Is it the end of “mean time to innocence” for network engineers?
Distinguished Systems Engineer (DSE)
As digitization drives all information to be accessible online, the first user reaction when an application or data is inaccessible is to blame the network. A recent Cisco study shows that network engineers spend almost 50% of their time on network troubleshooting to try to find and resolve those problems. This has become such a concern that engineers have coined the term "mean time to innocence" to describe this tendency to point the finger at the network.
Today, network engineers are torn between providing a highly available network infrastructure and reacting to the speed of business change. At the same time, security has become a much greater concern as ransomware and the number of things connected to corporate networks continue to grow. Many have heard the stories of the vending machine that took down a university campus or the fish tank that compromised a casino.
In this context of increased need for security and user experience (both end-user and engineer), how can we then decrease the “mean time to innocence”?
DNA Center: Context and Intent
At Cisco, we believe it’s all about leveraging the network intelligence. Over the past few years, we have been developing a new way to build and operate campus networks. The heart of this approach is a controller called Digital Network Architecture Center, or DNA Center. This is a centralized, intuitive management platform that makes it fast and easy to design, provision and apply policy across the entire network environment. It also provides awesome insight that creates the context for operators to be able to see and resolve issues before users notice.
In the past, network devices have mostly acted autonomously. The rich insights and the powerful network controls were largely deployed on a device per device basis without "the wisdom of the crowd". This changes with a controller such as DNA Center, allowing network devices to be configured holistically and correlate individual device insights with other data sources.
Automation of networks is something we began with our first Campus controller - APIC-EM. The key concept was to simplify network changes through policy and business intent. Put simply, this is the ability to describe an outcome (for example, the WebEx application is relevant to my business), and trust the controller to implement that business intent on the relevant network devices. In this example, the controller deploys a prescriptive set of Quality of Service (QoS) configurations, representing Cisco's thirty years of experience in deploying QoS. The controller takes into account the topology of the network devices, the version of code used, as well as the resources available before implementing the optimal configuration. You can think of the controller as an intent complier – translating business intent into network device configuration.
DNA Center is the evolution of APIC-EM and it comes closer to delivering intent-based networks, by extending the earlier approach to network segmentation. For example, now we can determine that "PCI devices should be isolated from users". The other major new component of DNA Center is the assurance engine, which is what provides a holistic view of the health of the network from the lens of the network engineer, end user or business application.
DNA Center: what results can you expect?
The controller approach simplifies the deployment and operation of a campus wired and wireless infrastructure, increasing productivity, user experience and security – all while reducing costs, as you can see in the graph. The below results were obtained through the Cisco DNA ROI Calculator.
Specifically, this is what we can do today with DNA Center to address the challenges of the past and provides a platform for the future.
If you want to see for yourself how simple and easy it is to use DNA Center, you can take a look at some of the missions in the Cisco Mars Challenge.