Half 1 of the 2-part Cisco DNA Middle Planning and Adoption
My purpose for this sequence is that will help you get began with Cisco DNA Middle and get essentially the most out of your funding. I’m going to promote you on why you need or want Cisco DNA Middle as a result of if you’re studying this, it’s since you are able to get began however have some questions or considerations about what the heck Cisco DNA Middle does.
I’ll begin by explaining the basics of Gadget Controllability and the configuration adjustments made by way of the Base Automation. After that I’ll clarify the related settings within the Design menu (Website Hierarchy, Community Settings) and within the Provision menu (Stock and Plug and Play). Then I’ll present you what Cisco DNA Middle will Add, Change, or Delete from the configuration of your infrastructure be it present Brownfield units or brand-new Greenfield units. When you perceive what is going to change, then you definately’ll have the opportunity make the choice of when or when to not use the settings which are half the Base Automation. Having that understanding will prevent time and can tremendously enhance the success of your Cisco DNA Middle adoption.
The very first thing you need to do is be open to vary and let go of the ways in which you’ve “at all times” finished issues. Cisco DNA Middle is a paradigm change in the way in which that you simply plan, function, and optimize your community. You need to get snug with doing much less in CLI and extra with DNA Middle. This can be a enormous shift for many of us who’re very deep within the handbook mindset.
To not fear you’ll nonetheless use the CLI and IOS instructions however hopefully far much less and in new and thrilling methods… Configuration Templates.
Belief me you’re going to get extra work finished and have extra time for the enjoyable issues like tasks in case you leverage the workflows and automate your operations. If you don’t use, I imply actually use Cisco DNA Middle you’ll not understand the advantage of the software.
The three truths of Automation
Automation is now not a luxurious. It’s a necessity!
The handbook mindset doesn’t scale and is liable to error.
We as Community Engineers should evolve in mindset and in our expertise to automate.
What’s Cisco DNA Middle?
Earlier than we start let’s begin with a fast degree set of what Cisco DNA Middle shouldn’t be, and what it’s supposed to do.
Cisco DNA Middle is a robust community controller that allows you to optimize your community and decrease your IT spending. Cisco DNA Middle offers that digital agility to drive community insights, automation, and safety.
It’s the platform for AIOps, NetOps, SecOps, DevOps, and Web of Issues (IoT) the place all the Telemetry and Assurance information collected is continually analyzed with AI/ML know-how to present you a single dashboard for each operate in your community.
Cisco DNA Middle is:
- A administration platform in your Campus Enterprise Community
- An Automation platform for system configuration of coverage and providers
- Overseen by a Compliance System to make sure that your community is working to the usual that you simply set, which is the “Intent”
- An Assurance and Analytics engine to ensure the perfect community expertise for all of your customers
Cisco DNA Middle is way more than a Community Administration System (NMS) and in case you mistake it for one you’ll not understand its capabilities and your expectations can be misaligned for the product.
The workflows within the DNA Middle are ruled by RABAC and arranged by activity (Design, Coverage, Provision, and Assurance) that are primarily based on the roles and tasks of the IT Workers and align to the ITIL Framework; Design, Transition, Operation, and Continuous Enchancment. So, briefly, the duties within the controller are aligned to how your Structure, Engineering, Safety, and Operations groups work.
How does it work?
As a way to do all these nice issues, we have to uncover and management the infrastructure and with DNA Middle we do this by way of the Base Automation settings discovered within the Design menu and utilized to your infrastructure when units are Found, manually or PnP added to the community hierarchy, and when units are provisioned.
So, whenever you consider the Base Automation, you need to understand that they’re there to automate the configuration within the curiosity of Cisco DNA Middle. What I imply by that’s that the automations are there for the controller to handle the community. Your customized configurations should not a part of that intent so it’s important to perceive precisely what is occurring with the intention to make an knowledgeable choice on how one can use the Base Automation and the related configuration settings to satisfy your wants. So don’t blindly fill out the Community Settings like a medical type, concentrate on their affect! The excellent news is that you could nonetheless understand the worth of Base Automation however you have to know when to make use of them and how one can keep your site-specific configuration with Configuration Templates.
I’ll present you what adjustments, when it adjustments, and provide the testing and validation instruments with the intention to validate the automation and configuration adjustments in your setting. Understanding these configurations and automations will let you correctly use the Base Automation and Configuration Templates to construct a base configuration that may align together with your organizations present configuration insurance policies. And also you’ll have the ability to be certain that configuration intent is utilized accurately and constantly in your community.
I’ll begin with the Design menu overlaying Community Settings, Gadget Credentials, and Telemetry. I’ll go away the opposite settings within the Design menu (IP Tackle Swimming pools, SP Profiles, and Wi-fi) to a different weblog as a result of they’re past the scope of Gadget Controllability and Base Automation. After I cowl the settings, we are going to transfer to the workflows that push the configuration after which I’ll introduce pyATS to validate the adjustments that the controller made to the units.
