The controller layer provides all of the management systems for the management layer.
The controller layer is all provided by Cisco DNA centre and Cisco ISE.
Cisco ISE and DNA Centre integrate with each other to share information between themselves using APIs.
There are three subsystems within the controller layer
Cisco Network Cloud Platform
Integrated directly into Cisco DNA centre, it provides all underlay and fabric automation and orchestration services for the physical and network layers.
Network Control Platform configures and manages multiple Cisco devices using NETCONF, YANG, SNMP, SSH and Telnet.
It provides network automation status to the management layer
Cisco Network Data Platform
The Cisco Network Data Platform collects data, analytics and assurances and is integrated into Cisco DNA centre.
The Cisco Network Data Platform analyses and correlates network events through multiple sources (Netflow, SPAN) and identifies trends.
It uses this information to provide contextual information to the network cloud platform and identity services engine.
The Cisco Network Data Platform also provides network operational status and events to the management layer
Cisco Identity Services Engine
Cisco Identity Services Engine provides all the identity and policy services for the network and physical layer.
It provides network access control and identity services for dynamic endpoint-to-group mapping and policy definition in a number of ways.
Cisco ISE utilises 802.1X, MAC authentication bypass and Web Authentication.
Cisco ISE can also collect information about a host from other sources such as Active Directory and Amazon Web Services, and using it with other parts of the controller subsystems to place endpoints into the correct scalable group and host pool.
Identity Services Engine is used to program group based policies on network devices.