Half 1 of the 2-part Cisco DNA Heart Planning and Adoption
My aim for this collection is that can assist you get began with Cisco DNA Heart and get essentially the most out of your funding. I’m going to promote you on why you need or want Cisco DNA Heart as a result of if you’re studying this, it’s since you are able to get began however have some questions or considerations about what the heck Cisco DNA Heart does.
I’ll begin by explaining the basics of System Controllability and the configuration adjustments made by means of the Base Automation. After that I’ll clarify the related settings within the Design menu (Website Hierarchy, Community Settings) and within the Provision menu (Stock and Plug and Play). Then I’ll present you what Cisco DNA Heart will Add, Change, or Delete from the configuration of your infrastructure be it present Brownfield units or brand-new Greenfield units. When you perceive what is going to change, then you definately’ll have the option make the choice of when or when to not use the settings which are half the Base Automation. Having that understanding will prevent time and can tremendously enhance the success of your Cisco DNA Heart adoption.
Challenges
The very first thing you could do is be open to alter and let go of the ways in which you’ve “at all times” completed issues. Cisco DNA Heart is a paradigm change in the way in which that you just plan, function, and optimize your community. You must get snug with doing much less in CLI and extra with DNA Heart. This can be a enormous shift for many of us who’re very deep within the handbook mindset.
To not fear you’ll nonetheless use the CLI and IOS instructions however hopefully far much less and in new and thrilling methods… Configuration Templates.
Belief me you’ll get extra work completed and have extra time for the enjoyable issues like tasks in the event you leverage the workflows and automate your operations. If you don’t use, I imply actually use Cisco DNA Heart you’ll not notice the good thing about the device.
The three truths of Automation
Automation is not a luxurious. It’s a necessity!
The handbook mindset doesn’t scale and is susceptible to error.
We as Community Engineers should evolve in mindset and in our abilities to automate.
What’s Cisco DNA Heart?
Earlier than we start let’s begin with a fast stage set of what Cisco DNA Heart shouldn’t be, and what it’s supposed to do.
Cisco DNA Heart is a robust community controller that permits you to optimize your community and decrease your IT spending. Cisco DNA Heart offers that digital agility to drive community insights, automation, and safety.
It’s the platform for AIOps, NetOps, SecOps, DevOps, and Web of Issues (IoT) the place the entire Telemetry and Assurance information collected is continually analyzed with AI/ML know-how to offer you a single dashboard for each perform in your community.
Cisco DNA Heart is:
- A administration platform in your Campus Enterprise Community
- An Automation platform for system configuration of coverage and providers
- Overseen by a Compliance System to make sure that your community is working to the usual that you just set, which is the “Intent”
- An Assurance and Analytics engine to ensure the perfect community expertise for all of your customers
Cisco DNA Heart is way more than a Community Administration System (NMS) and in the event you mistake it for one you’ll not notice its capabilities and your expectations can be misaligned for the product.
The workflows within the DNA Heart are ruled by RABAC and arranged by process (Design, Coverage, Provision, and Assurance) that are primarily based on the roles and duties of the IT Workers and align to the ITIL Framework; Design, Transition, Operation, and Continuous Enchancment. So, in brief, the duties within the controller are aligned to how your Structure, Engineering, Safety, and Operations groups work.
How does it work?
In an effort to do all these nice issues, we have to uncover and management the infrastructure and with DNA Heart we try this by means of the Base Automation settings discovered within the Design menu and utilized to your infrastructure when units are Found, manually or PnP added to the community hierarchy, and when units are provisioned.
So, whenever you consider the Base Automation, you could understand that they’re there to automate the configuration within the curiosity of Cisco DNA Heart. What I imply by that’s that the automations are there for the controller to handle the community. Your customized configurations will not be a part of that intent so you must perceive precisely what is occurring so as to make an knowledgeable determination on use the Base Automation and the related configuration settings to satisfy your wants. So don’t blindly fill out the Community Settings like a medical type, pay attention to their influence! The excellent news is that you could nonetheless notice the worth of Base Automation however you might want to know when to make use of them and how one can preserve your site-specific configuration with Configuration Templates.
I’ll present you what adjustments, when it adjustments, and provide the testing and validation instruments so as to validate the automation and configuration adjustments in your atmosphere. Understanding these configurations and automations will help you correctly use the Base Automation and Configuration Templates to construct a base configuration that may align along with your organizations present configuration insurance policies. And also you’ll have the ability to be certain that configuration intent is utilized accurately and constantly in your community.
I’ll begin with the Design menu protecting Community Settings, System Credentials, and Telemetry. I’ll depart the opposite settings within the Design menu (IP Handle Swimming pools, SP Profiles, and Wi-fi) to a different weblog as a result of they’re past the scope of System Controllability and Base Automation. After I cowl the settings, we’ll transfer to the workflows that push the configuration after which I’ll introduce pyATS to validate the adjustments that the controller made to the units.
