Article

SD-WAN with Cisco

The adoption of Cisco SD-WAN enables enterprises to optimise performance and security on the network landscape from the branches up to the cloud

Cisco SD-WAN introduces the ability to deploy an intelligent centralised management to support the constantly increasing requirements and demands of the future networks, delivering an end-to-end secure connectivity between the on-prem facilities and cloud environments.

Introducing Cisco SD-WAN technology

By delivering a secure SD-WAN solution to the full range of enterprise customers, Cisco SD-WAN is recognized as a leader solution on the market, with a 16.2% market share.

The Cisco SD-WAN solution enables a WAN architecture overlay at the enterprise level, which allows customers to be prepared for the current market trends such as cloud and digital transformation. The solution fully not only integrates traditional routing and security capabilities, but also brings a centralized network management and orchestration into large-scale networks. Additionally, it allows for physical and virtual deployments on a cloud-ready fashion, providing a highly automated and scalable platform to improve the customer end applications performance.

The Cisco SD-WAN as the capability to abstract the underlying transport from the orchestration and management planes to present a business-centric view on the WAN network. The solution in then comprised of separated orchestration, management, control and data planes. The orchestration layer is ensured by the vBond component, which has the responsibility to authenticate all the solution elements and enable communication between devices. The vManage component works as the management plane, providing a single pane of glass to easily monitor, configure and maintain the solution. The centralized control plane is under the vSmart, being responsible to maintain a secure connection towards the edge devices in order to distribute policies and routes, and orchestrating the data plane connectivity between endpoints. Finally, on the data plane, Cisco allows for a hardware or software-based asset which is directly connected to the underlay transport network (e.g. Internet or MPLS), and provides a secure data plane connectivity among sites.

[1] https://blogs.cisco.com/networking/cisco-ranks-1-in-gartner-sd-wan-equipment-market-share-report 


 

Why Adopt Cisco SD-WAN?

Business continuous demand is bringing new challenges to enterprise network administrators, since the network is increasingly becoming a critical success factor in this new digital era. Therefore, the Cisco SD-WAN solution can be positioned as a key transformational technology to address current challenges related with cost efficiency, cloud-first architectures and end-to-end secure communication between customer branches and cloud workloads.

                         

Hybrid WAN: Usage of multiple transport technologies (e.g. MPLS, broadband Internet and Mobile) to connect the geographically spread sites in a cost-effective way.                        

 

Cloud Connectivity: Seamless integration between on-prem and cloud environments to provide a flexible and easy to scale platform according to business needs and growth.

 

Network Security: End-to-end network security model, reducing network architectures vulnerabilities against cyber threats and attacks, from the branches to the cloud.


Although Cisco SD-WAN has different benefits on each building block of the network, and each block is non-dependent from each other, the advantages on the introduction of Cisco SD-WAN, from cost reduction, visibility, resource scaling are similar to each of them.

Meeting business needs with an hybrid WAN concept

Cisco SD-WAN on a hybrid WAN, leverage any available transport technologies allowing the traffic to be automatically routed between different paths, optimising resource usage depending on the services requirements and prioritise critical services traffic inside the enterprise network. For example, traffic routed to the cloud can follow a direct internet tunnel created by SD-WAN, while more sensitive data with higher QoS demands is routed through MPLS to the client DC, providing an application-aware routing capability.

To achieve an application-based traffic optimisation Cisco SD-WAN defines multiple overlay networks, providing fully customised policies dedicated to each service over a shared underlay transport infrastructure which are centrally managed by the SD-WAN orchestrator. The capability to leverage multiple transport technologies in an application-aware manner, introduces the concept of a business-intent network, meaning a network that is capable to translate business requirements (such as cost and performance) into network specifications and actions.

Multi-cloud readiness and control

Businesses are not attached to a single cloud provider, but rather several ones on a as a Service (aaS) fashion. Managing this entire ecosystem can be a challenge, however, easily addressable with Cisco SD-WAN Cloud OnRamp solution.
The Cloud OnRamp solution allows to establish a simple, automated and secure connection between WAN and IaaS environments such as AWS and MS Azure, allowing operations and technical teams to automate virtual private cloud connections to IaaS environments, extending the Cisco SD-WAN overlay to the cloud. The SD-WAN business overlays find the optimal WAN path to route traffic to the multiple IaaS providers, ensuring the fulfilment of the required the service quality performance indicators (packet loss, latency and jitter).
Beyond IaaS cloud environments, many companies are making use of SaaS services for a variety of purposes. Taking advantage of multiple partnerships with SaaS providers, Cisco SD-WAN Cloud OnRamp performs real-time traffic steering to select the best path to those applications. In case of performance degradation, the Cisco platform can natively re-assess the best path and re-route the traffic accordingly.
Additionally, the Cloud OnRamp solution is also optimized for colocation facilities. Taking advantages of different underlay transmission technologies, Cisco SD-WAN connects remote branches with regional hubs, reducing the number of egress points to the cloud, limiting potential points of vulnerability and addressing data sovereignty requirements for compliance and privacy legal aspects.

Security that is built-in, not bolted on

Although SD-WAN can be deployed with the existing customer security capabilities, Cisco SD-WAN can consolidate multiple security features into a single solution, introducing high-security features into a single platform. Cisco SD-WAN platform supports new generation enterprise firewalling (NGFW) with application awareness, URL filtering, Intrusion Prevention System (ISP), Advanced Malware Protection (AMP) capabilities either on premises or with Cisco Umbrella cloud security. These capabilities, are particularly valid to secure Direct Internet Access (DIA), which creates security blind spots and constitute a major source of threads.

The capacity to build security at the cloud, with Cisco Umbrella, position Cisco SD-Wan platform as a multilayer and automated security solution, which can meet customer requirements for a cloud-first strategy. Cisco Umbrella can secure the DIA and deliver a flexible and effective cloud-based security by offering increased inspection and audit capabilities in the cloud and deploying zone-based firewalls (FW), DNS-layer security, secured web gateway (SWG), Cloud access security broker (CASB) and interactive threat intel 2 . Cisco Umbrella allow enterprises to offload the edge security features currently in place, to be centrally deployed, reducing investment cost and optimising management.

The conjunction of Network as a Service capabilities brought by Cisco SD-Wan technology and the Cisco Umbrella Security as a Service offering bring to the market the concept of Secure Access Service Edge (SASE) . SASE unifies networking and security services on a cloud-delivered service model disrupting these two silos to reduce complexity and management effort.

[2] https://umbrella.cisco.com/products/cloud-security-service

[3] https://umbrella.cisco.com/trends-threats/secure-access-service-edge-sase

From edge to cloud in a secure way

Cisco is addressing the multiple challenges and problems faced by network administrators to cope with increased and more complex demands, providing a technology that first in multiple ecosystems and deployments, from on-premises facilities up the cloud providers, always in a flexible, scalable and secure manner.

Therefore, with an unified solution that leverages a multi-cloud environment with a variety of underlying transport technologies in a secure way, Cisco is shifting to the new SASE approach, combining network and security in single solution. Consumers are now able to invest in one solution instead of needing to deploy multiple solutions that would lead to higher cost, effort and lower synergies levels.

Did you find this useful?