• Meget kraftig server, så den kanhåndtere store Campus-Fabrics – med Assurance
24
SDA byggeklodser – DNA-C
![Page 21: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/21.jpg)
• Cisco Identity Services Engine server
• ISE med DNA Center for dynamisk mapping af brugere ogenheder til SGTs via pxGrid og REST APIs
• Usecase: Integration med ServiceNow
27
SDA byggeklodser – ISE
![Page 22: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/22.jpg)
SDA Deep-dive – Fabric Components
![Page 23: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/23.jpg)
30
Underlay
• Giver connectivity og transport mellem SDA devices
• SDA unaware!
• Eksempel - Internet er underlay for DMVPN
• IPv4 only (i dag)
• MTU 1550 (9k)
• Custom underlay
• Brownfield
• Non-Cisco
• Automatiseret underlay
• Greenfield
• PnP modul fra APIC-EM
![Page 24: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/24.jpg)
• Benytter underlay
• Det er her, konnektiviteten i SDA skabes
31
Overlay
![Page 25: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/25.jpg)
32
SDA – Fabric Components
![Page 26: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/26.jpg)
33
SDA – Fabric Components – border node
![Page 27: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/27.jpg)
35
SDA – Fabric Components – control-plane node (aka. cp)
![Page 28: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/28.jpg)
36
SDA – Fabric Components – intermediate-node
![Page 29: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/29.jpg)
37
SDA – Fabric Components – edge-node (aka. fe)
![Page 30: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/30.jpg)
SDA Deep-dive – Policy Constructs
![Page 31: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/31.jpg)
• Macro Segmentering
• Virtual Networks
• Micro Segmentering
• SGTs
• Contracts
• Policies
40
SDA (DNA) Policy Constructs
![Page 32: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/32.jpg)
• Virtual Networks er top-level ”security containers”
• Implementeret som VRFs
• Inter-VN trafik bliver (i øjeblikket) forwardet og enforcet udenfor Fabric
• Fx ekstern firewall med interfaces i relevante VNs/VRFs
• Simpel use-case:
• Medarbejdere vs Guests
41
Macro Segmentering
![Page 33: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/33.jpg)
42
Macro Segmentering
VN Orange VN Blue
Forwarding/Enforcement
B
E
![Page 34: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/34.jpg)
• Segmentering indenfor et VN
• SGTs er Identifieren
• Et endpoint tilhører én SGT
• Uafhængig af IP-adressen
• To IP-adresser i samme subnet kan tilhøre forskellige SGTs
• Kan assignes statisk (pr switchport)
• Kan assignes dynamisk (dot1x/mab/ISE)
43
Micro Segmentering
![Page 35: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/35.jpg)
• Policies knytter Contracts mellem SGT’er
• Fx Src SGT ”Employees” => Contract ”Permit something” => Dst SGT ”Servers”
• Uni-directional
• Optional - automatisk oprettelse af reverse policy
• Caveats apply! Det er ikke en statefull firewall!
45
Micro Segmentering
![Page 36: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/36.jpg)
46
Micro Segmentering
VN Green
Forwarding/Enforcement
B
E
SGT Black SGT Blue
Policy BLACK-BLUE
src: BLACK dst: BLUE Contract: Permit-Something
Policy BLACK-BLUE-Rev
src: BLUE dst: BLACK Contract: Permit-Something
![Page 37: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/37.jpg)
SDA Deep-dive – Protokoller
![Page 38: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/38.jpg)
• Host mobility
• Abstraction
48
LISP - fordele
![Page 39: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/39.jpg)
• Locator/ID Separation Protocol
• Routing architecture
• Seperation af address-space fraidentitet og lokation
• Endpoint Identifier (EID)
• IPv4 address
• IPv6 address
• MAC address
• Routing locators (RLOC)
• Loopback af SDA node
• Control Plane
• Map EIDs til nuværende RLOCs49
LISP Control Plane
![Page 40: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/40.jpg)
53
LISP Devices
Border/CP Node
Fabric Edge Node
SDA WLC
![Page 41: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/41.jpg)
• Det “Magiske” ved SDA!
• Indeholder VNI (VRF) og Group Policy (SGT)
• IETF Draft
54
VXLAN Data Plane
![Page 42: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/42.jpg)
Map business intent to new policy model
Start with users and applications, map existing strategy to new
policy model loosely (w/ transition edge node/policy enforcer)
Migrate users and applications to new policy model
Migrate access networks to new policy model
61
Policy: Application-centric (micro segmentering)
T-minus X SDA deployed
![Page 43: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/43.jpg)
Use DNAC to rapidly provision virtual networks
(VRFs) and subnets
Use external fusion device (firewall) to enforce policy on traffic flowing between
virtual networks
Leverage NDP to gain insight into the application
and traffic flows in the network
Formulate increasingly granular policies based on accumulated traffic insight
62
Policy: Network-centric (macro segmentering)
SDA deployed
![Page 44: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/44.jpg)
SDA Lessons learned
![Page 45: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/45.jpg)
• Policy-based access er helt sikkert fremtiden. Skal det skalere bør man kigge på SDA/DNA
• Start med et ISE-projekt, profilering af brugere osv. (hvis man ikke allerede er der)
• Lav en pilot / PoC - det er ny teknologi med mange bevægelige dele – bliv komfortabel med teknologien – evt. et hjørne af infrastrukturen, i prod.
• Vær opmærksom på roadmaps fra Cisco, ikke alle features er tilgængelige fra dag ét
• Kigger man ind i hardware-investeringer, så vælg SDA-ready hardware, byg evt. et lækkert underlay (routed access) hvis muligt (DNAC kan automatisere underlay provisionering)
64
SDA Lessons learned
![Page 46: Cisco Connect 2018 Software-Defined Access · Cisco Connect 2018 –Software-Defined Access Henrik Møll, CTO Gustaf Hyllested Servé, System Engineer 12/4-2018](https://reader033.fdocuments.net/reader033/viewer/2022052721/5f0b53007e708231d42ff430/html5/thumbnails/46.jpg)
Tak
65