Cisco® Software-Defined Access (SD-Access) is a solution within the Cisco Digital Network Architecture (Cisco DNA) that is built on the principles of intent-based networking. Cisco SD-Access provides automated end-to-end visibility-based segmentation that separates user, device, and application traffic without the need to redesign the underlying physical network. Cisco SD-Access automates user access policies so that organizations can ensure that the correct policies are set for any user or device to communicate with any application on the network. This is accomplished by applying uniform access policies across LANs and WLANs, creating a consistent user experience anywhere without security restrictions.
Cisco SD-Access enables IT transformation by improving visibility, defining and enforcing group-based access policies, segmenting the network to isolate traffic, reduce risk and mitigate threats, and achieving policy consistency across the network, from users to applications. Creating this next-generation solution involves several key foundational elements:
Controller-based architecture: Cisco SD-Access uses the Cisco DNA Center, a command and control center for the Cisco DNA-based network that drives business objectives for orchestration and operation of network elements. This includes day-0 configuration of devices and policies associated with users, devices, and endpoints as they connect to the network. Cisco DNA Center also collects and analyzes network telemetry and data from multiple sources for in-depth analysis that identifies connected endpoints and associated traffic patterns and helps define access policies.
Policy Enforcement Engine: Policies, once defined, are stored in the Cisco Identity Services Engine (ISE). ISE authenticates and authorizes endpoints based on security policies and grants them the appropriate level of network access based on their roles or functions.
Network Factory: with a controller and rule enforcement, you can start building a network in logical blocks called factories. The Cisco SD-Access factory uses overlay to support mobility, segmentation, and programmability at very large scale. The overlay uses a control plane to keep a current mapping of endpoints to their location on the network that updates as endpoints move around the network. The Cisco SD-Access structure enables several key features such as guest mobility regardless of traffic volume and network size, Layer 2 and Layer 3 segmentation, and wireless network integration.
Programmable Infrastructure: To build a modern infrastructure, Cisco equips its current and future devices with advanced features that enable full lifecycle management while being open, standards-based, and extensible.
Central Solution Management from Cisco DNA Center
L3 Routed Access
SGT (Security Group Tag)
Cisco TrustSec
VXLAN
Integration with Cisco ISE
Centralized network management from one place. The solution makes it easy to configure, manage and monitor the entire network
Micro and Macro network segmentation based on defined policies: SD-Access uses group-based access policies for efficient multi-level segmentation, resulting in Zero-trust security
Endpoint behavior analysis and trust validation: SD-Access continuously checks endpoint behavior, looks for vulnerabilities and validates their trustworthiness for further access
Endpoint identification, profiling and clustering:SD-Access uses advanced AI and ML-based analytics to identify and cluster endpoints. It analyzes traffic flows between groups and defines effective access policies
The Cisco SDA (Software-Defined Access) solution is designed for organizations and enterprises that want to:
