Networking giant introduces technologies to automate and secure the enterprise LAN.
Cisco on Tuesday unveiled a set of software and hardware designed to create an "intuitive" enterprise network for the mobile and cloud era. Built on its Digital Network Architecture, Cisco's intent-based networking technologies include three key pieces: a DNA Center management dashboard, new Catalyst 9000 switches, and security analytics that can detect malware in encrypted traffic.
"Today I believe we're reinventing the network for the next 30 years," Cisco CEO Chuck Robbins said in a media and analyst event in San Francisco. "We're truly building the network of the future."
The network of the future needs to be able to scale massively to accommodate the connectivity needs of mobile users and Internet of Things devices, he said. With so many more connections, the threat surface increases, making security a priority. Cisco's vision is a secure, intelligent platform with analytics that advances digital business, he said.
"A network that actually thinks on behalf of our customers," Robbins said. "Technology that's intuitive from conception and adapts over time."
David Goeckeler, senior VP and general manager of networking and security at Cisco, said the new DNA technologies are the result of several years of work by company engineers. Announced last year, DNA extends software-defined networking from the data center to the campus and branch and focuses on automation, analytics, programmability and cloud service management.
DNA Center provides centralized management for the enterprise network and integrates with Cisco Identity Services Engine (ISE). The new Catalyst 9000 switches are built from the ground up to meet mobile and cloud requirements and feature programmable ASICs, and support third-party applications, Goeckeler said.
"We've rebuilt IOS for the digital age," he said, describing it as open, programmable, API-driven, and modular. "This will drive intent-driven networking for the next 30 years."
Goeckeler called Cisco's new ability to hunt down malware in encrypted traffic without decrypting the traffic a "true revolutionary breakthrough." The capability, enabled by the new Catalyst ASIC, combines Cisco Talos threat intelligence with machine learning to spot patterns of malware on the network while preserving data privacy. "We really believe this is a huge step forward for cybersecurity," Goeckeler said.
Other new technologies announced Tuesday include a new analytics platform that aggregates and correlates network data, and applies machine learning to provide guidance through the DNA Center Assurance service, and Software-Defined Access for automated policy enforcement and network segmentation.
He added that the advanced features such as encrypted traffic analysis are really innovative. "No longer do enterprises have to pick and choose which traffic types they decrypt for inspection. They can skip decryption and monitor the network without facing the risk of exposing data," he said.
McGillicuddy said DNA Center's integration with ISE, a technology for identifying endpoint devices and user IDs, is key. "ISE populates that information into DNA Center, and network engineers can drag and drop things like 'accounting department users' or 'R&D scientists' into specific virtual networks they create in DNA Center," he said.
Mike Fratto, research director of enterprise networking and data center technology at Current Analysis, said the Catalyst 9000 series looks solid. "It really starts to take off with DNA Center, but it seems not entirely full featured from a workflow management perspective," he said in an email. The switches use a mix of existing technology such as IOS XE, SGT and VXLAN "to form the fabric with new tech borrowed at least in spirit from the Nexus 9000 line for things like telemetry," he said.
"What's interesting is that unlike with the ACI launch, Cisco included support for the most common Catalyst switches, offering investment protection for existing users and easing migration," Fratto said.
Cisco said customers buying the new Catalyst 9000 switches will buy the DNA software capabilities via subscription, either through Cisco ONE suites or as individual components.
Seventy-five organizations, including NASA and Royal Caribbean Cruises Ltd., are conducting field trials of the new technologies Cisco unveiled Tuesday.
Intent-based networking isn't new. Earlier this year, Andrew Lerner, research director at Gartner, described it as the next big thing on the networking horizon.
"Intent-based networking is not a product, or a market. Instead, it is a piece of networking software that helps to plan, design and implement/operate networks that can improve network availability and agility," he wrote in a blog post. Companies developing the technology include Apstra, which offers intent-based networking for data center networks.