Cisco Canada Blog

Demystifying Prime Infrastructure to Cisco DNA Center Migration

July 15, 2020

Traditional network management is evolving rapidly as we know it. We are moving from template-based automation to Intent-Based automation. From alarms and manual correlation to insights, to suggested actions and machine-learning visibility. For many years, Prime Infrastructure has been the key management platform and solution of choice for the campus and branch across industries. However, if we want to truly embrace Intent-Based networking, we need to start considering the migration from Prime Infrastructure to Cisco DNA Center to drive tangible IT and business results.

The benefit of adopting Cisco DNA Center goes beyond traditional device management and configuration. Cisco DNA Center is the command center that makes it possible to provision, configure and upgrade your network in minutes instead of hours or days. It’s also the software-defined networking controller for your SD-Access network which facilitates segmentation and user-based policy. Lastly, Cisco DNA Center Assurance allows you to find problems faster and more effectively using advanced capabilities like comprehensive correlation, network sensors, artificial intelligence (AI) and machine learning (ML).

When looking at Cisco DNA Center adoption strategy, there is no “one size fits all” approach as organizations will vary, depending on where they currently are in their migration journey and network transformation. For example, organizations that had not previously deployed Prime, will need to deploy DNA Center from scratch. Customers that have Prime Infrastructure deployed in their networks might decide to do a one-time migration to Cisco DNA Center—or, they may wish to deploy Prime and DNA Center side by side. The decision on which approach to take, will depend on many factors including the type of devices currently managed by Prime, along with the features and functionalities being used. This blog is ideal for those who have Prime Infrastructure deployed and considering the upgrade to Cisco DNA Center in the near future, or on a path toward a multidomain architecture.

I use Prime Infrastructure and I’m ready to deploy DNA, what are my options?

This is a common question I often receive from my customers and one of the reasons I’ve decide to share this blog, and the short answer is that there are essentially two migration paths to choose from:

  1. One-time migration from Prime Infrastructure to Cisco DNA Center: This means we will be using tools embedded in Prime Infrastructure to export data from Prime, and moving that data into DNA Center. Once that work is finished, DNA Center will have replaced Prime for both automation and assurance capabilities (this can be done for the overall network or on a per-site level).
  2. Deploying DNA Center and Prime side-by-side: This means that both platforms will continue performing different functions in the network, choosing which unique roles each system will play and which specific features will be leveraged.

Let’s look at both of these options, design considerations and the tools available to help.

In many cases organizations might look into a one-time migration from Prime to Cisco DNA Center, however, there are instances where our customers may have a large number of legacy devices in their environment that are not currently supported by Cisco DNA Center. There are other cases where customers are still heavy users of specific features in Prime that are not available within DNA-C. And sometimes it simply comes down to one’s comfort level and the familiarity in knowing a tool well enough which means there might be a preference to take on a gradual migration, where there is the option to deploy Cisco DNA Center and Prime Infrastructure side by side.

When taking this approach, network administrators also need to decide the unique roles for each system. For example, a very common use case we see is to leverage Prime for automation and DNA Center for assurance.  In this kind of scenario, all changes in the network are being driven by Prime, while still getting the benefits of Cisco DNA Center Assurance for real-time visibility, insights and proactive troubleshooting.  The most important thing to note is that only one system can actually make the changes in the network site—if we have both Prime and DNA Center pushing configurations into the same devices for example, this will create unwanted inconsistencies in the network.

Cisco DNA Center Coexistence tool

Regardless of your adoption preferences, another major migration advantage is the ability to leverage the Cisco DNA Center Coexistence tool. Prime users put in a lot of work when setting up the platform; they need to create a network hierarchy, populate the floor maps, add devices to the sites, etc. The good news? All of this data can be synced up with Cisco DNA Center so that you don’t have to re-do all this hard work when moving over.

For organizations that decide on a one-time migration, this tool will be leveraged once during the upgrade from Prime to DNA Center. For those that choose to deploy PI and DNA-C side-by-side there’s the option to streamline updates on Cisco DNA Center every time changes are made in Prime, allowing for consistency between the two platforms. Once the tool is launched within Prime Infrastructure, it will use REST API’s to send the relevant data to Cisco DNA Center. See how it works in the video below.

Coexistence vs. Integration

When using the Cisco DNA Center Coexistence tool, data is sent from Prime to DNA Center, but not from DNA Center to Prime. This means that the network hierarchy, maps and devices will remain unchanged in Prime Infrastructure, even if changes are made within Cisco DNA Center. This is one of the reasons I try to avoid using the word “integration” to label this process.

In the below demo, I’ll show you what happens when making changes in Cisco DNA Center after running the coexistence tool  [Watch Part 2 below]:

Device Credentials

One thing to know is that during the migration process, Prime Infrastructure also populates the device credentials on a per-device basis as opposed to global basis. In other words, it populates the credentials associated with each device without adding those credentials in “Network Settings”.

Let’s use this as our example: the devices from our lab that are managed by Prime are using the username “dnac”. We can see in the snapshots below, that such username has been added as credentials for the specific migrated devices.  However, when we go to Design > Network Settings > Device Credentials in Network Settings we see that the username has not been added:

Devices ported into Cisco DNA Center with device credentials

Device Credentials in Network Settings remain the same


So, what should you take away from this blog? Let’s recap:

  • As with most things in the networking world, there is no ‘one size fits all’. The journey to migrate from Prime Infrastructure to Cisco DNA Center might look different for every unique environment.
  • If needed, Prime Infrastructure can be ran together with Cisco DNA Center. The most common deployment model is to use Prime for Automation (changes in the network), and DNA Center for Assurance (visualization and troubleshooting). Just remember: only one system is able to make changes!
  • Cisco DNA Center Coexistence tool can be extremely useful for both a one-time migration from Prime to DNA Center, as well as Prime-DNAC side by side deployment.
  • Cisco DNA Center Coexistence has the flexibility to sync up data on a per site level giving the network administrator more control and granularity.

>> Like this kind of content? Click here to see some of my other featured blogs!

>> To explore other migration benefits, see the Top 5 Ways Cisco DNA Center Solves Your Challenges

Leave a comment


  1. Great Demos and very clear and concise information