Cisco SDA

Cisco® Software-Defined Access (SD-Access) is a solution within the Cisco Digital Network Architecture (Cisco DNA) that is built on the principles of intent-based networking. Cisco SD-Access provides automated end-to-end visibility-based segmentation that separates user, device, and application traffic without the need to redesign the underlying physical network. Cisco SD-Access automates user access policies so that organizations can ensure that the correct policies are set for any user or device to communicate with any application on the network. This is accomplished by applying uniform access policies across LANs and WLANs, creating a consistent user experience anywhere without security restrictions.

Product description

Cisco SD-Access enables IT transformation by improving visibility, defining and enforcing group-based access policies, segmenting the network to isolate traffic, reduce risk and mitigate threats, and achieving policy consistency across the network, from users to applications. Creating this next-generation solution involves several key foundational elements:

  • Controller-based architecture
  • Policy Enforcement Engine
  • Network Fabric
  • Programmable infrastructure

Controller-based architecture: Cisco SD-Access uses the Cisco DNA Center, a command and control center for the Cisco DNA-based network that drives business objectives for orchestration and operation of network elements. This includes day-0 configuration of devices and policies associated with users, devices, and endpoints as they connect to the network. Cisco DNA Center also collects and analyzes network telemetry and data from multiple sources for in-depth analysis that identifies connected endpoints and associated traffic patterns and helps define access policies.

Policy Enforcement Engine: Policies, once defined, are stored in the Cisco Identity Services Engine (ISE). ISE authenticates and authorizes endpoints based on security policies and grants them the appropriate level of network access based on their roles or functions.

Network Factory: with a controller and rule enforcement, you can start building a network in logical blocks called factories. The Cisco SD-Access factory uses overlay to support mobility, segmentation, and programmability at very large scale. The overlay uses a control plane to keep a current mapping of endpoints to their location on the network that updates as endpoints move around the network. The Cisco SD-Access structure enables several key features such as guest mobility regardless of traffic volume and network size, Layer 2 and Layer 3 segmentation, and wireless network integration.

Programmable Infrastructure: To build a modern infrastructure, Cisco equips its current and future devices with advanced features that enable full lifecycle management while being open, standards-based, and extensible.


Features

Central Solution Management from Cisco DNA Center

L3 Routed Access

SGT (Security Group Tag)

Cisco TrustSec

VXLAN

Integration with Cisco ISE


Benefits

Centralized network management from one place. The solution makes it easy to configure, manage and monitor the entire network

Micro and Macro network segmentation based on defined policies: SD-Access uses group-based access policies for efficient multi-level segmentation, resulting in Zero-trust security

Endpoint behavior analysis and trust validation: SD-Access continuously checks endpoint behavior, looks for vulnerabilities and validates their trustworthiness for further access

Endpoint identification, profiling and clustering:SD-Access uses advanced AI and ML-based analytics to identify and cluster endpoints. It analyzes traffic flows between groups and defines effective access policies

Why Alef?

  • Strong technical team specialising in remote collaboration
  • Unique know-how in the areas of solution design, implementation and subsequent management
  • Dozens of satisfied customers

Who is the product for?

The Cisco SDA (Software-Defined Access) solution is designed for organizations and enterprises that want to:

  • Modernise and centralise the management of your networks
  • Facilitate automation of network deployment and configuration, simplifying management and reducing the potential for errors.
  • Detailed monitoring and analysis of traffic in the internal network.