1、#CiscoLive#CiscoLiveBRKENS-1850What is Infrastructure Transformationand how it can help you succeedMarcello Ishida,Global Systems ArchitectRenato Morais,Security Technical Solutions Architect 2023 Cisco and/or its affiliates.All rights reserved.Ci���sco P�����ublic#CiscoLiveWho are we?Global Systems Archite
2、ct+24Y of industry experience12Y at Cisco(5Y in sales,8Y in CX as Architect)Enterprise Networking&Business Architect leadwithin Americas����� CGEM at CiscoSpeaker at various ciscos World Wide eventsBrazilian barbecue lover3Security Solutions Architect+20Y of������� cybersecurity industry experience6Y at CiscoVi
3、sibility&Segmentation SME lead within GVE at CiscoCraft bee�����r hunter BRKENS-1850#29902 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi�������veEnter your personal notes hereCisco Webex App 4Questions?Use Cisco Webex App to chat with the speaker after the sessionFind the“BRKENS-1850
4、”session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,����2023.12344https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco
5、PublicBRKENS-1850Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInf�������rastructure Transformation based on world changeThe SDN journeypart 1 New concepts demo 1 Explore our real environmentpart 2 Segme����ntation demo 2 Segmentation in action!part 3 Micro segmentation demo 3 Micro s
6、egmentation in action!BRKENS-18505 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive6BRKENS-1850image source&image sourceimage sourceInfrastructure Transformation 2023 Cis�������co and/or its affiliates.All rights reserved.Cisco Public#CiscoLive8BRKENS-1850According to the World E
7、conomic Forum,we are now entering a new,digital-driven era ofGlobalization referred to as“Globalization 4.0”.Digital goods and services,enabled by digitalcapabilities and artificial i������ntelligence,are leading exportsSource:Cisco 2020s Global Networking Trends Report 2023 Cisco and/or its affiliates.Al
8、l rights reserved.Cisco Public#CiscoLiveIts an increasing mobile driven worldBRKENS-18509 2023 Cisco and/or its affiliates.All righ�������ts reserved.Cisco Public#CiscoLiveA“new no�����rmal”dynamic hyperconnected worldBRKENS-185010FinancialanalystHRGuestAccountmanagerLoan AgentDoor locksCamerasPoint ofsaleInter
9、netClient recordsSecurityNew challengesNew challengesIdentify and group all users,devices,and connected thingsProvide granular access privilegesProtect �������users andapplications from threatsBilling 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv�����eFocus on“what”instead of“how”Ci
10、scos intent-based networking(IBN)extendssoftware-defined networking(SDN)to meet new demands11BRKENS-1850IntentIntent-basedbasednetworkingnetworkingActi�����vationOrchestrate policies and automate systems configurationSDNSDNAn�������alyticsContinuous verification,insights,visibility,andcorrective actionsBusiness
11、 intentContinuous network alignmentTranslationCapture business intent,translate to policies,and check int�������egrity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185012Path to digitizationSource:Cisco InternalThe SDN journey 2023 Cisco and/or its af������filiates.All rights
12、 reserved.Cisco Public#CiscoLiveBRKENS-185014Tr���aditional campus LAN and next gen SDN campusTraditional multilayer campusLayer 3routed accessL2 access simplified distributionSD-Accessfabric for campusPhysical topologyLogical topologyDesign notesORProtocols&tuningSimple,stable,limited layer2Flexible,p
13、rone to floodingFlexible,BEST OF BOTH!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Software-Defined Access(����SD-Access)The����� foundation for Ciscos intent-based networkBRKENS-185015IoT networkIoT networkEmployee networkEmployee networkClient mobilityClient mobilityPoli
14、cy follows userSDSD-AccessAccessextensionextensionOutsi�������deDeep visibi����lityDeep visibilityIdentify and group endpoints.Map their interactions and define access policiesGroupGroup-based policy and segmentationbased policy and segmentationEnforce group-based access policies and secure network through seg
15、mentationPolicy consistency throughoutPolicy consistency throughoutUse Ciscos multidomain architecture for consistent access and secur������ity policies throughout the en�������terpriseCisco DNA Center&Cisco ISECisco DNA Center&Cisco ISEAssuranceAutomationPolicyB BB BC C 2023 Cisco and/or its affiliates.All righ
16、ts reserved.Cisco Public#CiscoLiveAddressing the“new normal”dynamic connectionsBRKENS-185016Financial analystHRAccountmanagerLoan agentClientsGuestClient recordsInternetBillingPoint of saleCamerasDoor locksPart 1 New concepts 2023 Cisco and/or its affiliates.All rights reserved.Cisco���� Public#CiscoLiv
17、eCisco ISE and Cisco DNACIntegration for policy automationBRKENS-185018Campus FabricAuthentication Authorization Polic�������iespxGridREST APIsCisco Identity Services EngineCisco DNA CenterFabric ManagementPolicy Authoring WorkflowsGroups and Policies 2023 Cisco and/or its affiliates.All rights reserved.Ci
