Cisco Network SecurityCisco SecurityCisco DNA CenterCisco Identity Services Engine (ISE)Cisco Software Defined AccessCiscoIdentity and Access ManagementNetwork SecuritySecurity Transformation
Article5 minute read

What Is Cisco Software-Defined (SD) Access?

Cisco SD-Access is a campus network architecture providing segmentation, identity-based access and visibility of endpoint devices. It secures user access and streamlines network deployment and management.

In this article

Software-defined networks are increasingly disrupting the networking world, making it crucial for you to understand how to design, operate and optimize your networks. Managing and configuring networks manually is slow, tends to be error-prone, and sees businesses struggle to keep pace with evolving business environments and increasingly complex networks.

 What is Cisco SD-Access?

Cisco Software-Defined Access (SD-Access) provides automated network configuration, which offers endpoint segmentation, identity-based access and deep visibility into the performance of users on your network. It allows you to provide micro- and macro-based segmentation to east-west, as well as north-south, traffic. SD-Access secures user access to applications and networks from all their devices and campus locations. 

The solution is built on Cisco's Digital Network Architecture (Cisco DNA) and DNA Center, which introduces intent-based networking capabilities and policy-based automation. This facilitates a consistent network fabric architecture, which provides complete campus network configuration, management and visibility. 

 How does Cisco SD-Access work?

Cisco SD-Access consists of three core components that work together to deliver network assurance, automation and security. The three components of SD-Access are:

DNA Center (DNAC) Controller: DNAC is an intuitive, centralized management system that enables network engineers to apply policies across the SD-Access network. It centrally manages the design, policy, provision and assurance workflows. 

With DNAC, you can begin designing your network before physically deploying devices. This includes configuring device settings and network site profiles. You can then define policies for your workflows, such as creating and managing virtual networks, assigning endpoints to virtual networks and assigning group tags for segmentation. This allows you to deploy and provision your workflows and overlays that enable devices to communicate. The final stage is assurance, which provides analytics from device telemetry to monitor the health of your network and quicker identification and resolution of issues.

Network fabrics: These fabrics enable consistent user experiences on any device and from any location without compromising the security of your network. Using the policies created in DNAC, the single network fabric provides consistency across your network and for your users.

Cisco Identity Services Engine (ISE): Cisco ISE is a network administration product that enables you to create and enforce access management and security policies for endpoints. It simplifies identity management across your applications and devices and allows you to map devices and users to scalable group tags. ISE is crucial to reducing the complexity and cost of network management as devices and users proliferate. It automatically transmits information to all supported devices on your network, which provisions the appropriate access level to users.

 What are the benefits of Cisco SD-Access?

SD-Access is a critical pillar in Cisco's zero-trust security framework. It boosts security by improving trust, increasing visibility and defining access policies. It also enhances networking operations through automating network configurations, which allows you to consistently implement security policies.

An IDC report on Cisco SD-Access found it helps organizations spend 80 percent less time identifying and resolving security issues. It also saves them 67 percent of time spent on network provisioning, reduces the impact of security breaches by 48 percent and results in network management teams becoming 49 percent more efficient. That reduces the total cost of operations by 45 percent, which sees a 462 percent return on investment over five years.

Key benefits of Cisco SD-Access include: 

Automation of network deployment and operations: Based on intent, DNAC can deploy a consistent software-defined fabric network to one or many sites, integrating access controls, IP address management, configuration and policy enforcement, as well as visibility of network and user performance.

Network segmentation: SD-Access provides both micro- and macro-segmentation to separate device traffic, lines of business and users without the need to maintain physically disparate networks. This is crucial to preventing security threats, achieving compliance and enforcing networking security policies. The solution also automates access policies, which helps you stop potential threats across your network.

Increased trust: SD-Access enables you to scrutinize the behavior of endpoints continually. This allows you to scan for vulnerabilities and verify devices before they are granted access to your networks.

Avoid security threats: SD-Access, with integrations from ISE, reduces zones of trust and isolates compromised or rogue endpoints, lowering the risk of successful attacks and enhancing compliance with data privacy regulations.

Improved network design: SD-Access enables you to design your network, provision user segmentation rapidly and apply policies. Its intuitive workflow helps simplify the building of a network and provides tools to define, deploy and manage it.

 How is Cisco SD-Access being used?

SD-Access is used by organizations across various industries to enhance the management and simplicity of their networks

For example, before deploying SD-Access, Waterford Institute of Technology (WIT) had to painstakingly segment its network by configuring firewalls and switches and restricting traffic through Access Control Lists (ACLs). SD-Access enables the organization to quickly and easily create new groups, assign new members and segment its network.

Cisco SD-Access can also help enable healthcare organizations to move towards digital healthcare where the network is the enabler. This type of campus architecture can create several benefits for healthcare organizations spanning traffic segmentation, consolidating traffic into a single fabric, creating resource mapping and levels of access, supporting medical imaging, and meeting HIPAA compliance. 

 Simplify your network with WWT

Cisco's SD-Access is the future of networking, simplifying your network architecture and unlocking benefits like automation and security. 

Learn more about how WWT can help your company get the most out of SD-Access in our SD-Access Workshop.

Technologies