Cisco DNA Series: Beyond Marchitecture

Remark:  After posting, I actually had additional thoughts – so I have added them in here.  That’s right, I edit after publishing.

At Cisco Live! 2016, “DNA” was everywhere.   The Digital Network Architecture. Clearly a focus by Cisco Systems.    As someone who received multiple briefings before the big event I kept fighting to get past the marketing.   Even the day of, and throughout Cisco Live, I still struggled to understand what was under the actual hood of DNA.   Finally a light bulb went on.

I want you to stay with me here –  Cisco DNA is like OSI – it is a MODEL.   Most customers will not deploy ALL of the DNA features or architectures.   Some might use one, two or all of them.    You don’t need to use API’s and programming languages to accomplish this, and it isn’t about automating things you don’t need automated.

I am inherently a technical person.   However as you move forward in your career, it is about looking further out, and looking at the 50,000 FT view.   You really do need to look at the bigger picture.

So let me express my dis-content with marchitecture.


“The Network Intrinsically Understands What Needs To Be Done”  — Ok this is what I have a problem with.  You are making this seem WAY easier than it is.  This is a dis-service to the entire IT Industry when you make things sound that easy to CEO’s who fund our IT departments and teams.     They expect autonomic networks that create software, fancy mobile apps and automatically nuclear bomb hackers that attempt to get into my software.   It is not that simple.    This also takes away from the very smart CCIE and other professionals who take YOUR business requirements and transform those into a functioning network.   No network “Intrinsically understands” unless someone tells it how to.   That’s way too Sky Net.

“It’s like turning proverbial lead into gold” — Really?   Come on.

“It is your very own blueprint to success”


This isn’t a 50,000 ft level – this is looking down on Earth from Mars.   If our intention is to create some kind of over arching architecture (say that 5 times fast) that actually functions like Sky Net, then we really do need to go that far back.    The business and “C” level types are going to love this – it sounds amazing.  However the technical people really do see the marchitecture.  So let me the technical people start to drill down.

It starts with the blueprint – that you see above.   For the “C” level types, Cisco is claiming 85% faster network provisioning, 79% reduction in network install costs, 2X software value, 100X faster threat detection and 80% more energy savings and reduced maintenance costs.

IT departments see “Great, so my budget is getting cut, and i’m going to be forced to do more – with less”  Well, yes, but that’s assuming you are RUNNING the Cisco DNA architecture.  This could actually be a way to modernise your infrastructure with promises like that – but be careful, promising 79% reductions in installation costs for hardware might be a bit hasty.  Once you spend the money and don’t return the future savings you could find yourself on LinkedIN Jobs.  Read the fine print (and trust me, Cisco is careful about putting little superscript numbers over every one of those claims)

Even Cisco’s own content on the model is more whiteboard and less hands on.


The DNA architecture and model is more about outcomes, than technologies and products – but somehow we need to get from the promise to production

It really is all about APIC-EM


It is amazing how APIC-EM started as a little platform to do some automation and now an entire architecture has almost been built upon it.

APIC-EM is the automation platform surrounding Cisco DNA.  New services are being developed for this right now.

Not everyone is an SDN believer, infact some think SDN is still an unproven, non standarized technology.  Many are betting on automation and not software definition – some bet on both.    If you are a network professional without coding skills (like me), APIC-EM will seem a little more intuitive.

Cisco Plug and Play,  EasyQOS and iWAN App are the big key points in the DNA portfolio we get from APIC-EM.    Coming soon will be my article on EasyQOS, all I can say is – it will change how you think about QOS, a technology many simply gave up on and said “just get more bandwidth, it’s easier”

More on EasyQOS in my next blog post…   However the key message is that Cisco is moving from QoS to QoE – it is about Quality of Experience – that’s not a marketing term either, in DNA, we tell the system what quality we want for various applications – and QoS is automatically configured for that.  More on that later.


NFV – Not Just For Service Providers

Enterprise “NFV” aims to take out physical Routers, Firewalls, Accelerators and Wireless LAN Controllers in the branch.   The idea is centralised management and deployment with everything virtual in the branch.    This can be run either on a UCS C220 server, or on top of a ISR4000 with UCS-E blade.


Most of the content you will see online from Cisco — is like the above, very abstract.  However we can get more into the meat and potatoes of Enterprise NFV from our friends at TechFieldDay.    Here is an actual demo of NFV deployment with some good questions from the delegates


Security at Heart

TrustSec, StealthWatch and ISE are all the key security products at play in DNA,  I know entire customers who went down the ISE path – and cancelled projects from complexity, so while high security, flexibility and reduced operating costs might be the end result of DNA – security isn’t cheap, and getting there will not be either.    These products can have a long installation cycle / process.

Getting from Promise to Production with DNA Readiness Model

This is where we have an issue, before we can have an elastic multi domain secure flexible network – we need to deploy the tools for DNA.    As Rod Soderbery of Cisco says “Adopting Cisco DNA is a Journey”  – that is for sure, this will not be an overnight change for any organization.


They call it a journey,  start with base automation, move to policy based services on APIC like iWAN and EasyQOS, and then add your more advanced security, think ISE,  more software control and then Digital Services.   Each is a step in the journey to DNA.   I don’t know many organisations that are even close.

Marketing The End State To Start Conversations

This is the problem for IT organisations – “Digital Services” – see that end green bubble, that’s how this is being sold to the “C” level types – they don’t understand the blue bubbles but we all know a lot of work has to be done to reach those trans-formative “Digital Services”

The good news at least for Cisco is that on all the news of DNA and the hype, the stock hit an all time high. If this does nothing more than start the conversations about next generation infrastructure,  next generation firewalls and security products, or maybe the entire DNA architecture then this will be good for Cisco.






4 thoughts on “Cisco DNA Series: Beyond Marchitecture

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s