hector-j-rivas-89863-unsplash copy

“This is the actual SINGLE PANE OF GLASS.” Those are the words of Cisco Principal Engineer Shawn Wargo during a training class on Software-Defined Access (SDA)A single pane of glass is “a management display console that integrates all parts of a computer infrastructure”. We have heard these claims before, but SDA appears to be the best one yet.

A GUI for Everything

Anyone who has been in networking engineering for a while knows about configuring individual hardware devices using the command line interface (CLI). But with software-defined networking (SDN), the industry is moving past that. Tech author Susan Fogarty writes, “The basis of SDN is virtualization, which in its most simplistic form allows software to run separately from the underlying hardware.” In technical terms, it’s a separation of the control plane from the forwarding plane.

This software virtualization of networking has been successfully applied to the core and distribution areas of the network. But access networking was handled in other ways — until now. Software-defined access is the virtualization of the campus network. “It’s really about abstracting all the complexity” says Wargo, “and talking with all the elements underneath.”

Carl Solder, Director of Enterprise Switching at Cisco, tells TechWiseTV that it’s time for “a rethink.” What kind of rethink? “We really try to simplify the whole experience of how you go about implementing things,” he says. No more painstaking CLI configuration on switches, routers, and wireless devices. All that lives in virtualization now.

Combining the Old with the New

SDA is not a re-invention of the wheel. While Cisco did come up with some new bits and pieces, the architecture of software-defined access is basically the result of putting together proven technologies into one place. Wargo tells us that SDA is really the combination of Cisco’s already existing Campus Fabric product with its successful DNA Center. The result is network tool that offers both automation and assurance.

To make this happen, Cisco integrated several components. At the heart of the system is the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM). This physical device is virtualized by Cisco DNA Center, whose purposes are four-fold:

  • Design
  • Policy
  • Provisioning
  • Assurance

The APIC-EM is Cisco’s SDN controller for enterprise networks. But SD access takes network management further. It allows end-to-end management of the entire network as a single fabric. The SDA solution places an overlay on top of existing network resources, and it finally gives IT managers the single pane that they have been wanting for so long. It does this by bringing together access devices, resources, and users across the network into a centralized management tool.

Key Components

Conceptually, Cisco has pieced together SDA using the following:

  1. Control-Plane based on LISP (Location Identity Separation Protocol)
  2. Data-Plane based on VXLAN (Virtual Extensible LAN)
  3. Policy-Plane based on CTS (Cisco TrustSec)

Each of these technologies is worthy of further exploration — and lots more articles. Frankly, SDA is the culmination of years of development in network operations. If Cisco is making things easier for network operators now, it is only because they have done lots of hard work to get to this point. The automation and assurance offered by SDA are significant technical achievements.

Some special components of SDA are the Identity Services Engine (ISE) and the Network Data Platform (NDP). Cisco ISE provides secure access management as a single policy control point for the entire enterprise. SDA uses group policies to automatically manage security across the network. Cisco NDP is a brand new product. It is the engine behind DNA analytics and assurance. What used to be cobbled together from logs and other data by network analysts is now done automatically by NDP.


Cisco Software-Defined Access was launched in June 2017. One blogger calls SD Access “a sprawling effort” that is “designed to automate common networking tasks in a campus network”. Automation keeps replacing people, and now it seems to be replacing network engineers (who have worked themselves out of a job). Automation and analytics are part of a new wave of technical development, and Cisco SDA is on the leading edge of network innovation.

BayInfotech (BIT) has been a key System Integrator working closely with Cisco BU and Engineering to take this advanced automation platform to define the go-to-market strategy. BIT is actively involved to do PoC, PoV, Mentor Install and Partner enablement for this evolving technology.