The government in Durham County, N.C., was spending hours and hours manually provisioning its network and keeping security policies current, so it decided two-and-a-half years ago to upgrade for the sake of efficiency and security.\nSince then, the government\u2019s IT staff of four has migrated its traditional point-to-point network to a more modern enterprise featuring the software-defined technologies of Cisco\u2019s Application Centric Infrastructure (ACI) in the data center and DNA Center in its campus to support its 2,100 enterprise end users and online services for 315,000 county residents.\u00a0\n\nAs a result, time spend on certain manual chores has plummeted, freeing up staff time for forward-looking projects.\nACI is Cisco\u2019s overarching software-defined networking (SDN) technology for data center automation and management across on-premise and cloud networks.\u00a0DNA Center is the central management tool for enterprise networks, featuring automation capabilities, assurance setting, fabric provisioning and policy-based segmentation.\n40Gbps fiber ring links five data centers\nDurham\u2019s core data center is distributed among four \u2013 soon to be five \u2013 buildings over a dark-fiber ring in Durham, creating a 40Gbps network backbone serving the data centers and 55 remote sites across the county. That includes seven libraries, social services, the heath department and other critical public services locations.\n\u201cWe utilize leased lines from two different vendors with various speeds to connect remote sites to our central data center and have redundant internet circuits with speeds up to 1 gig to improve business continuity and connect all sites to the internet,\u201d said Joel Bonestell, the network and security services manager for Durham County government.\nThe network includes Cisco Nexus 9000s in a spine-and-leaf configuration and integrates a range of other networked gear, including security cameras and load balancers. ACI is used to orchestrate this environment and give the county\u2019s IT staff a single point of control, reducing the overall complexity of its data center operations.\n\u201cWe embarked on this project some two and a half years ago when our traditional data center model \u2013 where we manually configured each node and spent days making the simplest manual upgrades\u00a0\u2013 to an environment where we can now make configuration and security updates in minutes across the data center,\u201d Bonestell said.\nDramatic time savings for network and securtiy tasks\nBonestell said manual network provisioning took some 40 minutes, and updating or creating a new security policy took about 60 minutes. With ACI deployed, it takes about four minutes to provision \u2013 a 90 percent reduction \u2013 and about five minutes to update security policies \u2013 a 91 percent reduction.\n"In the past we spent about 80 percent of our time and resources maintaining the network and 20 percent on new projects or improving services and innovation," Bonestell said. "Now we have more time for new and innovative projects that will benefit our residents and businesses with new capabilities and services."\nFor example, Bonestell\u2019s group has been able to help its applications development team build new a program to remind citizens of court dates and a mobile app for submitting documents to the county. \u201cOur ultimate vision is to automate as much as possible,\u201d he said.\u00a0\nWhile ACI and DNA Center have helped increase efficiency of the overall environment, those systems have also bolted down security for the county\u2019s network. \u201cWe obviously have a good bit of citizen data and keeping that secure is a priority,\u201d Bonestell said.\u00a0\nACI and DNA Center support whitelisting, microsegmentation\nACI and DNA Center support a variety of security techniques, but the ability to whitelist who exactly gets access to what and to see from a single point who is accessing which apps was of utmost interest to Durham County. The ability to microsegment users or isolate specific machines on the network is also a key benefit.\n\u201cThe ability to automate security policy changes in a matter of minutes saves a lot of our time and eases security concerns, which always keep us on edge,\u201d Bonestell said.\u00a0 \u201cACI gives us a health score of everything on our network, and that helps us spot issues quickly \u2013 it gives us visibility into all aspects of our networked devices that we never had before.\u201d\n\n\n\n\n\nBonestell said the network security team has over 300 pieces of Cisco hardware to manage, so being able to use DNA Center as its enterprise management tool is critical.\nBonestell also talked about one of the group\u2019s first experiences when it turned up DNA Center about a year ago when it spotted error messages coming from an entire group of Cisco 3850 Catalyst switches. It turned out to be a buggy version of code that needed to be upgraded. Bonestell said his group didn\u2019t know about the problem and would not have easily caught it without DNA Center.\nPlans to manage wireless with Cisco platforms\nWhile Durham County continues to work with DNA Center and ACI, it is also moving into the wireless world with new projects.\n\u201cWe are in the process of converting to Cisco wireless, so we can manage our wireless controllers and access points from Cisco DNA Center,\u201d Bonestell said. The county is also piloting Cisco's Connected Mobile Experience (CMX) wireless suite at its new administration complex to provide an accurate account of who is using the county's facilities. "We hope to deploy this technology into our courthouse by the end of 2019.\u201d\nBonestell said the group has also entered into a partnership with Duke University to create a large MPLS network that will offer 1Gbps throughput to connect 14 Durham County sites to the county data center. The first phase of the project is expected to be completed in December of 2019, and he hopes to expand it after that.