1、#CiscoLive#CiscoLiveBRKENS-1850What is Infrastructure Transformationand how it can help you succeedMarcello Ishida,Global Systems ArchitectRenato Morais,Security Technical Solutions Architect 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWho are we?Global Systems Archite
2、ct+24Y of industry experience12Y at Cisco(5Y in sales,8Y in CX as Architect)Enterprise Networking&Business Architect leadwithin Americas CGEM at CiscoSpeaker at various ciscos World Wide eventsBrazilian barbecue lover3Security Solutions Architect+20Y of cybersecurity industry experience6Y at CiscoVi
3、sibility&Segmentation SME lead within GVE at CiscoCraft beer hunter BRKENS-1850#29902 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 4Questions?Use Cisco Webex App to chat with the speaker after the sessionFind the“BRKENS-1850
4、”session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12344https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco
5、PublicBRKENS-1850Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInfrastructure Transformation based on world changeThe SDN journeypart 1 New concepts demo 1 Explore our real environmentpart 2 Segmentation demo 2 Segmentation in action!part 3 Micro segmentation demo 3 Micro s
6、egmentation in action!BRKENS-18505 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive6BRKENS-1850image source&image sourceimage sourceInfrastructure Transformation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive8BRKENS-1850According to the World E
7、conomic Forum,we are now entering a new,digital-driven era ofGlobalization referred to as“Globalization 4.0”.Digital goods and services,enabled by digitalcapabilities and artificial intelligence,are leading exportsSource:Cisco 2020s Global Networking Trends Report 2023 Cisco and/or its affiliates.Al
8、l rights reserved.Cisco Public#CiscoLiveIts an increasing mobile driven worldBRKENS-18509 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA“new normal”dynamic hyperconnected worldBRKENS-185010FinancialanalystHRGuestAccountmanagerLoan AgentDoor locksCamerasPoint ofsaleInter
9、netClient recordsSecurityNew challengesNew challengesIdentify and group all users,devices,and connected thingsProvide granular access privilegesProtect users andapplications from threatsBilling 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFocus on“what”instead of“how”Ci
10、scos intent-based networking(IBN)extendssoftware-defined networking(SDN)to meet new demands11BRKENS-1850IntentIntent-basedbasednetworkingnetworkingActivationOrchestrate policies and automate systems configurationSDNSDNAnalyticsContinuous verification,insights,visibility,andcorrective actionsBusiness
11、 intentContinuous network alignmentTranslationCapture business intent,translate to policies,and check integrity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185012Path to digitizationSource:Cisco InternalThe SDN journey 2023 Cisco and/or its affiliates.All rights
12、 reserved.Cisco Public#CiscoLiveBRKENS-185014Traditional campus LAN and next gen SDN campusTraditional multilayer campusLayer 3routed accessL2 access simplified distributionSD-Accessfabric for campusPhysical topologyLogical topologyDesign notesORProtocols&tuningSimple,stable,limited layer2Flexible,p
13、rone to floodingFlexible,BEST OF BOTH!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Software-Defined Access(SD-Access)The foundation for Ciscos intent-based networkBRKENS-185015IoT networkIoT networkEmployee networkEmployee networkClient mobilityClient mobilityPoli
14、cy follows userSDSD-AccessAccessextensionextensionOutsideDeep visibilityDeep visibilityIdentify and group endpoints.Map their interactions and define access policiesGroupGroup-based policy and segmentationbased policy and segmentationEnforce group-based access policies and secure network through seg
15、mentationPolicy consistency throughoutPolicy consistency throughoutUse Ciscos multidomain architecture for consistent access and security policies throughout the enterpriseCisco DNA Center&Cisco ISECisco DNA Center&Cisco ISEAssuranceAutomationPolicyB BB BC C 2023 Cisco and/or its affiliates.All righ
16、ts reserved.Cisco Public#CiscoLiveAddressing the“new normal”dynamic connectionsBRKENS-185016Financial analystHRAccountmanagerLoan agentClientsGuestClient recordsInternetBillingPoint of saleCamerasDoor locksPart 1 New concepts 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
17、eCisco ISE and Cisco DNACIntegration for policy automationBRKENS-185018Campus FabricAuthentication Authorization PoliciespxGridREST APIsCisco Identity Services EngineCisco DNA CenterFabric ManagementPolicy Authoring WorkflowsGroups and Policies 2023 Cisco and/or its affiliates.All rights reserved.Ci
18、sco Public#CiscoLiveBRKENS-185019Lets explore our SD-Access environmentFabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1Global-Pool:100.0.0.0/8APs:100.123.0.0/16Campus VN:100.100.0.0/16Guest VN:100.99.0.0/16TRUNKISE+DNACUnderlay x OverlayPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1
19、/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/11DNSDHCPClient 1Client 2Client 3Client 4 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive20BRKENS-1850SDA moves to IDENTITYIDENTITYMoving away from an IP a
20、ddress centric view192.168.3.47192.168.12.213192.168.8.89 192.168.37.149JohnSusanAlanNathan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive21BRKENS-1850It starts with a UserUseror a device or thingJohn 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
21、oLive22BRKENS-1850JohnWe move the user into a GroupGroup 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive23BRKENS-1850We place the GroupGroup into aVirtual NetworkVirtual NetworkJohnJohnSusanCAMPUSCAMPUS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cis
22、coLive24BRKENS-1850VNVN to VNVN SegmentationSegmentationDefault mode is DENY-ALLCAMPUSCAMPUSGUESTGUESTCommunication between different VN(s)(ex.:companies)SusanJohnAlanNathan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive25BRKENS-185025BRKENS-1850MicroMicro SegmentationSe
23、gmentationDefault mode is DENY-ALLCommunication between different groups on the same VN(s)Default mode is PERMIT ALLVirtual Network:CAMPUSCAMPUSJohnSusan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185026Our LAB Virtual Networks(VNs)SegmentationMicro Seg.Micro S
24、eg.SegmentationCAMPUSCAMPUSGUESTGUESTHRHRAcctAcctGuestGuest 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185027Lets see it in a real life!Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24G
25、i1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPDemo 1 Explore our real environment 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185029Demo 1 Explore our real environment(recap)Fabric100
26、.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPPart 2 Segmentation 2023 Cisco and/or its affiliates.All ri
27、ghts reserved.Cisco Public#CiscoLiveClient 1HR1BRKENS-185031Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0
28、/11DNSDHCPClient 4GUESTDemo 2 Segmentation in ACTION!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveClient 1HR1BRKENS-185033Demo 2 Segmentation in ACTION!(recap)Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,
29、14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPClient 4GUESTPart 3 Micro Segmentation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185035Fabric100.64.0.0/24.100.101.53.2Gi
30、1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPClient 1HR1Client 2ACCT1Client 3HR2Demo 3 Micro Segmentation in ACTION!2023 Cisco an
31、d/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185037Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FR
32、ANGi1/0/10Gi1/0/11Demo 3 Micro Segmentation in ACTION!(recap)DNSDHCPClient 1HR1Client 2ACCT1Client 3HR2 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicKey takeaways!How cisco is addressing Network Transformation challengesSD-access journey outcomes:Automation/Orchestration as a way
33、 to address complexitySimplification on managing security policies from small to very big environments in a dynamic wayHigher SLAs with no effort for your Operations teamsBRKENS-185038 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees
34、who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!39BRKENS-1850These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Liv
35、e Game for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-
36、Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive42Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123442 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENS-1850#CiscoLive