Half 1 of the 2-part Cisco DNA Heart Planning and Adoption
My purpose for this collection is that can assist you get began with Cisco DNA Heart and get essentially the most out of your funding. I’m going to promote you on why you need or want Cisco DNA Heart as a result of if you’re studying this, it’s since you are able to get began however have some questions or issues about what the heck Cisco DNA Heart does.
I’ll begin by explaining the basics of Machine Controllability and the configuration modifications made via the Base Automation. After that I’ll clarify the related settings within the Design menu (Web site Hierarchy, Community Settings) and within the Provision menu (Stock and Plug and Play). Then I’ll present you what Cisco DNA Heart will Add, Change, or Delete from the configuration of your infrastructure be it present Brownfield gadgets or brand-new Greenfield gadgets. When you perceive what’s going to change, then you definately’ll have the option make the choice of when or when to not use the settings which might be half the Base Automation. Having that understanding will prevent time and can tremendously enhance the success of your Cisco DNA Heart adoption.
The very first thing you could do is be open to vary and let go of the ways in which you’ve “all the time” completed issues. Cisco DNA Heart is a paradigm change in the way in which that you just plan, function, and optimize your community. You need to get comfy with doing much less in CLI and extra with DNA Heart. This can be a enormous shift for many of us who’re very deep within the handbook mindset.
To not fear you’ll nonetheless use the CLI and IOS instructions however hopefully far much less and in new and thrilling methods… Configuration Templates.
Belief me you’re going to get extra work completed and have extra time for the enjoyable issues like initiatives should you leverage the workflows and automate your operations. If you don’t use, I imply actually use Cisco DNA Heart you’ll not notice the advantage of the instrument.
The three truths of Automation
Automation is now not a luxurious. It’s a necessity!
The handbook mindset doesn’t scale and is vulnerable to error.
We as Community Engineers should evolve in mindset and in our expertise to automate.
What’s Cisco DNA Heart?
Earlier than we start let’s begin with a fast stage set of what Cisco DNA Heart will not be, and what it’s meant to do.
Cisco DNA Heart is a robust community controller that permits you to optimize your community and decrease your IT spending. Cisco DNA Heart gives that digital agility to drive community insights, automation, and safety.
It’s the platform for AIOps, NetOps, SecOps, DevOps, and Web of Issues (IoT) the place all the Telemetry and Assurance information collected is consistently analyzed with AI/ML know-how to offer you a single dashboard for each operate in your community.
Cisco DNA Heart is:
- A administration platform in your Campus Enterprise Community
- An Automation platform for gadget configuration of coverage and companies
- Overseen by a Compliance System to make sure that your community is working to the usual that you just set, which is the “Intent”
- An Assurance and Analytics engine to ensure the very best community expertise for all of your customers
Cisco DNA Heart is way more than a Community Administration System (NMS) and should you mistake it for one you’ll not notice its capabilities and your expectations might be misaligned for the product.
The workflows within the DNA Heart are ruled by RABAC and arranged by process (Design, Coverage, Provision, and Assurance) that are based mostly on the roles and tasks of the IT Employees and align to the ITIL Framework; Design, Transition, Operation, and Continuous Enchancment. So, in brief, the duties within the controller are aligned to how your Structure, Engineering, Safety, and Operations groups work.
How does it work?
With the intention to do all these nice issues, we have to uncover and management the infrastructure and with DNA Heart we do this via the Base Automation settings discovered within the Design menu and utilized to your infrastructure when gadgets are Found, manually or PnP added to the community hierarchy, and when gadgets are provisioned.
So, if you consider the Base Automation, you could remember the fact that they’re there to automate the configuration within the curiosity of Cisco DNA Heart. What I imply by that’s that the automations are there for the controller to handle the community. Your customized configurations aren’t a part of that intent so you need to perceive precisely what is going on so that you could make an knowledgeable determination on how one can use the Base Automation and the related configuration settings to satisfy your wants. So don’t blindly fill out the Community Settings like a medical type, concentrate on their impression! The excellent news is that you would be able to nonetheless notice the worth of Base Automation however it’s essential to know when to make use of them and how one can keep your site-specific configuration with Configuration Templates.
I’ll present you what modifications, when it modifications, and provide the testing and validation instruments so that you could validate the automation and configuration modifications in your surroundings. Understanding these configurations and automations will assist you to correctly use the Base Automation and Configuration Templates to construct a base configuration that can align together with your organizations present configuration insurance policies. And also you’ll be capable of be certain that configuration intent is utilized appropriately and constantly in your community.
I’ll begin with the Design menu overlaying Community Settings, Machine Credentials, and Telemetry. I’ll go away the opposite settings within the Design menu (IP Handle Swimming pools, SP Profiles, and Wi-fi) to a different weblog as a result of they’re past the scope of Machine Controllability and Base Automation. After I cowl the settings, we’ll transfer to the workflows that push the configuration after which I’ll introduce pyATS to validate the modifications that the controller made to the gadgets.
