Cisco DNA Center's new features may mean more user headaches

Cisco continues to add features to DNA Center to centralize more network control within the software. But as the product grows more complex, users struggle to deploy it.

Cisco has bolstered DNA Center's role as the control center for the vendor's software-based campus networking architecture. But as the vendor piles features on the product, users struggle to deploy what they describe as an overly complicated system.

This week, Cisco introduced analytics within DNA Center to discover and classify better non-computing devices connected to wireless networks in hospitals, factories and office buildings. It was the latest of many enhancements Cisco has made to the product as the company centralizes network management within DNA Center.

But while Cisco continues to build new capabilities into the software, users of the product describe it as a finicky network management tool for remote sites. For example, a network engineer at a multinational healthcare institution wants to use DNA Center to remotely configure a Catalyst switch sent to any one of the organization's 400 remote facilities.

Once someone plugs the switch into a site's network, IT staff wants to configure the hardware using a prebuilt, reusable template -- a process the engineer called plug-and-play (PNP). The engineer asked to remain anonymous because he is not authorized to speak for his employer.

"I have encountered many issues along the way," he said in a recent interview via email. "Even under the right conditions, sometimes PNP works, and sometimes it doesn't."

Part of the problem is getting the template to work correctly. "Even Cisco engineers haven't been able to get it to work," he said.

More Cisco DNA Center bugs

Cisco's latest features make DNA Center a more inclusive hub for endpoint devices. The company had planned to unveil the capabilities during the virtual Cisco Live conference scheduled for this week. However, Cisco postponed the event, and official product announcements, until later in the month because of the civil unrest in over 30 U.S. cities following the killing of a black man by Minneapolis police officers.

Cisco has developed cloud-based machine learning algorithms that analyze data from non-computing devices, such as medical gear, handheld scanners in a warehouse or office equipment. The software also analyzes network telemetry that describes device behavior.

Cisco's Identity Services Engine (ISE) uses the information to categorize an unknown device based on its characteristics and then places it within a related hardware group already governed by security and access policies.

However, users have reported losing connections randomly between DNA Center and ISE. Also, troubleshooting can be problematic because DNA Center doesn't always provide useful error codes, said Chris Crotteau, an IT infrastructure design specialist. Crotteau has extensively tested the latest version of DNA Center.

I'm hoping Cisco is paying far more attention to code quality than they have in the past -- especially for the price point.
Lee BadmanNetwork architect

"A tool that you can't troubleshoot is a useless tool," he said.

Another new feature in DNA Center provides better data on traffic flows between groups. The provided information includes traffic destinations, protocols and ports used.

Better data is useful in setting group policies. In the future, Cisco plans to have DNA Center make policy recommendations based on its analytics. The company declined to say when it would release the feature.

Lee Badman, a network architect responsible for the Cisco Meraki wireless LAN at an Ivy League university, said the new DNA Center (DNAC) features are worth considering. Still, he remains concerned with the software's overall quality.

"DNAC can be a fairly heavy lift," Badman said. "I'm hoping Cisco is paying far more attention to code quality than they have in the past -- especially for the price point."

Viptela-Umbrella combo

Other announcements planned for the virtual conference included ready-to-use integration between Cisco's Viptela software-defined WAN and cloud-based internet security product, Umbrella.

Cisco added the Umbrella service through last month's 17.2 release of Viptela's management console, vManage. The vManage-Umbrella combo comes with a premier license for Viptela. While vManage is a stand-alone console today, Cisco plans to eventually fold it into DNA Center.

Cisco has also introduced a mobile app for setting up a private network within a college dormitory room. Students register all their internet-enabled hardware, such as PCs, tablets and game consoles, in the app, which creates a device network with a unique SSID.

The network is registered in the Cisco cloud and becomes manageable from within DNA Center. Grouping student devices within a system that is inaccessible by other hardware would be a decent security mechanism, Badman said.

"Tremendously beneficial in college dorms, if it works right," he said.

Dig Deeper on Network management and monitoring

Unified Communications
Mobile Computing
Data Center