System Controllability
I need to take a second to clarify the significance of System Controllability. System Controllability is a system-level course of on Cisco DNA Heart that enforces state synchronization for some device-layer options. Its objective is to help within the deployment of required community settings that Cisco DNA Heart must handle units. Adjustments are made on community units throughout discovery, when including a tool to Stock, or when assigning a tool to a website. If adjustments are made to any settings which are beneath the scope of this course of, these adjustments are utilized to the community units through the Provision and Replace Telemetry Settings operations, even when System Controllability is disabled. The next system settings can be enabled as a part of System Controllability when units are found:
- SNMP Credentials
- NETCONF Credentials
Subsequent to discovery, units can be added to Stock. The next system settings can be enabled when units are added to stock:
- Cisco TrustSec (CTS) Credentials
The next system settings can be enabled when units are assigned to a website. A few of these settings could be outlined at a website stage beneath Design > Community Settings > Telemetry & Wi-fi.
- IPDT Enablement
- Controller Certificates
- SNMP Entice Server Definitions
- Syslog Server Definitions
- NetFlow Server Definitions
- Wi-fi Service Assurance (WSA)
- Wi-fi Telemetry
- DTLS Ciphersuite
- AP Impersonation
If System Controllability is disabled, Cisco DNA Heart doesn’t configure any of the credentials or settings talked about above on units throughout discovery, at runtime, or throughout website task.
When you disable System Controllability you’ll lose real-time Assurance data, the configuration settings wanted within the Base Automation to correctly management the community units in your community, and also you won’t be able to implement SD-Entry.
Community Hierarchy
Community Hierarchy is the way you construct a logical construction in your community into Areas, Buildings, and Flooring. Areas are a grouping of different Areas or Buildings that may be a number of layers deep. You may also have a number of Buildings in an Space with a number of flooring in every constructing. Community Hierarchy can also be the way you set World “centralized” or website particular “localized” configuration settings for the group.
Be aware that the World Community Settings and your customized configuration utilized with Configuration Templates could be inherited from the World stage within the hierarchy or over ridden at decrease ranges within the hierarchy. This provides you a really versatile, absolutely customizable answer for system configuration in your community.
Community Settings
These settings are non-obligatory and should not have for use until you need Cisco DNA Heart to manage the configuration and guarantee compliance of the observe gadgets;
- DHCP
- DNS Server
- Time Zone
- Message of the Day
- AAA (for community units)
- Picture Distribution
- NTP
- Cisco Safe Community Analytics (previously often known as Stealthwatch)
System Credentials
These are required to attach, configure, and handle the units in your community. There are some caveats with System Credentials:
- If the Credential configuration exists on the system, then it is going to be ignored.
- If a fallback person (static person account) and Allow shouldn’t be configured on the system, then it is going to be configured as a part of the Discovery and add system to stock workflows.
- System sync will add it again in the event you take away it from configuration.
- If in case you have an ACL utilized to the SNMP neighborhood, it’s going to get eliminated.
You’ll have to use a DayN template so as to add again or take away any undesirable configuration that the Base Automation makes to the system.
At a minimal you could configure the next credentials;
- CLI Username, Password and Allow Password
- SNMPv2 RO
- SNMPv2 RW or an SNMPv3
The HTTP(S) credentials are required for connecting to Meraki, Firepower Administration Heart, Utility Internet hosting, and NFV/Compute units. The HTTP(S) credentials will not be validated for Community Gadgets. Nevertheless, Utility Internet hosting does require HTTP(S) entry for its automation workflow so that may be configured on per system foundation from Stock.
- HTTP(S) Learn
- HTTP(S) Write
Telemetry
The Telemetry settings configure Cisco DNA Heart or your present servers for assortment of SNMP, Syslog, NetFlow, and IP System Monitoring (IPDT) for Wired and Wi-fi Controller Streaming Telemetry. You can disable these choices however that may restrict to usefulness of the controller. For instance, in the event you had been to disable IPDT you wouldn’t have the ability to do SD-Entry or achieve Assurance information on the top hosts related to your community.
Beneath are the metrics gathered from units and the frequencies with which they’re collected. (Be aware: that this can be a setting on Cisco DNA Heart. It doesn’t trigger any configuration change on units.)
- System Well being – Consists of CPU, Reminiscence, Atmosphere Temperature and System Availability metrics. Polled each 10 minutes
- Interface Well being – Consists of Interface Availability and Ethernet metrics. Polled each 10 minutes
- TCAM – Polled each half-hour
- Cloth Well being – Consists of IPSLA, RTTMON and LISP metrics.
Wrap up
So, we’ve lined the background, the settings, and I’ve given you some steering on how, when and when to not use the bottom automation configuration settings. Within the subsequent version, I’ll present you what is going to change, when the bottom Automation will make adjustments to your units, and provide the instruments to validate the configuration change in your units.
Hopefully, you’ve picked up one thing new or perhaps one thing that was unclear is now obviously apparent. Problem and take a look at your self every single day. By no means surrender, you at all times have extra to offer, and something value doing is value overdoing!
References
Cisco DNA Heart Finish-Consumer Guides (Consumer/Platform/Assurance/Rouge/Bonjour/Safe Analytics/SDA)
Launch Notes, Model 2.2.3 – At all times, I imply ALWAYS learn the discharge notes.
Cisco DNA Heart Safety Greatest Practices Information – Since you ought to learn it!
Share: