Chapter 5: Operations & Monitoring¶
Quick Navigation¶
| Section | Description |
|---|---|
| 5.1 Operational Framework | ITIL-aligned operations model |
| 5.2 DNAC Assurance | Health dashboards, analytics |
| 5.3 ISE Monitoring | RADIUS logs, profiling, posture |
| 5.4 Network Monitoring | SNMP, syslog, NetFlow |
| 5.5 Alerting Framework | Thresholds, escalation |
| 5.6 Incident Management | Response procedures, RCA |
| 5.7 Change Management | CAB process, templates |
| 5.8 Capacity Planning | Growth forecasting |
| 5.9 Troubleshooting | Common issues, resolution |
| 5.10 Performance Optimization | Tuning, best practices |
| 5.11 Backup & Recovery | Configuration management |
| 5.12 Compliance & Audit | Reporting, evidence |
5.1 Operational Framework¶
5.1.1 ITIL-Aligned Operating Model¶
+------------------------------------------------------------------+
| SD-ACCESS OPERATIONS MODEL |
+------------------------------------------------------------------+
+-------------------+
| Service Desk |
| (Tier 0/1) |
+-------------------+
|
+-------------+-------------+
| |
+-------------------+ +-------------------+
| Network Ops | | Security Ops |
| (Tier 2) | | (Tier 2) |
+-------------------+ +-------------------+
| |
+-------------+-------------+
|
+-------------------+
| Engineering |
| (Tier 3) |
+-------------------+
|
+-------------------+
| Vendor Support |
| (Cisco TAC) |
+-------------------+
5.1.2 Team Roles and Responsibilities¶
| Role | Responsibilities | Shift Coverage |
|---|---|---|
| NOC Analyst (Tier 1) | Alert monitoring, initial triage, ticket creation | 24×7 (3 shifts) |
| Network Engineer (Tier 2) | Troubleshooting, configuration changes, incident resolution | 16×5 + on-call |
| Security Analyst (Tier 2) | ISE policy, authentication issues, security incidents | 16×5 + on-call |
| SD-Access Engineer (Tier 3) | Complex issues, design changes, vendor escalation | Business hours + on-call |
| DNAC Administrator | Platform administration, software updates, integrations | Business hours |
| ISE Administrator | Policy management, certificate management, profiling | Business hours |
5.1.3 Operational KPIs¶
| KPI | Target | Measurement | Frequency |
|---|---|---|---|
| Network Availability | 99.99% | DNAC Assurance | Real-time |
| Mean Time to Detect (MTTD) | <5 minutes | Alert to ticket | Monthly |
| Mean Time to Resolve (MTTR) | <2 hours (P2) | Ticket closure | Monthly |
| Authentication Success Rate | >99.5% | ISE reports | Daily |
| Change Success Rate | >95% | Post-change validation | Monthly |
| First Call Resolution | >70% | Service desk metrics | Monthly |
5.1.4 Operational Runbook Structure¶
Runbooks:
Daily_Operations:
- Health_Check_Morning.md
- Health_Check_Evening.md
- Authentication_Report_Review.md
Weekly_Operations:
- Capacity_Review.md
- Security_Posture_Review.md
- Change_Review_Preparation.md
Monthly_Operations:
- Compliance_Report_Generation.md
- License_Usage_Review.md
- Performance_Baseline_Update.md
Incident_Response:
- Authentication_Failure_Triage.md
- Fabric_Node_Down.md
- WAN_Failover_Procedure.md
- ISE_PSN_Failover.md
Maintenance:
- Software_Upgrade_Procedure.md
- Certificate_Renewal.md
- Backup_Verification.md
5.2 DNAC Assurance Monitoring¶
5.2.1 Network Health Dashboard¶
+------------------------------------------------------------------+
| DNAC NETWORK HEALTH DASHBOARD |
+------------------------------------------------------------------+
| |
| OVERALL HEALTH: 97% [████████████████████░░░] |
| |
| +------------+ +------------+ +------------+ +------------+ |
| | WIRED | | WIRELESS | | CLIENTS | | APPS | |
| | 98% | | 95% | | 96% | | 99% | |
| | [████████] | | [███████░] | | [███████░] | | [████████] | |
| +------------+ +------------+ +------------+ +------------+ |
| |
| DEVICE HEALTH BY SITE: |
| +--------------------+-------+--------+--------+--------+ |
| | Site | Total | Good | Fair | Poor | |
| +--------------------+-------+--------+--------+--------+ |
| | Mumbai HQ | 52 | 50 | 2 | 0 | |
| | Chennai HQ | 40 | 39 | 1 | 0 | |
| | London HQ | 46 | 44 | 2 | 0 | |
| | Frankfurt HQ | 32 | 32 | 0 | 0 | |
| | New Jersey HQ | 56 | 54 | 1 | 1 | |
| | Dallas HQ | 36 | 35 | 1 | 0 | |
| +--------------------+-------+--------+--------+--------+ |
| |
+------------------------------------------------------------------+
5.2.2 Assurance Navigation¶
# DNAC Assurance > Health
Dashboard_Categories:
Network_Health:
Path: Assurance > Health > Network Health
Metrics:
- Overall Score
- Device Reachability
- Link Utilization
- Error Rates
Client_Health:
Path: Assurance > Health > Client Health
Metrics:
- Wired Client Score
- Wireless Client Score
- Onboarding Success Rate
- RSSI Distribution
Application_Health:
Path: Assurance > Health > Application Health
Metrics:
- Application Response Time
- Packet Loss
- Latency
- Throughput
Issue_Resolution:
Path: Assurance > Issues & Events
Categories:
- P1 (Critical)
- P2 (Major)
- P3 (Minor)
- P4 (Warning)
5.2.3 Key Health Metrics¶
Device Health Scoring
| Component | Weight | Metrics |
|---|---|---|
| Reachability | 25% | ICMP, SNMP response |
| CPU Utilization | 20% | Average, peak |
| Memory Utilization | 20% | Average, peak |
| Interface Errors | 15% | CRC, input/output errors |
| Environmental | 10% | Temperature, power supply |
