Cisco SD-Access Deployment Workflow Overview

Cisco SD-Access Deployment Workflow Overview

Cisco SD-Access deployment is fully automated through Cisco DNA Center, which provides centralized management across four major workflow areas:

Design

• Establishes foundational network settings and profiles, including:
• Global device configurations
• Network site profiles for physical inventory
• DNS, DHCP, and IP addressing
• Software image repository and lifecycle management
• Device templates and user access policies

Policy

• Translates business intent into enforceable network rules by:
• Creating and managing virtual networks
• Assigning endpoints to specific virtual networks
• Defining policy contracts between groups
• Configuring application-level policies

Provision

• Automates device onboarding and fabric creation, including:
• Adding devices to inventory with plug-and-play (PnP) support
• Building fabric domains with control plane, border, and edge nodes
• Integrating fabric wireless and Cisco Unified Wireless Network
• Establishing transit and external connectivity

Assurance

• Provides proactive monitoring and validation of user experience through:
• Health dashboards for network, client, and applications
• Issue detection and management workflows
• Sensor-driven testing to confirm intent-based performance

Designing Your Network

Design

The Design application is used to establish foundational network settings:

• Define the network hierarchy (areas, sites, buildings, floors)
• Configure global services such as DHCP and DNS
• Set device credentials (SSH, SNMP, etc.)
• Create IP address pools for LAN automation and endpoint assignment
• Establish software image compliance policies

Policy

The Policy application translates business intent into enforceable segmentation and access rules:

• Create virtual networks for macro-segmentation
• Define scalable group tags (SGTs) for micro-segmentation
• Configure access contracts to allow or block traffic flows
• Apply segmentation policies and contracts to groups to meet policy objectives

Provision

The Provision application automates device onboarding and fabric deployment:

• Onboard devices using plug-and-play (PnP)
• Manage device inventory
• Create fabric domains and sites, and add fabric nodes
• Configure host onboarding, linking wired and wireless endpoints to IP pools and virtual networks
• Enable additional services such as Stealthwatch Security Analytics and App Hosting

Assurance

The Assurance application provides proactive monitoring and operational insights:

• Monitor overall network health
• Track the health of wired and wireless endpoints
• Enable, customize, and manage issues
• View insights, trends, and performance analytics
• Visualize network heatmaps and compare site performance