I need to take a second to elucidate the significance of Machine Controllability. Machine Controllability is a system-level course of on Cisco DNA Heart that enforces state synchronization for some device-layer options. Its function is to help within the deployment of required community settings that Cisco DNA Heart must handle gadgets. Modifications are made on community gadgets throughout discovery, when including a tool to Stock, or when assigning a tool to a web site. If modifications are made to any settings which might be beneath the scope of this course of, these modifications are utilized to the community gadgets in the course of the Provision and Replace Telemetry Settings operations, even when Machine Controllability is disabled. The next gadget settings might be enabled as a part of Machine Controllability when gadgets are found:
- SNMP Credentials
- NETCONF Credentials
Subsequent to discovery, gadgets might be added to Stock. The next gadget settings might be enabled when gadgets are added to stock:
- Cisco TrustSec (CTS) Credentials
The next gadget settings might be enabled when gadgets are assigned to a web site. A few of these settings might be outlined at a web site stage beneath Design > Community Settings > Telemetry & Wi-fi.
- IPDT Enablement
- Controller Certificates
- SNMP Entice Server Definitions
- Syslog Server Definitions
- NetFlow Server Definitions
- Wi-fi Service Assurance (WSA)
- Wi-fi Telemetry
- DTLS Ciphersuite
- AP Impersonation
If Machine Controllability is disabled, Cisco DNA Heart doesn’t configure any of the credentials or settings talked about above on gadgets throughout discovery, at runtime, or throughout web site task.
Should you disable Machine Controllability you’ll lose real-time Assurance info, the configuration settings wanted within the Base Automation to correctly management the community gadgets in your community, and also you won’t be able to implement SD-Entry.
Community Hierarchy is the way you construct a logical construction in your community into Areas, Buildings, and Flooring. Areas are a grouping of different Areas or Buildings that may be a number of layers deep. You can even have a number of Buildings in an Space with a number of flooring in every constructing. Community Hierarchy can be the way you set International “centralized” or web site particular “localized” configuration settings for the group.
Notice that the International Community Settings and your customized configuration utilized with Configuration Templates might be inherited from the International stage within the hierarchy or over ridden at decrease ranges within the hierarchy. This provides you a really versatile, absolutely customizable answer for gadget configuration in your community.
These settings are optionally available and would not have for use until you need Cisco DNA Heart to manage the configuration and guarantee compliance of the observe gadgets;
- DNS Server
- Time Zone
- Message of the Day
- AAA (for community gadgets)
- Picture Distribution
- Cisco Safe Community Analytics (previously generally known as Stealthwatch)
These are required to attach, configure, and handle the gadgets in your community. There are some caveats with Machine Credentials:
- If the Credential configuration exists on the gadget, then will probably be ignored.
- If a fallback person (static person account) and Allow will not be configured on the gadget, then will probably be configured as a part of the Discovery and add gadget to stock workflows.
- Machine sync will add it again should you take away it from configuration.
- If in case you have an ACL utilized to the SNMP group, it should get eliminated.
You’ll have to use a DayN template so as to add again or take away any undesirable configuration that the Base Automation makes to the gadget.
At a minimal you could configure the next credentials;
- CLI Username, Password and Allow Password
- SNMPv2 RO
- SNMPv2 RW or an SNMPv3
The HTTP(S) credentials are required for connecting to Meraki, Firepower Administration Heart, Software Internet hosting, and NFV/Compute gadgets. The HTTP(S) credentials aren’t validated for Community Units. Nevertheless, Software Internet hosting does require HTTP(S) entry for its automation workflow so that may be configured on per gadget foundation from Stock.
- HTTP(S) Learn
- HTTP(S) Write
The Telemetry settings configure Cisco DNA Heart or your present servers for assortment of SNMP, Syslog, NetFlow, and IP Machine Monitoring (IPDT) for Wired and Wi-fi Controller Streaming Telemetry. You possibly can disable these choices however that might restrict to usefulness of the controller. For instance, should you have been to disable IPDT you wouldn’t be capable of do SD-Entry or achieve Assurance information on the tip hosts related to your community.
Under are the metrics gathered from gadgets and the frequencies with which they’re collected. (Notice: that it is a setting on Cisco DNA Heart. It doesn’t trigger any configuration change on gadgets.)
- Machine Well being – Consists of CPU, Reminiscence, Atmosphere Temperature and Machine Availability metrics. Polled each 10 minutes
- Interface Well being – Consists of Interface Availability and Ethernet metrics. Polled each 10 minutes
- TCAM – Polled each half-hour
- Cloth Well being – Consists of IPSLA, RTTMON and LISP metrics.
So, we’ve lined the background, the settings, and I’ve given you some steering on how, when and when to not use the bottom automation configuration settings. Within the subsequent version, I’ll present you what’s going to change, when the bottom Automation will make modifications to your gadgets, and provide the instruments to validate the configuration change in your gadgets.
Hopefully, you’ve picked up one thing new or possibly one thing that was unclear is now manifestly apparent. Problem and check your self day by day. By no means quit, you all the time have extra to offer, and something value doing is value overdoing!
Cisco DNA Heart Finish-Consumer Guides (Consumer/Platform/Assurance/Rouge/Bonjour/Safe Analytics/SDA)
Launch Notes, Model 2.2.3 – At all times, I imply ALWAYS learn the discharge notes.
Cisco DNA Heart Safety Greatest Practices Information – Since you ought to learn it!