| Software | 10% | Version compliance, bugs |
Client Health Scoring
| Component | Weight | Metrics |
|---|---|---|
| Onboarding | 30% | DHCP, AAA, association time |
| Connectivity | 25% | DNS resolution, gateway reachability |
| RSSI (Wireless) | 20% | Signal strength distribution |
| SNR (Wireless) | 15% | Signal-to-noise ratio |
| Data Rate | 10% | Throughput achieved |
5.2.4 Custom Dashboard Configuration¶
# Create Custom Dashboard
# Assurance > Dashboard > + Add Dashboard
Custom_Executive_Dashboard:
Name: SD-Access Executive Summary
Widgets:
- Type: Health_Trend
Data: Network_Health
Period: 7_days
- Type: Top_Issues
Data: All_Issues
Count: 10
- Type: Site_Comparison
Data: All_Sites
Metric: Health_Score
- Type: Authentication_Success
Data: ISE_Integration
Period: 24_hours
Custom_Operations_Dashboard:
Name: NOC Operations View
Widgets:
- Type: Real_Time_Alerts
Severity: P1, P2
- Type: Device_Status
Filter: Fabric_Nodes
- Type: Client_Onboarding
Metric: Success_Rate
Period: 1_hour
- Type: Fabric_Health
Components: LISP, VXLAN, SGT
5.2.5 Assurance API Queries¶
#!/usr/bin/env python3
"""
DNAC Assurance API - Health Monitoring Script
"""
import requests
import json
from datetime import datetime
DNAC_HOST = "https://dnac.corp.local"
USERNAME = "api-user"
PASSWORD = "<api_password>"
def get_auth_token():
"""Obtain authentication token from DNAC"""
url = f"{DNAC_HOST}/dna/system/api/v1/auth/token"
response = requests.post(url, auth=(USERNAME, PASSWORD), verify=False)
return response.json()["Token"]
def get_network_health(token):
"""Retrieve overall network health"""
url = f"{DNAC_HOST}/dna/intent/api/v1/network-health"
headers = {"X-Auth-Token": token, "Content-Type": "application/json"}
response = requests.get(url, headers=headers, verify=False)
return response.json()
def get_client_health(token):
"""Retrieve client health summary"""
url = f"{DNAC_HOST}/dna/intent/api/v1/client-health"
headers = {"X-Auth-Token": token, "Content-Type": "application/json"}
timestamp = int(datetime.now().timestamp() * 1000)
params = {"timestamp": timestamp}
response = requests.get(url, headers=headers, params=params, verify=False)
return response.json()
def get_issues(token, priority="P1"):
"""Retrieve active issues by priority"""
url = f"{DNAC_HOST}/dna/intent/api/v1/issues"
headers = {"X-Auth-Token": token, "Content-Type": "application/json"}
params = {
"priority": priority,
"issueStatus": "active"
}
response = requests.get(url, headers=headers, params=params, verify=False)
return response.json()
def main():
token = get_auth_token()
# Get network health
network_health = get_network_health(token)
print(f"Network Health Score: {network_health['response'][0]['healthScore']}%")
# Get client health
client_health = get_client_health(token)
print(f"Client Health Score: {client_health['response'][0]['scoreDetail'][0]['scoreValue']}%")
# Get P1 issues
issues = get_issues(token, "P1")
print(f"Active P1 Issues: {len(issues.get('response', []))}")
if __name__ == "__main__":
main()
5.3 ISE Monitoring and Reporting¶
5.3.1 ISE Dashboard Overview¶
+------------------------------------------------------------------+
| ISE OPERATIONS DASHBOARD |
+------------------------------------------------------------------+
| |
| AUTHENTICATION SUMMARY (Last 24 Hours) |
| +----------------+ +----------------+ +----------------+ |
| | PASSED | | FAILED | | SUCCESS RATE | |
| | 47,523 | | 234 | | 99.51% | |
| +----------------+ +----------------+ +----------------+ |
| |
| AUTHENTICATION BY METHOD: |
| +------------------+----------+----------+----------+ |
| | Method | Passed | Failed | Rate | |
| +------------------+----------+----------+----------+ |
| | 802.1X (EAP-TLS) | 28,450 | 45 | 99.84% | |
| | 802.1X (PEAP) | 8,230 | 67 | 99.19% | |
| | MAB | 10,843 | 122 | 98.89% | |
| +------------------+----------+----------+----------+ |
| |
| PSN NODE STATUS: |
| +------------------+----------+----------+----------+ |
| | Node | Status | Auth/sec | CPU | |
| +------------------+----------+----------+----------+ |
| | PSN-MUM-1 | Active | 12.4 | 35% | |
| | PSN-MUM-2 | Active | 11.8 | 32% | |
| | PSN-CHN-1 | Active | 9.6 | 28% | |
| | PSN-CHN-2 | Active | 9.2 | 26% | |
| | PSN-LON-1 | Active | 11.2 | 33% | |
| | PSN-LON-2 | Active | 10.8 | 31% | |
| +------------------+----------+----------+----------+ |
| |
+------------------------------------------------------------------+
5.3.2 ISE Live Logs Analysis¶
# Operations > RADIUS > Live Logs
Key_Filters:
Failed_Authentications:
Status: "Failed"
Time_Range: "Last 1 Hour"
Export: CSV for analysis
Specific_User:
Username: "user@corp.local"
Time_Range: "Last 24 Hours"
Specific_Endpoint:
MAC_Address: "AA:BB:CC:DD:EE:FF"
Time_Range: "Last 24 Hours"
By_Policy:
Authentication_Policy: "WIRED-ACCESS"
Authorization_Policy: "Employee-Full"
Common_Failure_Reasons:
5400: Authentication failed
5411: Supplicant stopped responding
5417: Dynamic authorization failed
5440: Endpoint not found
12302: Unknown NAS
12514: EAP-TLS failed
22028: Authentication timed out
24408: User not found in identity store
24459: Wrong password
5.3.3 ISE Reports¶
Scheduled Reports Configuration
# Operations > Reports > Report Scheduler
Scheduled_Reports:
Daily_Authentication_Summary:
Report: Authentication Summary
Schedule: Daily at 06:00 UTC
Recipients: noc@corp.local
Format: PDF, CSV
Weekly_Profiler_Report:
Report: Profiled Endpoints Summary
Schedule: Weekly (Monday 08:00 UTC)
Recipients: security-team@corp.local
Format: PDF
Monthly_Compliance_Report:
Report: Posture Compliance
Schedule: Monthly (1st, 08:00 UTC)
Recipients: compliance@corp.local
Format: PDF
Weekly_Failed_Auth_Report:
Report: RADIUS Authentication Troubleshooting
Filter: Status = Failed
Schedule: Weekly (Friday 17:00 UTC)
Recipients: network-team@corp.local
Format: CSV
Key ISE Reports
| Report Category | Report Name | Use Case |
|---|---|---|
| Authentication | RADIUS Authentication Summary | Overall auth health |
| Authentication | Top N Authentications by Failure | Troubleshooting |
| Authentication | RADIUS Accounting | Session tracking |
| Endpoints | Profiled Endpoints Summary | Device inventory |
| Endpoints | Endpoint MAC Authentication | MAB analysis |
| Posture | Posture Assessment by Condition | Compliance status |
| Guest | Guest Activity Report | Guest access audit |
| Device Admin | TACACS Authentication | Admin access audit |
5.3.4 ISE MnT (Monitoring and Troubleshooting)¶
# Operations > Troubleshoot > Diagnostic Tools
Diagnostic_Tools:
RADIUS_Authentication:
Path: Operations > RADIUS > Live Logs
Use: Real-time authentication monitoring
Endpoint_Debug:
Path: Operations > Troubleshoot > Endpoint Debug
Use: Detailed endpoint troubleshooting
Enable: Per endpoint MAC address
Duration: 15 minutes default
Evaluate_Configuration:
Path: Operations > Troubleshoot > Evaluate Configuration
Use: Test policy without actual authentication
Input: Username, MAC, NAS details
TCP_Dump:
Path: Operations > Troubleshoot > TCP Dump
Use: Packet capture for analysis
Interface: Select PSN node
Filter: RADIUS port 1812/1813
Session_Trace:
Path: Operations > Troubleshoot > Session Trace
Use: End-to-end session analysis
Enable: Per session or endpoint
5.3.5 ISE Monitoring CLI Commands¶
# SSH to ISE node
ssh admin@ise-pan-nj.corp.local
# Check application status
show application status ise
# Check RADIUS statistics
show logging application radius-live.log tail count 100
# Check PSN queue status
show ise internal psn-queue-status
# Check MnT database status
show ise internal mnts db-status
# Check replication status
show ise internal cluster replication
# Check certificate status
show ise internal certificates
# Check licensing
show license all
# Performance metrics
show cpu usage
show memory
show repository list
5.4 Network Monitoring¶
5.4.1 SNMP Monitoring Configuration¶
Device SNMP Configuration
! SNMPv3 Configuration on Fabric Nodes
snmp-server group DNAC-GROUP v3 priv
snmp-server user dnac-snmp DNAC-GROUP v3 auth sha <auth_password> priv aes 128 <priv_password>
snmp-server host 10.252.10.10 version 3 priv dnac-snmp
! SNMP Traps
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan no-resp
5.4.2 Syslog Configuration¶
Device Syslog Configuration
! Syslog Configuration
logging buffered 65536 informational
logging host 10.252.1.30 transport udp port 514
logging host 10.252.1.31 transport udp port 514
logging source-interface Loopback0
logging trap informational
! Structured syslog for ISE profiling
logging discriminator ISE-PROFILING severity includes 6
logging host 10.252.30.10 discriminator ISE-PROFILING transport udp port 1514
! Timestamp configuration
service timestamps log datetime msec localtime show-timezone
service timestamps debug datetime msec localtime show-timezone
Syslog Severity Levels
| Level | Name | Description | Action |
|---|---|---|---|
| 0 | Emergency | System unusable | Page on-call |
| 1 | Alert | Immediate action needed | Page on-call |
| 2 | Critical | Critical conditions | Alert NOC |
| 3 | Error | Error conditions | Alert NOC |
| 4 | Warning | Warning conditions | Log, review |
| 5 | Notice | Normal but significant | Log |
| 6 | Informational | Informational messages | Log |
| 7 | Debug | Debug messages | Troubleshooting only |
5.4.3 NetFlow Configuration¶
! NetFlow/Flexible NetFlow Configuration
flow exporter DNAC-EXPORTER
destination 10.252.10.10
source Loopback0
transport udp 9996
template data timeout 60
option interface-table
option sampler-table
flow record FABRIC-RECORD
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match ipv4 tos
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor FABRIC-MONITOR
record FABRIC-RECORD
exporter DNAC-EXPORTER
cache timeout active 60
cache timeout inactive 15
! Apply to interfaces
interface range GigabitEthernet1/0/1-48
ip flow monitor FABRIC-MONITOR input
ip flow monitor FABRIC-MONITOR output
5.4.4 Fabric-Specific Monitoring¶
! LISP Monitoring Commands
show lisp site
show lisp instance-id 8001 ipv4 database
show lisp instance-id 8001 ipv4 map-cache
show lisp session
! VXLAN Monitoring
show vxlan tunnel
show vxlan vni
show vxlan interface
! CTS/SGT Monitoring
show cts environment-data
show cts role-based permissions
show cts role-based sgt-map all
show cts role-based counters
! 802.1X Monitoring
show authentication sessions
show authentication interface <interface> details
show dot1x all summary
! Fabric Wireless Monitoring (on WLC)
show wireless fabric summary
show wireless profile fabric detailed <profile>
show wireless client summary
5.5 Alerting and Notification¶
5.5.1 Alert Severity Matrix¶
| Severity | Response Time | Examples | Notification |
|---|---|---|---|
| P1 - Critical | 15 minutes | Fabric site down, ISE PAN failure, DNAC cluster issue | SMS + Phone + Email |
| P2 - Major | 1 hour | Single node failure, auth success <95%, high CPU | Email + SMS |
| P3 - Minor | 4 hours | Non-critical device down, capacity warning | |
| P4 - Warning | 8 hours | Performance degradation, license warning | Email (batch) |
5.5.2 DNAC Alert Configuration¶
# Platform > Developer Toolkit > Event Notifications
Event_Subscriptions:
Critical_Device_Events:
Events:
- DEVICE_UNREACHABLE
- INTERFACE_DOWN (uplinks)
- HIGH_CPU_UTILIZATION (>90%)
- HIGH_MEMORY_UTILIZATION (>90%)
Notification:
Type: Email, Webhook
Recipients: noc-critical@corp.local
Webhook: https://incident-mgmt.corp.local/api/v1/alerts
Fabric_Events:
Events:
- FABRIC_SITE_DOWN
- LISP_SESSION_DOWN
- VXLAN_TUNNEL_DOWN
- CONTROL_PLANE_UNREACHABLE
Notification:
Type: Email, Webhook
Recipients: network-team@corp.local
Authentication_Events:
Events:
- AUTH_SUCCESS_RATE_LOW (<95%)
- ISE_PSN_UNREACHABLE
- RADIUS_TIMEOUT
Notification:
Type: Email
Recipients: security-team@corp.local
Compliance_Events:
Events:
- DEVICE_CONFIG_DRIFT
- SOFTWARE_VERSION_MISMATCH
- SECURITY_ADVISORY_MATCH
Notification:
Type: Email
Recipients: compliance@corp.local
5.5.3 Webhook Integration¶
#!/usr/bin/env python3
"""
DNAC Webhook Receiver for Alert Processing
"""
from flask import Flask, request, jsonify
import json
import smtplib
from email.mime.text import MIMEText
app = Flask(__name__)
# Alert thresholds
CRITICAL_EVENTS = ['DEVICE_UNREACHABLE', 'FABRIC_SITE_DOWN', 'ISE_PSN_UNREACHABLE']
MAJOR_EVENTS = ['INTERFACE_DOWN', 'HIGH_CPU_UTILIZATION', 'LISP_SESSION_DOWN']
@app.route('/api/v1/alerts', methods=['POST'])
def receive_alert():
"""Process incoming DNAC alerts"""
try:
alert_data = request.json
event_type = alert_data.get('eventId')
severity = alert_data.get('severity')
device = alert_data.get('details', {}).get('deviceName', 'Unknown')
description = alert_data.get('description', 'No description')
# Determine priority
if event_type in CRITICAL_EVENTS:
priority = 'P1'
send_sms_alert(device, description)
elif event_type in MAJOR_EVENTS:
priority = 'P2'
else:
priority = 'P3'
# Create incident ticket
ticket_id = create_incident_ticket(
priority=priority,
device=device,
event=event_type,
description=description
)
# Send email notification
send_email_alert(priority, device, event_type, description, ticket_id)
return jsonify({'status': 'processed', 'ticket_id': ticket_id})
except Exception as e:
return jsonify({'status': 'error', 'message': str(e)}), 500
def create_incident_ticket(priority, device, event, description):
"""Create incident ticket in ITSM system"""
# Integration with ServiceNow, Remedy, etc.
# Return ticket ID
return f"INC{hash(device+event) % 1000000:06d}"
def send_email_alert(priority, device, event, description, ticket_id):
"""Send email notification"""
msg = MIMEText(f"""
Priority: {priority}
Device: {device}
Event: {event}
Description: {description}
Ticket: {ticket_id}
""")
msg['Subject'] = f"[{priority}] Network Alert: {event} on {device}"
msg['From'] = 'noc-alerts@corp.local'
msg['To'] = 'noc@corp.local'
# Send email
with smtplib.SMTP('smtp.corp.local') as server:
server.send_message(msg)
def send_sms_alert(device, description):
"""Send SMS for critical alerts"""
# Integration with SMS gateway
pass
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8080)
5.5.4 Escalation Matrix¶
+------------------------------------------------------------------+
| ESCALATION MATRIX |
+------------------------------------------------------------------+
Time Since P1 (Critical) P2 (Major) P3 (Minor)
Detection
----------- ---------------- ---------------- ----------------
0-15 min NOC Analyst NOC Analyst NOC Analyst
(Acknowledge) (Acknowledge) (Acknowledge)
15-30 min Network Engineer - -
(Tier 2 engaged)
30-60 min SD-Access Engineer Network Engineer -
(Tier 3 engaged) (Tier 2 engaged)
1-2 hours Network Manager - Network Engineer
(Management aware)
2-4 hours IT Director SD-Access Engineer -
Cisco TAC opened (Tier 3 engaged)
4+ hours CTO/VP Network Manager SD-Access Engineer
Executive bridge
5.6 Incident Management¶
5.6.1 Incident Classification¶
| Category | Sub-Category | Priority | SLA Response | SLA Resolve |
|---|---|---|---|---|
| Fabric | Site down | P1 | 15 min | 2 hours |
| Fabric | Node failure | P2 | 30 min | 4 hours |
| Authentication | Mass auth failure | P1 | 15 min | 2 hours |
| Authentication | User auth issue | P3 | 2 hours | 8 hours |
| Connectivity | Cross-site | P2 | 30 min | 4 hours |
| Connectivity | Local segment | P3 | 2 hours | 8 hours |
| Performance | Degradation >50% | P2 | 30 min | 4 hours |
| Performance | Minor degradation | P4 | 4 hours | 24 hours |
| Security | SGT bypass | P1 | 15 min | 2 hours |
| Security | Policy violation | P3 | 2 hours | 8 hours |
5.6.2 Incident Response Workflow¶
+------------------------------------------------------------------+
| INCIDENT RESPONSE WORKFLOW |
+------------------------------------------------------------------+
[Alert Triggered]
|
v
+-------------+
| Detection |---> Is this a real issue?
