Solution overview

Cisco public

Cisco Solutions for

Intent-Based Networking (IBN)
The next era of enterprise networking – continuously aligning the network
to changing business needs with intent-based networking solutions.

The changing landscape

In today’s world, the emergence of artificial intelligence, the Internet of Things
(IoT), the cloud, ever-expanding amounts of data, and increasingly complex
cybersecurity threats are changing the technology landscape at breakneck
speed. Applications and services are moving everywhere in the enterprise –
from the remote edge to branch offices, to HQ, and all the way to data centers
in public-, private-, and hybrid-cloud environments. As a result, the data center
is no longer a place but instead is defined as wherever the data is created,
processed, and used. The expanding use of diverse IoT devices, apps, and
accompanying data is resulting in new distributed compute models, together
with exponentially greater levels of scale and complexity. Mobile users expect
immediate and high-performance connectivity at all times, everywhere, and on
any device over Wi-Fi and public 4G (and soon 5G) networks. Cybersecurity
threats are becoming increasingly sophisticated and dangerous across a broader
attack surface that is no longer contained within well-defined perimeters. This
dynamic technology landscape is a reality for all organizations, their employees,
and their customers, and is the engine for the digital economy. So IT is feeling
the pressure to address all these trends, typically with a constrained budget and
limited talent pool.

© 2019 Cisco and/or its affiliates. All rights reserved.

Solution overview
Cisco public
Digital Demands
The new network needs to:
• Align to the business
Enable new digital business initiatives, not
hold them back. The network needs the
agility to quickly and dynamically realign
with rapidly changing business objectives.
• Deal with growing complexity
Be easier to configure, operate, and
maintain in the face of growing scale
and complexity. Current operational
models are not scalable or sustainable.
• Assure service performance
Provide full visibility into how the network
is operating and provide assurance that
the network is supporting the desired
business initiatives and achieving
compliance. It also needs to identify any
discrepancies and recommend fixes.
• Reduce risk
Identify and neutralize security threats before
they cause harm. Multicloud, IoT, and mobile
adoption open up new threat vectors that the
network needs to constantly protect against.
© 2019 Cisco and/or its affiliates. All rights reserved.
The need for a new kind of network
In this environment, it is critical for IT leaders to adopt a radically new approach to networking.
The current rigid and largely manual lifecycle management approach is no longer sustainable for
deploying, maintaining, and updating networks, and it cannot scale to meet the growing complexity.
For an organization to flourish in the digital economy, the network needs to be able to adapt quickly
to changing business requirements or “intent.” The network needs to support an increasingly diverse
and fast-changing set of users, devices, applications, and services. It needs to ensure fast and secure
access to and between workloads wherever they reside. And for the network to work optimally, all
this needs to be achieved from end to end, between users, devices, apps, and services across each
network domain – campus, branch, WAN, data center, hybrid cloud, and multicloud. Which means that
organizations need a new, integrated architecture for each domain and also a way to align to application
performance and security needs across domains of the enterprise network.
Intent-based networking
How do you get there? With intent-based networking (IBN), the emerging industry model for the next
generation of networking. IBN builds on software-defined networking (SDN), transforming from a
hardware-centric and manual approach to designing and operating networks to a software-centric
and fully automated one that adds context, learning, and assurance capabilities. Your intent-based
network captures business intent and uses analytics, machine learning, and automation to align the
network continuously and dynamically to changing business needs. That means continuously applying
and assuring application performance requirements and automating user, security, compliance, and IT
operations policies across the whole network.
How does intent-based networking work?
Intent-based networking captures and translates business intent into network policies that can be
automated and applied consistently across the network. The end goal is for the network to continuously
monitor and adjust network performance to assure the desired business outcome. Ultimately, this is
achieved through a closed-loop system with the following functional building blocks - translation,
activation and assurance.
For intent-based networking to achieve its full potential, these three functions build on a programmable
network infrastructure (Figure 1):
Solution overview
Cisco public

“We believe a full IBNS Figure 1. Intent-based networking

implementation can reduce

network infrastructure Intent Policy
delivery times to the
business leaders by 50% to
90%, while simultaneously
reducing the number and Intent-based
Analytics Automation
networking
duration of outages by at
least 50%.”
- Andrew Lerner, Joe Skorupa,
and Sanjit Ganguli,
Innovation Insight: Intent-Based
Networking Systems (IBNS),
Gartner, Feb. 7, 2017
• Translation: Capabilities that tell the network what to do to achieve the desired business outcome
(intent), based on a consistent and verified policy the network can act upon.
-- Example: Translate a business intent that the finance department needs highly-secure and
uninterrupted service levels for its month-end reporting application into network-relevant policies.
These policies may define the segmentation, security, and application service-levels for the
network to implement.
• Activation: Deployment of the expressed policies throughout the network infrastructure, by automating
systemwide changes to all relevant network and security devices.
-- Example: Apply priority service levels for all users and applications on the secure finance reporting
segment across network and security devices in each network domain (data center, campus, WAN,
and branch).
• Assurance: Continuous monitoring and verification that the desired intent has been applied and
business outcome has been achieved. This can include remediation through recommended corrective
actions and ongoing optimization through predictive analytics.
-- Example: Use network telemetry to monitor and analyze the finance application performance against
desired outcomes, including remediation, optimization, and corrective actions as appropriate.
© 2019 Cisco and/or its affiliates. All rights reserved.
Solution overview
Cisco public

