Bringing Domains Together with Intent-Based Networking

Cisco’s multidomain integration is a new chapter in the intent-based networking journey with access and security policies that follow users and devices as network traffic traverses between domains.

Automating connectivity and policy across domains – data center, campus, and branch – is often a problematic issue for IT. Each domain has a defined role and unique security functions, but to meet business intent across the enterprise, these domains must be able to cooperate.

Since each domain has its own policies in place, the challenge of bringing simplified policies across domains is a time consuming task for IT. Without integration, policies are often manually stitched together between domains. Additionally, network traffic must be correctly classified as it crosses domains to identify and match users with the appropriate security access and prioritization. For example, without integration of Cisco SD-Access and SD-WAN, extensive reconfigurations are required to maintain proper segmentation, application service-level agreement (SLA), and security, as a user moves from a campus to branch environment on the network,

Your enterprise may also have individual teams overseeing each domain for data center, campus, and branch. As network traffic engages these domains and migrates to the cloud, each team must ensure that policy is consistent, SLA parameters are met to provide the best possible application experience for users, and data and applications are secure. Limited application visibility across domains increases security risks and frequently creates an inconsistent user experience.

A Network that’s Smarter, Simpler, and More Secure

With the beginning of Cisco’s Intent-based Networking journey over two years ago, a network architecture was created with seamless segmentation, effective use of artificial intelligence (AI), and access and security policies based on intent. Now with multidomain integration, Cisco begins a new chapter in that journey with access and security policies that follows users and devices as network traffic traverses between domains, to ensure high-quality user experience and secure access.

As intent-based networking optimizes each domain for its own specific purpose using best-of-breed technologies, Cisco’s multidomain integration segments users, devices, and applications, to prioritize traffic through application SLAs and expand threat defenses. Segmentation enables network traffic to be made trustworthy with end-to-end secure access, which is now enforced across domains.

So, how do we do this? With the integration of SD-Access and Application Centric Infrastructure (ACI), user and device information from SD-Access and application and data information from ACI is exchanged to authorize access across domains. The integration also enables ACI to inform SD-WAN of SLAs for applications, as users and devices access the ACI domain through SD-WAN. Traffic prioritization is threaded through SD-WAN to the users via the SD-Access integration to optimize application Quality of Experience (QoE).

Even as applications move from the data center to the cloud, no reconfiguration is needed because the application’s group segmentation is exchanged between domains. The same capability is possible as users travel between campus and branch environments. SD-Access sends user group information to SD-WAN to transparently connect users whether they access the network from the campus or branch. Again, no reconfiguration is necessary.

Last but certainly not least is expanded security. With network traffic identified, segmented, and prioritized, the network is better equipped to prevent data breaches, as policy follows users and devices no matter the location. When access is appropriately segmented, policy ensures that data and applications are only accessible by known, secure users and devices.

Multidomain Integration in the Financial Services Sector

A strong multidomain customer example comes from Santander Group, a Spanish multinational commercial bank and financial services company operating on six continents. With more than 6,000 routers and 9,000 switches in the bank’s Brazilian network, the challenges to manage, support, and troubleshoot the network are complex, to say the least.

Additionally, banking regulations vary between countries, but strict compliance and reporting remain constant. Complete visibility across multiple domains is critical for assurance, risk mitigation, and keeping sensitive data safeguarded.

“Santander Brazil chose Cisco because its SD-Access, SD-WAN, and ACI integration
extends the segmentation end-to-end, from the LAN through the WAN up to data
center, in an automated fashion. It’s definitely a great differentiator.”
—Rodilanderson Pinheiro | Senior Architect, Banco Santander Brasil    

This is the value of multidomain integration: end-to-end, intent-based networking that connects any user anywhere to any application anywhere. See how we can create IT efficiencies for your business through an optimal, secure user experience and simplified multidomain management that aligns to the needs of your organization:

Learn more about Cisco Solutions for Intent-Based Networking (IBN)