| & Triage | NO: Close as false positive
+-------------+
| YES
v
+-------------+
| Classify |---> Assign Priority (P1-P4)
| & Assign | Assign to appropriate team
+-------------+
|
v
+-------------+
| Investigate |---> Gather diagnostic data
| | Identify root cause
+-------------+
|
v
+-------------+
| Resolve |---> Implement fix
| | Verify resolution
+-------------+
|
v
+-------------+
| Close & |---> Update knowledge base
| Document | Create RCA (if P1/P2)
+-------------+
5.6.3 Incident Response Procedures¶
P1 Incident - Fabric Site Down
INCIDENT: FABRIC SITE DOWN
Priority: P1
SLA: 2 hours to resolve
STEP 1: Initial Assessment (0-5 minutes)
- Identify affected site from DNAC Assurance
- Determine scope: Full site or partial
- Check recent changes in change log
- Notify stakeholders via incident bridge
STEP 2: Diagnostics (5-15 minutes)
- Check Border Node status
show lisp site
show vxlan tunnel
show isis neighbors
- Check Control Plane status
show lisp session
- Check underlay connectivity
ping <loopback_addresses> source Loopback0
- Check ISE PSN connectivity
show radius server-group RADIUS-GROUP
STEP 3: Isolation (15-30 minutes)
- Identify failed component(s)
- Check hardware status (fans, power, temperature)
- Check interface status
- Review syslog for errors
STEP 4: Resolution (30-120 minutes)
Option A: Hardware failure
- Failover to redundant node (if available)
- Initiate RMA process
Option B: Software issue
- Reload affected device
- Roll back recent configuration change
Option C: Connectivity issue
- Fix underlay routing issue
- Repair physical link
STEP 5: Verification
- Confirm LISP registrations restored
- Verify VXLAN tunnels established
- Test user authentication
- Confirm application connectivity
STEP 6: Post-Incident
- Complete incident ticket
- Schedule RCA within 24 hours
- Update runbook if new scenario
P2 Incident - Authentication Failure
INCIDENT: MASS AUTHENTICATION FAILURE
Priority: P2
SLA: 4 hours to resolve
STEP 1: Scope Assessment
- Check ISE live logs for failure patterns
- Identify affected:
- Site(s)
- Authentication method (dot1x, MAB)
- User type (employees, guests, devices)
STEP 2: ISE Diagnostics
# On ISE GUI:
Operations > RADIUS > Live Logs
Filter: Status = Failed
Group by: Failure Reason
# Common failure reasons:
- 5400: Authentication failed (check AD)
- 22028: Authentication timeout (check PSN)
- 24408: User not found (check identity source)
- 12302: Unknown NAS (check RADIUS clients)
STEP 3: Resolution based on cause
Cause: ISE PSN overloaded
- Check PSN CPU/memory
- Redistribute load across node group
- Add temporary PSN capacity
Cause: AD connectivity
- Test AD connectivity from ISE
- Check AD domain controller health
- Verify service account credentials
Cause: Certificate issue
- Check certificate validity
- Verify certificate trust chain
- Renew if expired
Cause: Policy misconfiguration
- Review recent policy changes
- Roll back to previous working policy
- Test with policy evaluation tool
STEP 4: Verification
- Monitor live logs for successful auths
- Confirm auth success rate >99%
- Test sample users from affected scope
5.6.4 Root Cause Analysis Template¶
# ROOT CAUSE ANALYSIS (RCA)
## Incident Details
- Incident ID: INC-XXXXXX
- Priority: P1/P2
- Duration: X hours Y minutes
- Affected Sites: [List]
- Affected Users: [Count]
## Timeline
| Time (UTC) | Event |
|------------|-------|
| HH:MM | Alert triggered |
| HH:MM | Incident acknowledged |
| HH:MM | Tier 2 engaged |
| HH:MM | Root cause identified |
| HH:MM | Fix implemented |
| HH:MM | Service restored |
| HH:MM | Incident closed |
## Root Cause
[Detailed technical description of root cause]
## Impact
- Business Impact: [Description]
- User Impact: [Number of users, duration]
- Revenue Impact: [If applicable]
## Resolution
[Steps taken to resolve the incident]
## Preventive Actions
| Action | Owner | Due Date | Status |
|--------|-------|----------|--------|
| [Action 1] | [Owner] | [Date] | [ ] |
| [Action 2] | [Owner] | [Date] | [ ] |
## Lessons Learned
- [Lesson 1]
- [Lesson 2]
## Approvals
- Network Lead: _____________ Date: _______
- Operations Manager: _____________ Date: _______
5.7 Change Management¶
5.7.1 Change Types¶
| Type | Description | Approval | Lead Time | Window |
|---|---|---|---|---|
| Standard | Pre-approved, low risk | Auto-approved | 24 hours | Anytime |
| Normal | Planned, documented | CAB | 5 business days | Maintenance |
| Emergency | Critical fix required | Emergency CAB | 2 hours | Immediate |
| Major | High impact, multiple sites | CAB + Steering | 10 business days | Weekend |
5.7.2 Change Request Template¶
# CHANGE REQUEST FORM
CR_Number: CHG-XXXXXX
Requestor: [Name]
Date_Submitted: YYYY-MM-DD
# Change Details
Title: [Short description]
Description: |
[Detailed description of the change]
Change_Type: [Standard | Normal | Emergency | Major]
Category: [Network | Security | Application | Infrastructure]
Priority: [Low | Medium | High | Critical]
# Scope
Affected_Systems:
- [Device/System 1]
- [Device/System 2]
