ENAUTO – DNA Center Fundamentals, Architecture, DNA Specific APIC / API, ISE Security Services, and lots of other info!


Cisco DNA (Digital Network Architecture) Center is an all-in-one physical appliance (as of this writing), which works off “Intent Based Configuration” its own Proprietary “Single Glass Pane” GUI, which allows for Centralized Automation of the entire network and all network elements.

What all DNA Center does for a network and what “Intent Based Configuration” is

Intent Based Configuration is basically preemptively planning / configuring the network on the controller before any actual network devices are plugged in, from this “Single Glass Pane” style GUI, with anything you could possibly think of to configure including:

  • Applying consistent configurations to all devices in the network
  • Confirming all devices are on a standard “golden image” given their platform
  • Applying QoS where needed to enhance the QoE (Quality of Experience)
  • Dynamic network segmentation as needed
  • Providing Network Analytics such as Netflow and SNMP
  • Creating Security Policies for Network Traffic and Users
  • Serve as the WLC by creating SSIDs and Wireless Networks / Profiles

It takes all the different applications and protocols we used to have to log into, configure, and look at separately and confined them all to this “Single pane of glass” GUI.

DNA Center = Digital Network Architecture Center, and it is currently sold as DNA Center Software on a Physical Appliance that will need to be racked somewhere in the network.

The “Golden Image” concept is that when DNA Center detects a specific device platform plugged into the network, it will upgrade the device to the defined “Golden Image” for that platform itself, so that all device images and configurations are precise.

Cisco DNA Center basically takes every existing Network Feature Cisco has ever offered, it adds some machine AI to it, and does everything in one “Single Pane of Glass” GUI.

What all does Cisco DNA Center consist of?

Firstly it consists of the DNA Center Controller and the DNA Center Fabric, which as with other SDN Controller Fabric, these are the devices which can talk directly to the controller which with DNA Center will likely be every device in the network.

An APIC (Application Policy Infrastructure Controller) SDN Controller which was available long before DNA Center became available, however a special DNA API communicates on the controller to give it this total network control in a single pan of glass fashion rather than logging into all different applications / GUI’s.

It will use several Southbound APIs to control devices including NETCONF, SSH, SNMP depending on what protocols they use to communicate with the DNA Controller.

Cisco ISE (Identity Services Engine) is utilized by DNA Center to completely identify anything that touches the network as in who it is, what the device is (what OS it is / is it an approved OS?), what department they are part of, etc.

As of this writing there is an API that talks between DNA Center and ISE, and ISE still needs some configuration within its own GUI, but in the very near future I imagine ISE will be integrated directly into DNA Center as I assume DNA Center will move from Appliance based to Cloud Based in the very very near future.

ISE will actually have two API’s talking to both DNA Center for its Management Plane and implementing policies, and an API directly to the the APIC in DNA Center for rapid response to events in the network, for example if two devices are detected in the payroll department it needs to immediately identify and apply policy to those devices.

The final piece of DNA Center is the “Cisco NDP” or Cisco “Network Data Platform” which is what collects data analytics such as Netflow, SYSLOG, etc (which may be some of the Southbound APIs), which this is where some of the AI / Machine Learning comes into play as Cisco NDP in DNA Center will intelligently spot problems and recommend solutions to issues to the Network Administrator that it finds while collecting data.

Just how powerful of deployments of DNA Center are currently offered?

Currently there are 3 levels of DNA Center offerings that run on Cisco UCS Servers, so you will want to make sure that your level (Entry / Mid / Large) can function on your UCS Server size as those are not necessarily included with DNA Center Software and Controllers.

You can look at DNA Center first hand in a Sandbox environment @ Cisco’s DevNet Sandbox and logging in using your Cisco.com credentials, and test out not only DNA Center but SD-WAN consoles along with FMC (Firepower Management Console).

That is it for this intro to DNA Center!

Want to hit a topic of “Intent Based Networking” in some depth here, I hope this has been somewhat informative, and I hope you follow along the journey of Automation as well! 🙂



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s