Close this search box.


Cross Domain Automation: Managing Uniform Policies on Campus & Data Center Fabric


In today’s dynamic and ever-evolving business landscape, the imperative for managing network resources efficiently and securely is paramount. Organizations across industries are harnessing the power of Cisco’s Application Policy Infrastructure Controller (APIC) and Cisco Digital Network Architecture Center (DNA Center) to meet the challenges of modern networking. 

This comprehensive blog post will explore a vital use case of enabling seamless application access for new user groups or Scalable/Security Group Tags (SGTs) created in DNA Center through Anuta ATOM’s integration.

Bumps in the Road

As organizations strive for agile network management to adapt to rapidly changing business needs, they often find it necessary to create new user groups or SGTs in the DNA Center. However, seamlessly integrating these newly formed groups with the existing network infrastructure, including the Application EPGs managed by APIC, presents a set of challenges– 

  • Complex Integration: Integrating newly created user groups or SGTs with the existing network infrastructure and Application EPGs managed by APIC is intricate and can lead to configuration and compatibility issues.
  • Security Threats: Ensuring that the integration maintains the required security standards and policies across the network is challenging, as it involves balancing agility with security.
  • Increasing Downtime: As organizations evolve and grow, implementing changes without causing network downtime is challenging, as misconfigurations or conflicts can disrupt network operations.
  • Monitoring and Troubleshooting: Monitoring and troubleshooting the integrated network to identify and resolve issues promptly can be a complex task, especially when dealing with diverse components like DNA Center and APIC.

In addition, manual processes to handle ITSM change tickets and notifications are added to this list.

Tackling complexity across multiple network domains

With ATOM the goal is to ensure that users within the scalable groups or SGTs can access specific applications and services without compromising security or introducing network disruptions. 

ATOM offers a powerful and comprehensive cross-domain automation workflow to address the challenges of integrating new user groups or Scalable Group Tags (SGTs) created in the DNA Center with APIC EPGs. Below, we have highlighted some of the steps taken by ATOM for uniform policy management across DNAC and APIC, ensuring smooth IT operations.

ATOM – Cross Domain Automation Platform

Customer Request Handling

Users can initiate the process by sending a request to ATOM, which triggers the entire operation. Once the User inputs the User ID, ATOM translates the business intent from the user into implementation by fetching the details associated with the user ID, such as DNAC, APIC, New SGT name, ACI tenant, ACI L3_Out, Webex spaces, etc.

For instance, By determining the associated DNA Center site instance for the user profile, ATOM creates an SGT for the user or tags them with a pre-existing SGT. Simultaneously, an equivalent EPG is established within the ACI environment that can be accessed by the user EPG using a contract.

ATOM – Workflow Dashboard

ITSM Ticket Creation

After receiving the customer’s request, ATOM takes the next step by creating a change request ticket in Service Now. This ensures that the request is appropriately documented and tracked with the change request approver.

ServiceNow – Change Request Created

Network Infrastructure Configuration

Moving into the network infrastructure, ATOM’s next task is to create a Scalable Group Tags (SGT) within the Cisco Digital Network Architecture Center (DNAC).

Cisco DNA Center

SGT Translation with Cisco ISE

Translating the Scalable Group Tags (SGT) into an Endpoint Group (EPG) is critical for defining access policies and ensuring security–
ATOM begins by translating the SGT into EPG using the Cisco Identity Services Engine (ISE).
Assuming ISE is already integrated with DNAC and APIC, ISE proceeds to translate the SGT to EPG.
Upon triggering SGT creation and ACI propagation in DNAC by ATOM, ISE carries out the translation to EPG.
ATOM performs a cross-check to ensure the translation’s accuracy.
Additionally, ATOM verifies the integration of ISE with both DNAC and the integration of APIC with DNAC.

ACI Settings

APIC Population

The translated SGT is populated in the Application Policy Infrastructure Controller (APIC) under Layer3 Out. This step is pivotal for enabling communication and applying the right policies.

APIC- SGT Creation

Contract Implementation

To facilitate traffic between the SGT and EPG, ATOM imposes a contract in APIC as directed. This step ensures uninterrupted communication while maintaining security.

APIC- Contract Implementation

Topology Verification

Before completing the process, ATOM takes a moment to verify the network topology in APIC. This step ensures that everything is functioning as expected and that there are no unexpected issues.

APIC- Network Topology


Keeping stakeholders informed is essential. ATOM ensures that all relevant stakeholders are informed of the completion of the task by sending out notifications through Email Webex and closing the ServiceNow change request.

Webex Notification

Email Notification


This blog has illustrated the intricacies of integrating new user groups and SGTs with ATOM’s cross-domain automation workflow by efficiently handling user requests, automating network configurations, and ensuring smooth communication between different cross-domain controllers. We believe this level of automation and efficiency can significantly benefit organizations by reducing manual efforts and minimizing the risk of errors in networking operations in the ever growing technology-driven world.

Stay tuned as we bring more use cases in the Cross-domain Automation with the ATOM Series!

Additional Contributors: Manisha Dhan

About Author

You will also like...