DNA Center - When it's good, it's really good... where it's bad, it's really bad
June 19, 2019

DNA Center - When it's good, it's really good... where it's bad, it's really bad

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Review Source

Overall Satisfaction with Cisco DNA Center

We, as a Cisco partner, install Cisco DNA Center for our customers as well as in our lab. We have been with it since the earlier 1.1 on the M4 server (we got our server after the issue with the partitioning on the hard drives), and dealt with many of the bugs throughout 1.2, and are currently on 1.2.8. We have evaluates the auto-provision and PnP functionality, SD-Access with fabric at a single site, API and API integrations with custom software, and Assurance modules both within DNA Center and integrated into ticketing systems.
  • PnP is absolutely amazing. The idea that the server need only boot up and get a DHCP address (with DNS or Option 43) greatly increases the deployment speeds, especially tying to golden standard images and configuration templates.
  • API documentation and integration is better than any other Cisco product I have seen, and in the top 3 of any product I have worked with. The Developer toolkit was able to not only show configuration examples, but also show you the actual feedback from that call to assist in quality testing.
  • ISE integration with the auto-provisioning makes a zero-touch deployment seemless across multiple platforms. Having the DNA Center contact the ISE environment greatly assists in speed-to-deployment of new gear.
  • The overall UI is very intuitive and walks you through each piece of a new deployment. Whereas in products like ISE, I always talk about working backwards (define the result, the conditions, and then add to policy - but the tabs are listed in reverse order), DNA Center provides the step-by-step boxes to take a new deployment to a fabric-enabled campus to assurance and monitoring.
  • The configuration templates, with ability to add variables, allow engineers to create the one golden standard configuration for a particular switch type, and supply the variables to that particular switch. This has been a large limiting factors with many customers, as the templates were not dynamic enough.
  • The PnP holding area for switches allows the switches to boot up and contact DNA Center, but will sit in an unprovisioned state until ready.
  • Allowing templates to only be available for particular network devices or line of network devices prevents engineers clicking without thinking.
  • The DNA Center provides a dot1X configuration to the switch that I have never seen before. It seems overly complex and may be hard to troubleshoot from the CLI.
  • Documentation needs to be much more available through the Cisco website. Contacting TAC for every issue and upgrade is quite honestly unacceptable. Calling TAC undermines the trust of a product and I have had customers steer away from DNAC for that exact reason.
  • Explaining the DNA Center "magic" to CLI needs to be documented in much greater detail. When I hit the bug in 1.2.6 which evaporated my fabric, I was desperate to get it back up. It was an issue with my LISP underlay, but unfortunately, I didn't know LISP at the time. Again, this is increasing the fear with the customer base (especially the senior engineers), who need to know "what happens when DNAC goes down".
  • Cisco continues to push customers to their in-house resources with their seeding programs. This makes it difficult as a partner to sell services with DNA Center to assist. In one instance, we worked with the customer for 3 days on their DNA Center, and when we went to make a service sales attempt, we were cut short by the Cisco SE saying "don't forget you get a free X number of hours with our team". What is our motivation for being so invested if Cisco seeds the device and the services? We are not making any money on the deals.
  • I am hopeful about the 1.3 train, but 1.2 was so plagued with bugs that customers were jumping minor releases way too often. The same problem happened with Firepower. I am not sure if these were not unit tested because there wasn't enough resources or time, but jumping from failed minor release to failed minor release is a great way for customers to lose faith in the product.
  • The documentation of what the initial set-up *does* needs to be better documented. There are 4 ports, but only 2 are necessary (cluster and enterprise). This needs to be better explained that only one interface can get a default route, so that needs to be taken into account. Also, why the service subnets exist needs to be better explained. I have dealt with way too many customers who fumble past the address space needed for DNA Center because no one puts on the web site "these are tunneled IPs used by Docker." Again - very poor public documentation is available.
  • DNA Center needs to be advertised as what it is. It is an absolutely amazing product, which needs ISE for the SDA. For ETA, Stealthwatch can report back to ISE. That has nothing to do with DNA Center. This is only causing confusion. When I finally de-tangle the Cisco products for a customer, they generally are willing to sign off on more of the products than the campaign of DNAC, ISE, Stealthwatch, Threat-Grid, Firepower, and Cat9K -or- nothing.
  • ROI is difficult to answer as we are providing this to customers. We have certainly had more opportunities staying on top of this emerging technology.
  • Our business objective to be a value-add partner has had a strain, as Cisco Sales has often times cut us at the knees as we try to push the product to customers.
  • DNA Center has been a great "toy" to play with, but until Cisco let's the partners do the work, we are severely hindered.
Meraki does what should be expected at it's price point, but it is geared to SMB. When it comes to enterprise networks, DNA Center is the clear path forward. It allows for more devices than just the ones it configures, it provides more customization and on boarding options, and the control stays within the organization. The DNA Center telemetry provides a more robust reporting than the Meraki dashboard, and again, the data stays on site. I see both being important in their own ways, but Meraki falls short in larger enterprises, and that is where DNA Center shines the most.
Cisco DNA Center can be a pricey option to install. If customers are looking to just do Prime or PnP features, there are a million products, and most are cheaper. I would at least tell them the benefits that DNA Center provides with the PnP functionality, because it certainly provides a step above, but not enough to justify the price point. For Prime (or SolarWinds) functions, we are being promised most of the necessary features in version 1.4, so I would only recommend for that case on a roadmap from Cisco.

However, for customers who are looking for the benefits of SD-Access, I would highly recommend this product. Cisco got the SDN right on this one. The DNA Center pushes the configuration, but allows access to the switch in case you need to manually change something. The SD-Access deployment with the concept of the OOB network being the default VRF is absolutely outstanding. The DNA Center alleviates the strain of manual configuration, but provides the functionality with tested protocols such as LISP and VXLAN.