Affected_Sites:
- [Site 1]
- [Site 2]
Affected_Users: [Number]
# Schedule
Requested_Date: YYYY-MM-DD
Requested_Time: HH:MM UTC
Estimated_Duration: [X hours]
Maintenance_Window: [Yes/No]
# Risk Assessment
Risk_Level: [Low | Medium | High]
Risk_Description: |
[Potential risks and mitigations]
# Implementation Plan
Pre_Change_Steps:
1. [Step 1]
2. [Step 2]
Change_Steps:
1. [Step 1]
2. [Step 2]
Post_Change_Steps:
1. [Validation 1]
2. [Validation 2]
# Rollback Plan
Rollback_Trigger: [Conditions for rollback]
Rollback_Steps:
1. [Step 1]
2. [Step 2]
Rollback_Duration: [X minutes]
# Approvals
Technical_Approval: [Name] Date: _______
Business_Approval: [Name] Date: _______
CAB_Approval: [Date of CAB meeting]
5.7.3 DNAC Configuration Archive¶
# Design > Network Settings > Configuration Archive
Archive_Settings:
Schedule: Daily at 02:00 UTC
Retention: 90 days
Storage: Local + External SFTP
External_Repository:
Type: SFTP
Server: config-backup.corp.local
Path: /backups/dnac-configs/
Username: backup-user
Authentication: SSH Key
Compare_Configurations:
# Tools > Configuration Archive > Compare
Baseline: [Select reference config]
Current: [Select current config]
View: Side-by-side diff
Configuration_Compliance:
# Provision > Templates > Compliance
Enable: Yes
Check_Interval: 24 hours
Alert_on_Drift: Yes
Auto_Remediate: No (manual approval)
5.7.4 Change Calendar¶
+------------------------------------------------------------------+
| MONTHLY CHANGE CALENDAR |
+------------------------------------------------------------------+
| Week 1 |
| Mon: No changes (Month-end close) |
| Tue-Thu: Normal changes |
| Fri: Standard changes only |
| Sat-Sun: Major changes (if approved) |
| |
| Week 2 |
| Mon-Thu: Normal changes |
| Fri: Standard changes only |
| Sat-Sun: Major changes (if approved) |
| |
| Week 3 |
| Mon-Thu: Normal changes |
| Fri: Standard changes only |
| Sat-Sun: Major changes (if approved) |
| |
| Week 4 |
| Mon-Wed: Normal changes |
| Thu: Change freeze begins |
| Fri-Sun: Emergency changes only |
| |
| Blackout Dates: [List company-specific blackout periods] |
+------------------------------------------------------------------+
5.8 Capacity Planning¶
5.8.1 Capacity Metrics¶
| Resource | Current | Threshold | Capacity | Growth Rate |
|---|---|---|---|---|
| Managed Devices | 854 | 6,400 | 8,000 (DNAC) | +5%/year |
| Endpoints | 19,000 | 160,000 | 200,000 (ISE) | +10%/year |
| Auth/sec (peak) | 47.5 | 380 | 475 (ISE cluster) | +10%/year |
| Fabric Sites | 36 | 80 | 100 (DNAC) | +2/year |
| Virtual Networks | 5 | 64 | 64 (per fabric) | +1/year |
| SGTs | 12 | 65,000 | 65,535 | Stable |
5.8.2 Capacity Planning Formula¶
CAPACITY GROWTH PROJECTION
Year 0 (Current):
Devices: 854
Endpoints: 19,000
Auth_Rate: 47.5/sec
Year 1 Projection:
Devices: 854 × 1.05 = 897
Endpoints: 19,000 × 1.10 = 20,900
Auth_Rate: 47.5 × 1.10 = 52.3/sec
Year 3 Projection:
Devices: 854 × (1.05)³ = 989
Endpoints: 19,000 × (1.10)³ = 25,289
Auth_Rate: 47.5 × (1.10)³ = 63.2/sec
Year 5 Projection:
Devices: 854 × (1.05)⁵ = 1,090
Endpoints: 19,000 × (1.10)⁵ = 30,602
Auth_Rate: 47.5 × (1.10)⁵ = 76.5/sec
CAPACITY UTILIZATION (Year 5):
DNAC: 1,090 / 8,000 = 13.6% (Healthy)
ISE Endpoints: 30,602 / 200,000 = 15.3% (Healthy)
ISE Auth Rate: 76.5 / 475 = 16.1% (Healthy)
5.8.3 Capacity Monitoring Dashboard¶
#!/usr/bin/env python3
"""
Capacity Monitoring Script
"""
import requests
import json
def check_dnac_capacity(dnac_host, token):
"""Check DNAC device capacity"""
headers = {"X-Auth-Token": token}
# Get device count
url = f"{dnac_host}/dna/intent/api/v1/network-device/count"
response = requests.get(url, headers=headers, verify=False)
device_count = response.json()['response']
max_devices = 8000 # DN2-HW-APL-XL cluster
utilization = (device_count / max_devices) * 100
return {
'current': device_count,
'max': max_devices,
'utilization': round(utilization, 2),
'status': 'OK' if utilization < 80 else 'WARNING' if utilization < 90 else 'CRITICAL'
}
def check_ise_capacity(ise_host, username, password):
"""Check ISE endpoint capacity via ERS API"""
auth = (username, password)
headers = {'Accept': 'application/json'}
# Get endpoint count
url = f"{ise_host}/ers/config/endpoint?size=1"
response = requests.get(url, auth=auth, headers=headers, verify=False)
total = response.json()['SearchResult']['total']
max_endpoints = 200000 # ISE 3.x cluster
utilization = (total / max_endpoints) * 100
return {
'current': total,
'max': max_endpoints,
'utilization': round(utilization, 2),
'status': 'OK' if utilization < 80 else 'WARNING' if utilization < 90 else 'CRITICAL'
}
def generate_capacity_report():
"""Generate weekly capacity report"""
# Implementation for capacity trending
pass
5.9 Troubleshooting Guides¶
5.9.1 Authentication Troubleshooting¶
+------------------------------------------------------------------+
| AUTHENTICATION TROUBLESHOOTING FLOWCHART |
+------------------------------------------------------------------+
User Cannot Authenticate
|
v
+----------------+
| Check ISE |---> Authentication in live logs?