Benefits Cisco’s strategy for intent-based networking

The Cisco difference Cisco has a complete architecture and solution suite to deliver on the vision of applying and assuring
Only Cisco provides a complete intent-based intent from client to application by using intent-based networking across all networking domains: data
network architecture with built-in network security, center, campus, branch, WAN, and multicloud (Figure 2). Now you can bridge the gap between what your
policy-based automation, and assurance across business needs and what your network delivers. Cisco’s intent-based networking solutions connect users
all domains, including data center, campus,
from anywhere to applications and services wherever they are hosted.
WAN, branch, and cloud environments.
• Business agility. Through automation and Figure 2. Architecture and solution suite for Cisco intent-based networking
open APIs, Cisco’s intent-based networking
solutions are responsive to the changing
dynamics expected in the digital economy. New Public Cloud
business requirements can be captured and
translated into network policy, so users and
applications are quickly and securely onboarded.
• Simplified operations. Cisco’s intent-based
networking solutions increase operational Users
efficiencies and reduce operating expenses. Campus/
Network operators can reduce the time Branch WAN Data Center
spent on network design, implementation,
testing, and troubleshooting. After network
operators express intent, translation into
policy and configurations is fully automated,
with consistency and integrity checks. Cisco DNA Cisco Cisco ACI
• Continuous alignment of network to business Automation SD-WAN Cisco NAE
Cisco DNA Cisco Tetration
intent. By using context and analytics to Assurance
drive network assurance, Cisco’s solutions Cisco SaaS
continuously validate policy alignment and SD-Access
otherwise recommend adjustments accordingly.
By aligning policy across network domains Devices
we can activate intent end-to-end from
users anywhere to applications anywhere.
Users Applications/
• Compliance and security. The sophisticated Devices/Things Services
security capabilities integrated throughout
Cisco’s solutions provide advanced
segmentation, consistent policy enforcement
and rapid threat detection and containment
even for encrypted attacks.
• Reduced risk. The abstractions, automation,
and assurance available with Cisco’s solutions
reduce operational risks, inconsistencies in
the network, and network outages. Manual,
error-prone processes are no longer the norm.
© 2019 Cisco and/or its affiliates. All rights reserved.
Solution overview
Cisco public

Table 1. Cisco’s intent-based solutions

For the campus, branch, and extended enterprise
Use case IBN solution/products Capabilities Benefits

Automate your Solution: Cisco DNA • Policy-based onboarding • Reduced human error and provide greater
network Automation • Zero-touch provisioning uniformity
• Software image management • Quickly and simply onboard new devices
Product: Cisco DNA Center
• Process integrations with IT Service • Provide consistency for better network
Management (ITSM) and IP Address performance
Management (IPAM) • Streamlined operations
Assure network Solution: Cisco DNA • Streaming telemetry and contextual data • Enable complete visibility into all network
performance Assurance • Complex event processing with analytics devices
engines • Troubleshoot and find anomalies instantly
Product: Cisco DNA Center
• Correlated insights and contextual • Accurately pinpoint root cause
cognitive analytics • Provide single-click resolution and automation
• Guided remediation
Detect and Solution: Cisco DNA • Enforced policy and compliance • Simpler and more secure user access
mitigate threats Security • Multilayered machine learning • Detection of advanced persistent threats
Products: Cisco® Identity • Monitored streaming telemetry • Instant detection of zero-day malware
Services Engine (ISE) and • Encrypted Traffic Analytics • Identification of security threats in
Cisco Stealthwatch® • Network Security Analytics encrypted traffic
• Trustworthy systems

Provide Solution: Cisco SD-Access • Network and user segmentation • Ability to secure users, devices, and
consistent wired • Consistent management of wired and applications with identity-based policy,
Products: Cisco DNA
and wireless wireless network provisioning and policy regardless of location
Center and Cisco ISE
policy from the • Contextual data on users, devices, • Anytime, anywhere workforce
edge to the cloud and network • Reduced troubleshooting time and access to
• Network-to-IoT environments extended insights for decision making
through policy segmentation • Deliver consistent user experience, whether
• Branch and data center integrations for end- wired or wireless, and across domains
to-end policy management

© 2019 Cisco and/or its affiliates. All rights reserved.

