The SDA has functions of policy, automation and configuration. The controller being central and connected to all devices, has visibility to all data, thus getting complete information about network flow and applications going through devices. This makes monitoring and troubleshooting much easier and faster.
Intent based networking: Software Defined Access is intent based. The business intent or policy can be applied and automated from a single controller.
Network fabric: Network is not distributed, but is managed as a single fabric for all access devices. This fabric is formed of wired access switches, wireless controllers and access points.
Analytics: Whereas earlier the network was distributed and running in individual switches, SD gives complete analytics in the central controller. This provides data at network and application layers, making it easy to get visibility and the ability to faster troubleshoot application access issues.
Policy based: Access to the network is based on programmable policies pushed centrally. Unique and seamless authentication and authorization is possible for users to access network. This authentication and authorization can be connected to the central active directory database and aligned with user business policy.
Automated: Onboarding of users, devices and applications through automated systems make configuration and provisioning much faster, and enable IT access layer to respond to business requests in much lesser time.
Secure: The fabric data plane is based on VXLAN and is encrypted. The encrypted traffic analysis and secure central authentication through policy enforcer makes it a secure segmented network at access layer.
Business use cases for software defined access
Network segmentation: Right user segmentation in network beyond just VLAN. The SDA enables enhanced network segmentation with VXLAN, which makes right access policy for right kind of users, and devices.
Monitoring and troubleshooting: Single dashboard for user and infrastructure monitoring gives better visibility for network and resources. Also gives visibility to users and application flows reducing troubleshooting time.
Simplified guest access: Simplified policy provisioning for guest users in the network especially on wireless. This can be automated and integrated with guest management services, thus, making guest user enablement a next generation experience.
IoT at Scale: SDA makes IOT adoption much easier with right access to network, segregating from normal users. Right policy configuration for IoT devices makes appropriate segmentation possible for IOT devices.
Faster user onboarding: User onboarding can be done much faster since the SDA fabric is automated and integrated with ITSM systems and orchestrators.
User mobility and seamless access: The users get a seamless and unique access based on their access privilege across wired or wireless network irrespective what segment users are situated.
Software Defined Access is a new way of doing networking at the access layer. While it is easy to take a Greenfield approach to SDA, the Brownfield implementation requires a lot of planning to move to a software defined way. The specific vendor capability, hardware-software capability to support the new features like VXLAN, security and authentication need to be verified before moving to SDA. It is advisable for enterprise customers to take a consulting approach, do pilot where they need to validate the use cases, readiness and further moving towards the SDA, to enable enterprise access to a digital network.