| Live Logs |
+----------------+
|
+-----+-----+
| |
YES NO
| |
v v
+--------+ +------------------+
| Check | | Check switch |
| Failure| | connectivity |
| Reason | +------------------+
+--------+ |
| v
v +----------------+
[See | Check RADIUS |
Table | config on NAS |
Below] | show radius |
| show aaa |
+----------------+
Common ISE Failure Reasons and Resolutions
| Error Code | Failure Reason | Resolution |
|---|---|---|
| 5400 | Authentication failed | Check user credentials in AD |
| 5411 | Supplicant stopped responding | Check client supplicant config |
| 5417 | Dynamic authorization failed | Check CoA configuration |
| 5440 | Endpoint not found in portal | Check guest portal config |
| 12302 | Unknown NAS | Add device to network devices |
| 12514 | EAP-TLS failed | Check client certificate |
| 22028 | Authentication timed out | Check PSN reachability |
| 24408 | User not found | Check identity source sequence |
| 24459 | Wrong password | User password issue |
Switch-Side Authentication Debugging
! Enable authentication debugging
debug authentication all
debug dot1x all
debug radius authentication
debug radius verbose
! Check authentication session
show authentication sessions interface Gi1/0/10 details
! Expected output analysis:
! - Session ID: Unique identifier
! - Method: Should show dot1x or mab
! - Status: Should be "Authorized"
! - SGT: Should show assigned SGT value
! - VLAN: Should match expected VLAN
! Check RADIUS connectivity
test aaa group RADIUS-GROUP admin <password> new-code
! Clear and restart authentication
authentication restart interface Gi1/0/10
5.9.2 Fabric Troubleshooting¶
LISP Troubleshooting
! Check LISP site registrations (on Control Plane)
show lisp site
! All edge nodes should be registered
! Check LISP database (on Edge Node)
show lisp instance-id 8001 ipv4 database
! Should show locally attached EIDs
! Check LISP map-cache (on Edge Node)
show lisp instance-id 8001 ipv4 map-cache
! Should show remote EID-to-RLOC mappings
! Verify LISP session
show lisp session
! Session to CP nodes should be established
! Debug LISP (use with caution)
debug lisp control-plane all
VXLAN Troubleshooting
! Check VXLAN tunnels
show vxlan tunnel
! All tunnels should show "UP"
! Check VXLAN VNI mapping
show vxlan vni
! VNIs should match configured VNs
! Check VXLAN interface
show vxlan interface
! NVE interface should be up
! Verify VXLAN encapsulation
show interface nve1
! Trace packet path through fabric
traceroute vrf VN_CORPORATE <destination_ip>
Underlay Troubleshooting
! Check IS-IS adjacencies
show isis neighbors
! All expected neighbors should be UP
! Check IS-IS database
show isis database detail
! All nodes should have LSP entries
! Check BFD status
show bfd neighbors
! BFD sessions should be UP
! Verify underlay reachability
ping <remote_loopback> source Loopback0
! Check MTU (must support jumbo frames)
ping <remote_loopback> source Loopback0 size 9000 df-bit
5.9.3 Wireless Troubleshooting¶
! On WLC - Check client status
show wireless client summary
show wireless client mac-address <mac> detail
! Check AP fabric status
show ap summary
show ap name <ap-name> config general
! Check fabric connectivity
show wireless fabric summary
show wireless profile fabric detailed <profile>
! Debug wireless client
debug client mac-address <mac>
! Check RADIUS authentication
show radius server-group all
test aaa radius <server-ip> <username> <password>
! Check wireless SGT assignment
show wireless client mac-address <mac> detail | include SGT
5.9.4 Quick Reference Troubleshooting Commands¶
+------------------------------------------------------------------+
| QUICK TROUBLESHOOTING REFERENCE |
+------------------------------------------------------------------+
COMPONENT | VERIFY COMMAND | EXPECTED
-------------------|-----------------------------------|------------------
IS-IS | show isis neighbors | All UP
LISP | show lisp site | All registered
VXLAN | show vxlan tunnel | All UP
SGT | show cts role-based sgt-map all | IP-SGT bindings
802.1X | show authentication sessions | Sessions present
RADIUS | test aaa group <name> <u> <p> | Success
BFD | show bfd neighbors | All UP
MTU | ping x.x.x.x size 9000 df-bit | Success
WLC Fabric | show wireless fabric summary | Enabled
Client Auth | show auth session int <if> det | Authorized
5.10 Performance Optimization¶
5.10.1 DNAC Performance Tuning¶
# System > Settings > System Configuration
Performance_Settings:
Discovery_Threads: 10 (default)
Inventory_Sync_Interval: 25 minutes
Assurance_Collection_Interval: 5 minutes
Configuration_Archive_Schedule: Daily
Database_Optimization:
# Automatic maintenance runs nightly
# Manual optimization if needed:
# System > System 360 > Database Health
Log_Retention:
Audit_Logs: 365 days
System_Logs: 90 days
Assurance_Data: 14 days (detailed), 90 days (summary)
5.10.2 ISE Performance Tuning¶
# Administration > System > Settings
Performance_Settings:
RADIUS_Request_Timeout: 5 seconds
RADIUS_Connection_Attempts: 2
Session_Timeout: 28800 seconds (8 hours)
Idle_Timeout: 1800 seconds (30 minutes)
Profiler_Optimization:
# Reduce unnecessary probes
NMAP_Probe: Disabled (unless required)
SNMP_Probe: Enabled (selective)
NetFlow_Probe: Enabled (from key switches only)
Database_Maintenance:
MnT_Purge_Interval: 7 days (detailed logs)
Endpoint_Purge: 90 days (inactive)
PSN_Load_Balancing:
Method: Round-robin
Health_Check_Interval: 30 seconds
5.10.3 Switch Performance Tuning¶
! Optimize authentication timers
interface range GigabitEthernet1/0/1-48
authentication timer reauthenticate 28800
authentication timer inactivity 1800
dot1x timeout tx-period 10
dot1x max-reauth-req 2
! Optimize RADIUS timeouts
radius-server timeout 5
radius-server retransmit 2
radius-server deadtime 15
! Optimize spanning-tree for faster convergence
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
! Optimize for fabric
ip tcp path-mtu-discovery
5.11 Backup and Recovery¶
5.11.1 Backup Schedule¶
| System | Backup Type | Frequency | Retention | Location |
|---|---|---|---|---|
| DNAC | Full system | Weekly (Sunday 02:00) | 4 weeks | NFS + offsite |
| DNAC | Configuration | Daily (02:00) | 90 days | NFS |
| ISE | Full system | Weekly (Sunday 03:00) | 4 weeks | SFTP + offsite |
| ISE | Configuration | Daily (03:00) | 90 days | SFTP |
| Network Devices | Running config | Daily (02:00) | 90 days | TFTP/SCP |
5.11.2 DNAC Backup Procedure¶
# System > Settings > Backup & Restore
Backup_Configuration:
Destination: NFS
NFS_Server: backup.corp.local
NFS_Path: /backups/dnac/
Schedule:
Full_Backup: Weekly (Sunday 02:00 UTC)
Config_Backup: Daily (02:00 UTC)
Manual_Backup:
