An ambitious vision for workplace transformation has provided the Government of Catalonia with an agile, automated network with the scale and flexibility to face any challenge.

The CTTI (Center for Telecommunications and Information Technologies), a division of the Government of Catalonia, operates a campus network with 2,600 users who support all public services for the over seven-million residents in Catalonia, Spain. In 2019 the CTTI approached Cisco with an incredible vision for a new campus network.  The IT administration, led by Ester Manzano, had decided to increase the efficiency and agility of all employees by bringing three divisions of the local government into a single IP network and radically changing the work experience. Traditional rows of desks with desktop PCs would be replaced with large common spaces facilitating communication and consensus building. Employees would be assigned laptops for a mobile-first experience and working from home a couple of days per week would be encouraged. Applications would be migrated to the cloud to better support this agile, anywhere access philosophy.

The biggest challenge they faced was how to provide network security and performance for their users. This new access-anywhere unified network would require zero-trust security policies that protected sensitive government information, while providing employees easy access to business-critical applications and files. Traditionally, network segmentation is implemented (either by VLAN or by IP address) to guarantee optimal service levels and secure access to application servers. But with 2,600 mobile workers connecting from anywhere on campus or remote, traditional segmentation would be far too complex.

The answer was a Cisco SD-Access network based on Cisco DNA technology. This solution allows them to create profiles for each job description (finance, marketing, sales, etc.) or endpoint (video camera, point of sale terminal, etc.). When a user logs into the network they are matched to their profile which determines what assets they can access and their levels of service. This profile follows the user throughout the network guaranteeing the optimal performance, from wherever they are, and access only to the assets they require. These group-based access control policies are configured in a simple matrix within Cisco DNA Center (see image 1). Meanwhile, the Cisco DNA Center application experience functionality provides the intelligence to prioritize applications based on the intent of the business. Cisco