Solution overview
Cisco public

For the WAN

Use case IBN solution/products Capabilities Benefits

Automate rollout Solution: Cisco SD-WAN • Tamper-proof chips that enable zero-trust • Minimize need for advanced technology
of your network with vManage authentication requirements
• Zero-touch provisioning for self-configuration • Reduce burden on IT or avoid advanced
• Templatized configurations technology requirements
• Centralized dashboard for monitoring the • Eliminate rogue devices, with zero trust
bring-up process authentication
• Help large enterprises roll out thousands of
sites in months
Assure network Solution: Cisco SD-WAN • Centralized monitoring and advanced analytics • Use a centralized dashboard for
performance with vManage and vAnalytics • What-if analysis for different application management
through visibility scenarios • Rapidly troubleshoot and correlate problems
and intelligence
• App QoE scoring for priority applications • Understand the context for underperforming
• Historic references for troubleshooting and apps, sites, and links
correlating app SLA with network issues
• Policy recommendations for more intelligent
handling of network traffic
Provide Solution: Cisco SD-WAN • Ability to define corporate and other • Isolate corporate infrastructure from
corporate Security with vManage segments business partners
security and • Definition of policies for mapping entities to • Protect connectivity during M&A and
compliance segments and for moving across segments divestitures
• Monitoring of networkwide traffic analytics • Segment lines of business, subsidiaries, etc.
within segments • Isolate guest wireless

Comply with Solution: Cisco SD-WAN
application SLAs with vManage and Cloud
OnRamp
• Redundancy that mitigates failure correlation
• Centralized policies that specify SLAs for
critical apps
• Continuous monitoring of link telemetry
• Direct Internet Access (DIA) with real-time
optimization for critical SaaS apps
• Efficient access and optimization for SaaS
• Resiliency of critical apps during extreme
failure scenarios
• Central visibility of critical apps and failure
correlation

© 2019 Cisco and/or its affiliates. All rights reserved.

Solution overview
Cisco public

For the data center network and multicloud

Use case IBN solution/products Capabilities Benefits

Assure network Product: Cisco Network • Continuous analysis and verification of the
availability Assurance Engine data center network against intent and policy
• Patented network verification technology to
mathematically model and verify networks,
and thousands of codified failure scenarios
that run right out of the box
• Assures network security policies and
checks for compliance against business rules
• Provides continuous verification, insights and
visibility, and corrective actions.

Provide policy Solution: Data Center
compliance and Analytics and Assurance
enforcement
Product: Cisco Tetration and
Cisco Network Assurance
Engine
Enhance change Solution: Cisco Application
management Centric Infrastructure
(Cisco ACI®)
Product: Cisco Network
Assurance Engine
• Real-time awareness through streaming • Minimize operational and security risks
telemetry for policy violations • Ensure fast and accurate policy compliance
• Application and network policies defined with auditing
coarse and fine-grained segmentation
• Historical playback of detected deviations in
network, servers, VMs, or remote sites
• Policy-based automation for reduced human • Minimize risk of business-impacting outages
error and greater uniformity • Significant time reduction for IT operations
• Pre-change staging that predicts the impact • Accurate migrations
of a change
• Assurance of change
• Post-change verification to help assure
compliance with the desired state
• Simulated application behavior that predicts
incidents that affect service

Perform guided Solution: Cisco ACI • Continuous mathematical modeling alerts for • Faster mean time to detect and remediate
troubleshooting more than 5000 codified failure scenarios
Product: Cisco Tetration • Reduces number of low-quality IT help
and remediation • Intuitive user dashboard that logs human- desk tickets
readable smart events of failed checks
• AI recommendation engine that highlights the
exact problem and steps to fix it

© 2019 Cisco and/or its affiliates. All rights reserved.

Solution overview
Cisco public
Cisco Services
Cisco Services help you accelerate network
assurance, gain analytical insight, improve
productivity, and lower risk by leveraging
Cisco’s unique expertise, best practices,
innovative tools, and business and IT insights.
Learn more
• Get started on your intent-based
networking journey at cisco.com/go/ibn.
• Ask your sales representative for
intent-based networking demos.
Multidomain Integration
Campus. Branch. WAN. Data center. Cloud. With these traditionally siloed domains, organizations need
a holistic network infrastructure strategy across the entire enterprise network.
It should be possible for IT and business intent to be expressed in one domain and then exchanged,
enforced, and monitored across all of them. Today, Cisco provides a number of policy integrations
between access, WAN, data center and multicloud domains.
For example, Cisco ACI and Cisco SD-Access policy integration maps Cisco ACI’s application-based
micro-segmentation in the data center with Cisco SD-Access’s user group-based segmentation
across the campus and branch. Now security administrators can automate and manage end-to-end
segmentation seamlessly with uniform access policies – from the user to the application. With such
segmentation, policies can be set that allow IoT devices to access specific applications in the data
center or allow only financial executives and auditors to access confidential data. This is just one
example of how Cisco solutions are enabling consistent multidomain policy segmentation and assurance
for end-to-end alignment to business intent.
Getting started with intent-based networking
IT teams can begin their journey to a complete intent-based networking model by deploying solutions
that address their most pressing use cases in one or more network domains. This could mean getting
started with any one of the use cases described in this document, or any other use case that drives
clear IT and business outcomes. To find out more about intent-based networking and the associated
Cisco solutions go to www.cisco.com/go/ibn
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other
countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C22-741901-01  05/19