# System > Settings > Backup & Restore > Backup Now
Type: Full Backup
Encryption: AES-256
Password: <backup_encryption_password>
Backup_Verification:
# Monthly test restore to lab environment
Test_Frequency: Monthly
Validation: Confirm all data restored
5.11.3 ISE Backup Procedure¶
# CLI Backup
ssh admin@ise-pan-nj.corp.local
# Configure repository
repository BACKUP-REPO
url sftp://backup.corp.local/ise-backups/
user backup-user password plain <password>
# Perform backup
backup DAILY-BACKUP repository BACKUP-REPO ise-config encryption-key plain <key>
# Schedule backup
# Administration > System > Backup & Restore > Schedule
# Verify backup
show backup history
# Restore procedure (if needed)
restore DAILY-BACKUP repository BACKUP-REPO encryption-key plain <key>
5.11.4 Network Device Backup¶
#!/usr/bin/env python3
"""
Network Device Configuration Backup Script
"""
import paramiko
import datetime
import os
DEVICES = [
{'name': 'MUM-BN-01', 'ip': '10.252.12.1', 'type': 'cisco_ios'},
{'name': 'MUM-BN-02', 'ip': '10.252.12.2', 'type': 'cisco_ios'},
# Add all devices
]
USERNAME = 'netadmin'
PASSWORD = '<password>'
BACKUP_DIR = '/backups/network-configs/'
def backup_device(device):
"""Backup single device configuration"""
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(device['ip'], username=USERNAME, password=PASSWORD)
stdin, stdout, stderr = ssh.exec_command('show running-config')
config = stdout.read().decode()
# Save to file
date = datetime.datetime.now().strftime('%Y%m%d')
filename = f"{BACKUP_DIR}{device['name']}_{date}.txt"
with open(filename, 'w') as f:
f.write(config)
ssh.close()
return True
except Exception as e:
print(f"Error backing up {device['name']}: {e}")
return False
def main():
os.makedirs(BACKUP_DIR, exist_ok=True)
success = 0
failed = 0
for device in DEVICES:
if backup_device(device):
success += 1
else:
failed += 1
print(f"Backup complete: {success} success, {failed} failed")
if __name__ == '__main__':
main()
5.11.5 Disaster Recovery Procedure¶
+------------------------------------------------------------------+
| DISASTER RECOVERY PROCEDURE |
+------------------------------------------------------------------+
SCENARIO: Primary DNAC Cluster Failure (New Jersey)
Step 1: Assess Situation
- Confirm primary cluster is unrecoverable
- Verify DR site (London) infrastructure ready
- Notify stakeholders
Step 2: Activate DR DNAC Cluster
- Power on DR DNAC nodes (if cold standby)
- Restore latest backup to DR cluster
- Update DNS: dnac.corp.local -> DR cluster IP
Step 3: Reconnect Network Devices
- Devices will auto-reconnect to new DNAC IP via DNS
- Verify device inventory in DR DNAC
- Re-establish Assurance data collection
Step 4: Reconnect ISE Integration
- Update DNAC-ISE integration settings
- Verify pxGrid connection
- Test authentication policies
Step 5: Validation
- Verify all sites visible in DNAC
- Confirm Assurance data flowing
- Test device provisioning
- Validate policy deployment
Step 6: Communication
- Notify operations team of new procedures
- Update runbooks with DR DNAC details
- Schedule review of incident
RTO Target: 4 hours
RPO Target: 24 hours (daily backup)
5.12 Compliance and Audit¶
5.12.1 Compliance Reporting¶
| Regulation | Requirement | ISE/DNAC Feature | Report |
|---|---|---|---|
| PCI-DSS 7.1 | Access control | Authorization policies | ISE Auth Report |
| PCI-DSS 8.1 | User identification | 802.1X authentication | ISE Auth Report |
| PCI-DSS 10.1 | Audit trails | RADIUS accounting | ISE Accounting |
| SOC2 CC6.1 | Logical access | SGT-based segmentation | DNAC Policy Report |
| GDPR Art.32 | Access logging | RADIUS live logs | ISE Audit Report |
| HIPAA | Access control | Role-based policies | ISE Auth Report |
5.12.2 Audit Log Configuration¶
! Enable comprehensive logging on network devices
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
logging buffered 65536 informational
logging host 10.252.1.30 transport udp port 514
! AAA accounting
aaa accounting dot1x default start-stop group RADIUS-GROUP
aaa accounting exec default start-stop group TACACS-GROUP
aaa accounting commands 15 default start-stop group TACACS-GROUP
aaa accounting network default start-stop group RADIUS-GROUP
5.12.3 ISE Audit Reports¶
# Administration > System > Logging > Remote Logging Targets
Audit_Logging:
SIEM_Integration:
Target: siem.corp.local
Port: 6514
Protocol: TLS-Syslog
Format: RFC 5424
Events:
- Administrative Changes
- Policy Changes
- Authentication Events
- Authorization Changes
Scheduled_Audit_Reports:
# Operations > Reports > Report Scheduler
Weekly_Admin_Audit:
Report: Device Administration Audit
Schedule: Weekly (Monday 08:00)
Recipients: security-audit@corp.local
Monthly_Policy_Changes:
Report: Policy Change Audit
Schedule: Monthly (1st, 08:00)
Recipients: compliance@corp.local
Quarterly_Access_Review:
Report: Authentication Summary
Schedule: Quarterly
Recipients: audit@corp.local
5.12.4 Compliance Evidence Collection¶
# Quarterly Compliance Evidence Package
Evidence_Package:
Network_Segmentation:
- DNAC Virtual Network configuration export
- SGACL policy matrix export
- Firewall rule export
- Traffic flow samples showing enforcement
Access_Control:
- ISE authorization policy export
- User authentication success rates
- Failed authentication analysis
- Service account review
Audit_Trails:
- RADIUS accounting logs (sample)
- TACACS+ admin logs (sample)
- Configuration change logs
- Policy change audit trail
Encryption:
- MACsec configuration evidence
- TLS certificate inventory
- RADIUS encryption settings
Change_Management:
- Change tickets for period
- CAB meeting minutes
- Emergency change documentation
Summary¶
Chapter 5 provides comprehensive operational guidance for maintaining the SD-Access environment, covering:
- Operational Framework: ITIL-aligned model with defined roles and KPIs
- DNAC Assurance: Health monitoring, custom dashboards, API integration
- ISE Monitoring: Live logs, reports, MnT tools
- Network Monitoring: SNMP, syslog, NetFlow configuration
- Alerting: Severity matrix, webhook integration, escalation procedures
- Incident Management: Classification, response workflows, RCA templates
- Change Management: Types, templates, approval process
- Capacity Planning: Metrics, projections, monitoring scripts
- Troubleshooting: Flowcharts, common issues, debug commands
- Performance Optimization: Tuning parameters for DNAC, ISE, switches
- Backup & Recovery: Schedules, procedures, DR planning
- Compliance: Reporting, audit logs, evidence collection
Next Chapter: Chapter 6 covers Migration Strategy and Financial Analysis.
Document Version: 1.0 Last Updated: December 2025 Classification: Internal Use Only