I wish to take a second to clarify the significance of Gadget Controllability. Gadget Controllability is a system-level course of on Cisco DNA Middle that enforces state synchronization for some device-layer options. Its objective is to help within the deployment of required community settings that Cisco DNA Middle must handle units. Modifications are made on community units throughout discovery, when including a tool to Stock, or when assigning a tool to a website. If adjustments are made to any settings which are below the scope of this course of, these adjustments are utilized to the community units throughout the Provision and Replace Telemetry Settings operations, even when Gadget Controllability is disabled. The next system settings can be enabled as a part of Gadget Controllability when units are found:
- SNMP Credentials
- NETCONF Credentials
Subsequent to discovery, units can be added to Stock. The next system settings can be enabled when units are added to stock:
- Cisco TrustSec (CTS) Credentials
The next system settings can be enabled when units are assigned to a website. A few of these settings will be outlined at a website degree below Design > Community Settings > Telemetry & Wi-fi.
- IPDT Enablement
- Controller Certificates
- SNMP Entice Server Definitions
- Syslog Server Definitions
- NetFlow Server Definitions
- Wi-fi Service Assurance (WSA)
- Wi-fi Telemetry
- DTLS Ciphersuite
- AP Impersonation
If Gadget Controllability is disabled, Cisco DNA Middle doesn’t configure any of the credentials or settings talked about above on units throughout discovery, at runtime, or throughout website project.
When you disable Gadget Controllability you’ll lose real-time Assurance info, the configuration settings wanted within the Base Automation to correctly management the community units in your community, and also you will be unable to implement SD-Entry.
Community Hierarchy is the way you construct a logical construction in your community into Areas, Buildings, and Flooring. Areas are a grouping of different Areas or Buildings that may be a number of layers deep. You can even have a number of Buildings in an Space with a number of flooring in every constructing. Community Hierarchy can be the way you set World “centralized” or website particular “localized” configuration settings for the group.
Word that the World Community Settings and your customized configuration utilized with Configuration Templates will be inherited from the World degree within the hierarchy or over ridden at decrease ranges within the hierarchy. This offers you a really versatile, totally customizable resolution for system configuration in your community.
These settings are elective and shouldn’t have for use except you need Cisco DNA Middle to manage the configuration and guarantee compliance of the comply with gadgets;
- DNS Server
- Time Zone
- Message of the Day
- AAA (for community units)
- Picture Distribution
- Cisco Safe Community Analytics (previously referred to as Stealthwatch)
These are required to attach, configure, and handle the units in your community. There are some caveats with Gadget Credentials:
- If the Credential configuration exists on the system, then it will likely be ignored.
- If a fallback person (static person account) and Allow shouldn’t be configured on the system, then it will likely be configured as a part of the Discovery and add system to stock workflows.
- Gadget sync will add it again in case you take away it from configuration.
- When you’ve got an ACL utilized to the SNMP neighborhood, it is going to get eliminated.
You’ll have to use a DayN template so as to add again or take away any undesirable configuration that the Base Automation makes to the system.
At a minimal you need to configure the next credentials;
- CLI Username, Password and Allow Password
- SNMPv2 RO
- SNMPv2 RW or an SNMPv3
The HTTP(S) credentials are required for connecting to Meraki, Firepower Administration Middle, Software Internet hosting, and NFV/Compute units. The HTTP(S) credentials should not validated for Community Units. Nevertheless, Software Internet hosting does require HTTP(S) entry for its automation workflow so that may be configured on per system foundation from Stock.
- HTTP(S) Learn
- HTTP(S) Write
The Telemetry settings configure Cisco DNA Middle or your present servers for assortment of SNMP, Syslog, NetFlow, and IP Gadget Monitoring (IPDT) for Wired and Wi-fi Controller Streaming Telemetry. You might disable these choices however that will restrict to usefulness of the controller. For instance, in case you have been to disable IPDT you wouldn’t have the ability to do SD-Entry or acquire Assurance information on the top hosts linked to your community.
Under are the metrics gathered from units and the frequencies with which they’re collected. (Word: that it is a setting on Cisco DNA Middle. It doesn’t trigger any configuration change on units.)
- Gadget Well being – Consists of CPU, Reminiscence, Atmosphere Temperature and Gadget Availability metrics. Polled each 10 minutes
- Interface Well being – Consists of Interface Availability and Ethernet metrics. Polled each 10 minutes
- TCAM – Polled each half-hour
- Material Well being – Consists of IPSLA, RTTMON and LISP metrics.
So, we’ve coated the background, the settings, and I’ve given you some steering on how, when and when to not use the bottom automation configuration settings. Within the subsequent version, I’ll present you what is going to change, when the bottom Automation will make adjustments to your units, and provide the instruments to validate the configuration change in your units.
Hopefully, you’ve picked up one thing new or possibly one thing that was unclear is now obviously apparent. Problem and check your self every single day. By no means hand over, you at all times have extra to present, and something price doing is price overdoing!
Cisco DNA Middle Finish-Person Guides (Person/Platform/Assurance/Rouge/Bonjour/Safe Analytics/SDA)
Launch Notes, Model 2.2.3 – All the time, I imply ALWAYS learn the discharge notes.
Cisco DNA Middle Safety Greatest Practices Information – Since you ought to learn it!