Solved: Re: Out of Topic: Master Thesis on DNA Center

OrkhanRustamli · ‎10-05-2020

Hi All,

Sorry for out of topic if it is so. I am on by second and hopefully last year of master degree and I need to choose thesis topic which I am struggling a lot. Then I though about DNA Center as our company is first and only one in whole Baltic Countries + Finland (if I am not mistaken) to use DNA Center in production which can be open for experimental or use-case analysis topic.

My main question: What problem is DNA Center solving regarding security. From what I got about DNA Center, it is more about fastening the process of network installation and management and etc., but I am not sure whether it is bringing something new to network security.

If there is anything, please let me know.

Thanks in advance!

Damien Miller · ‎10-05-2020

I'll argue that DNA Center, or more specifically DNACs software defined access, hasn't revolutionized campus security, because it in itself didn't really introduce anything new. Prior to DNAC coming around, we had already had 802.1x/MAB authentication and TrustSec with ISE, and VRFs were also well used. These technologies are mature, reliable, and easily deployable without DNAC.

DNACs more recent plays which Jedolphi touched on, Endpoint Analytics, and Group Base Policy Analytics, have also been around for a couple years if you look at Cisco's network agnostic competitors. A couple examples could be the like of companies such as Ordr or Zingbox (there are many others too), who have been in the market for much longer, and have superior more complete products. Cisco has only just begun executing on the vision for these tools, and to be frank they are years late to their own game.

For me, DNAC's true goal is the promise of simplified network device onboarding and configuration. This is something that I feel is still yet to be delivered because I don't see people preaching the ease of deploying, integrating, or troubleshooting SDA networks.

So does it bring anything new to network security? No, not really, it just tries to create a convenient solution wrapper for the existing security components.

View solution in original post

jedolphi · ‎10-05-2020

Hi Orkhan. Not sure if it's appropriate for your thesis, but, we have just added Group-Based Policy Analytics and also Endpoint Analytics to the latest DNA Center release (2.1.2.3) which should come out later this week or next week. Collateral for those features should come soon after release. In addition, in a sense, DNAC is solving the problem of consistent end-to-end configuration which is necessary for SGT and VN (VRF) to work with maximum efficacy. Best regards, Jerome

Damien Miller · ‎10-05-2020

I'll argue that DNA Center, or more specifically DNACs software defined access, hasn't revolutionized campus security, because it in itself didn't really introduce anything new. Prior to DNAC coming around, we had already had 802.1x/MAB authentication and TrustSec with ISE, and VRFs were also well used. These technologies are mature, reliable, and easily deployable without DNAC.

DNACs more recent plays which Jedolphi touched on, Endpoint Analytics, and Group Base Policy Analytics, have also been around for a couple years if you look at Cisco's network agnostic competitors. A couple examples could be the like of companies such as Ordr or Zingbox (there are many others too), who have been in the market for much longer, and have superior more complete products. Cisco has only just begun executing on the vision for these tools, and to be frank they are years late to their own game.

For me, DNAC's true goal is the promise of simplified network device onboarding and configuration. This is something that I feel is still yet to be delivered because I don't see people preaching the ease of deploying, integrating, or troubleshooting SDA networks.

So does it bring anything new to network security? No, not really, it just tries to create a convenient solution wrapper for the existing security components.