Global Pharmaceutical Company: Software-Defined Access Deployment
In This Case Study
In 2019, Cisco has partnered with WWT to transform a global pharmaceutical company's aging campus network that required a technology refresh for modernization, with minimal flexibility and mobility through different campus networks at the locations. The infrastructure also struggled with inadequate security for BYOD and guest access to use Cisco's Software-Defined Access technology.
This transformation would provide the company with more visibility into their campus network infrastructure through valuable metadata; allow for robust security level through segmentation of users and endpoint devices; and create the ability for all sites in the company to be managed from central management platform (headend).
From design to execution, WWT was able to provide a viable and economic solution.
The journey started with WWT partnering with Cisco in building out a central dashboard with Cisco DNA-Center, central policy management with the Cisco Identity Services Engine (ISE) and a company-wide fabric and automated segmentation through Cisco SD-Access. This central management was built in 3 data centers (USA, United Kingdom and Singapore).
This was implemented by WWT Implementation Services in accordance with the following non-sequential waves for 24 sites spread across three continents:
- Baseline the reference architecture to standardise design across sites.
- Discovery of existing network infrastructure.
- Predictive wireless surveys.
- Site-specific low-level designs.
- Install default border, core and distribution switches.
- Interconnectivity between existing core switches and new default border layer switches.
- Interconnectivity between existing server farm switches and new default border layer switches.
- Install new Wireless LAN Controller (WLC).
- Replacement and migration of access switches.
- Addition of new access points to WLC.
- Implementation of headend DCs to the solution design architecture.
Migration of sites
Solution validation testing in WWT's ATC lab simulated four different site types in the reference architecture and the migration approaches for each site type. A phased approach was recommended to reduce risk and accelerate business value.
Phase 1.1 included DNAC Assurance, where switches and WLC configurations are updated and then discovered, with APs being placed onto site floor plans.
Phase 2 would complete SDA migration of each site. The SDA migration phase was carried out through multiple migration windows for each site dependent on the size and complexity of each site.
The migration phase involved working with each of the sites to come up with a site-specific migration plan describing how to migrate each of their endpoints (voice, video, printers and end users' laptops) to SDA fabric.
Post-migration of sites, the company was able to manage the site's network from a central management location, giving them huge cost savings in terms of on-site operations and allowing for more visibility through valuable metadata -- to take an already performing network to its highest level by actively finding the contextually relevant and impactful trends, actionable insights and issues in the site network.
Central management of the sites' networks allowed for standardization of future network services across all sites and rapidly integrate acquisitions.
Identity Services Engine and Stealthwatch (which we have deployed in the headends) have also allowed for robust security levels through the segmentation of device/employee access, while allowing for flexibility of employee's dynamic mobile movement across sites via maintaining a policy-based network solution.