18、sco Public#CiscoLiveBRKENS-185019Lets explore our SD-Access environmentFabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1Glob������al-Pool:100.0.0.0/8APs:100.123.0.0/16Campus VN:100.100.0.0/16Guest VN:100.99.0.0/16TRUNKISE+DNACUnderlay���� x OverlayPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1
19、/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/11DNSDHCPClient 1Client 2Client 3Client 4 2023 Cisco and������/or its a�����ffiliates.All rights reserved.Cisco Public#CiscoLive20BRKENS-1850SDA moves to IDENTITYIDENTITYMoving away from an IP a
20、ddress centric view192.168.3.47192.168.12.213192.168.8.89 192.168.37.149JohnSusanAlanNathan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive21BRKENS-�����1850It starts with a UserUseror a device or thingJohn 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
21、oLive22BRKENS-1850JohnWe move the user into a GroupGroup 2023 Cisco and/or its affiliates.All rights reserved.���Cisco Public#CiscoLive23BRKENS-1850We place the GroupGroup into aVirtual NetworkVirtual NetworkJohnJohnSusanCAMPUSCAMPUS 2023 Cisco and/or its affiliates.All rights reserved.Ci���sco Public#Cis
22、coLive24BR������KENS-1850VNVN to VNVN SegmentationSegmentationDefault mode is DENY-ALLCAMPUSCAMPUSGUESTGUE�����STCommunication between different VN(s)(ex.:companies)SusanJohnAlanNathan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive25BRKENS-185025BRKENS-1850MicroMicro SegmentationSe
23、gmentationDefault mode is DENY-ALLCommunication between different groups on the same VN(s)Default mode is PERMIT ALLVirtual Network:CAMPUSCAMPUSJohnSusan 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185026Our LAB Virtual Networks(VNs)SegmentationMi�����cro Seg.Micro S
24、eg.SegmentationCAMPUSCAMPUSGUESTGUESTHRHRAcctAcctGuestGuest 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185027Lets see it in a real life!Fabric10�����0.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxG��������ridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24G
25、i1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPDemo 1 Explore our real environment 2023 Cisco a�����nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185029Demo 1 Explore our real environment(recap)Fabric100
26、.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0������/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/�����0/11DNSDHCPPart 2 Segmentation 2023 Cisco and/or its affiliates.All ri
27、ghts reserved.Cisco Public#CiscoLiveClient 1HR1BRKENS-185031Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGri�������dGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0
28、/11DNSDHCPClient 4GUESTDemo 2 Segmentation in ACTION!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveClient 1HR1BRKENS-185033Demo 2 Segmentation in ACTION!(recap)Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGri�������dGi1/0/21,22Gi1/0/23,24Gi1/0/13,
29、14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat�������� 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPClient 4GUESTPart 3 Micro Segmentation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-185035Fabric100.64.0.0/24.100.101.53.2Gi
30、1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(Cat 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FRANGi1/0/10Gi1/0/11DNSDHCPClient 1HR1Client 2ACCT1Client 3HR2Demo 3 �������Micro Segmentation in ACTION!2023 Cisco an
31、d/or its affiliates.All rig�������hts reserved.Cisco Public#CiscoLiveBRKENS-185037Fabric100.64.0.0/24.100.101.53.2Gi1/0/10Gi1/0/10Gi1/0/1Gi0/0/2Gi0/0/1TRUNKPxGridGi1/0/21,22Gi1/0/23,24Gi1/0/13,14Gi1/0/23,24Gi1/0/21,22sf-transit(C�������at 9300)sf-FIAB(Cat 9300)sj-CP-Border(Cat 9300)sj-EDGE(Cat 9300)SAN JOSESAN FR
32、ANGi1/0/10Gi1/0/11Demo 3 Micro Segmentation in ACTION!(recap)DNSDHCPClient 1HR1Client 2ACCT1Client 3HR2 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicKey takeaways!How cisco is ad������dressing Network Transformation challengesSD-access journey outcomes:Automation/Orchestration as a way
33、 to address complexitySimplification on managing security policies from small to very big enviro������nments in a dynamic wayHigher SLAs with no effort for your Operations teamsBRKENS-185038 2023 Cisco and/or its affiliates.All rights res�������erved.Cisco Public#CiscoLiveFill out your session surveys!Attendees
34、who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!39BRKENS-1850These points help you get ������on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Liv
35、e Game for every survey compl�����eted.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-
36、Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive42Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side ����menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123442 2023 Cisc������o and/or its affiliates.All rights reserved.Cisco PublicBRKENS-1850#CiscoLive
sgpjbg002
工作日 8:30 - 17:30
报告分类
