Cisco SD-WAN for Cloud Network Optimization
In this article
Cisco's cloud optimization package under SD-WAN cloud networking
Close to a decade ago, companies focused on the high cost of WAN circuits as resiliency and performance demand grew. As cloud connectivity grew, so did IT budgets for WAN connectivity continued to burst at the seams. Software-Defined Wide Area Networks (SD-WAN) existed before the coined term in 3rd party products, which offered the technology synonymous with previous times when the CSU/DSU was a separate appliance from a network router. However, in its early stages, SD-WAN was focused on providing better performance and resiliency in a hub and spoke design and was applicable between office locations.
As time evolved, so did traffic patterns. As a result, there is no longer a hard requirement to backhaul traffic to central services. However, due to fast-paced cloud adoption, clients and applications are no longer found in physical locations such as an office building or data centers but connect from any location. As a result, cloud adoption by businesses quickly outpaced SD-WAN adoption. As the SD-WAN adoption pace has gained momentum, IT leaders are trying to understand how to expand the WAN fabric beyond the on-premises boundary into cloud workloads. As a result, customers ask, "How do we connect our locations to build a global fabric capable of being resilient, scalable, secure, and providing the same experience no matter the geographical location?"
Cisco Systems is already a leader in the SD-WAN revolution and multi-cloud strategies. Cisco offers SD-WAN OnRamp as part of the SD-WAN solution that simplifies and automates connecting on-premises environments to Cloud Service Providers.
Cisco Cloud Solutions
Cisco Systems provides three solutions that meet commonly found cloud optimization use-case scenarios based on the most common feedback from customers. Cisco is better positioned as a site-to-cloud or site-to-site cloud interconnect solution, offering unmatched security with Umbrella, robust analytics, and segmentation integrated within a single pane of glass (vManage). The Cisco SD-WAN Cloud Networking offerings consist of the following:
Cisco Cloud Hub
- The Google Cloud Platform integration will enable cloud applications to dynamically request network resources by publishing application data in the Google Cloud Service Directory. The service communicates the application's metadata from there and allows the network to provision itself for appropriate SD-WAN policies and access.
- This solution, with tighter integrations between Cisco and Google Cloud, will bring an end-to-end network that adapts to application needs and that enables secure and on-demand connectivity from a customer's branch to the edge of the cloud through Google Cloud's backbone and to applications running in Google Cloud, a private data center, another cloud or a SaaS application.
- Business traffic can ingress the Google Cloud Platform backbone directly from the last-mile Service Provider traversing the globe using the Google backbone. This allows app-aware, SD-WAN policy automation based on application metadata.
- An SD-WAN path selection based on network and service telemetry data exchange.
Software-Defined Cloud Interconnect replaces Cloud Interconnect Gateway
- Cisco SD-WAN Cloud Interconnect Gateway (CIG) integrates the middle-mile backbone network provided by Megaport or Equinix to help customers accelerate their multi-cloud adoption and enterprise site connectivity. Software-Defined Cloud Interconnect (SDCI) is a virtualized SD-WAN edge that provides SD-WAN an aggregation point in the co-location for your regional branches. Once connected to the gateway, there is a clear path to Cloud Service Providers.
- The technology is a hub to connect an enterprise to various cloud, network, and internet service providers. The same technology can also interconnect two or more Cloud Service Providers without traversing the Internet to support the use of multiple cloud providers and multi-cloud applications.
- vManage will act as the overlay for software-defined cloud interconnects, providing easy management and the capability to instantiate connections rapidly.
- This collaboration will offer Cisco's SD-WAN customers access to Megaport's global reach. Megaport offers extensive connectivity choices backed by service-level guarantees for assurance. It includes peering with location data centers, with a global footprint across 23 countries. Megaport connects to over 200 cloud on-ramps, including leading SaaS services like Office365 and Salesforce, and the six largest public cloud providers: AWS, Azure, Google, Oracle, IBM, and Alibaba. The Megaport ecosystem also connects to 200 network service providers, more than 700 data centers, and 360 IT service providers and aaS providers.
Cloud OnRamp for SaaS
- The SD-WAN fabric continuously measures the performance of a designated SaaS application through all permissible paths from a branch. For each path, the fabric computes a quality-of-experience score ranging from 0 to 10, with 10 being the best performance. This score gives network administrators visibility into application performance that has never been available. Most importantly, the fabric automatically makes real-time decisions to choose the best-performing path between the end-users at a remote branch and the cloud SaaS application.
- For some enterprises, getting Internet connectivity directly to every branch may not be practical. As an intermediate step, they may want to use a regional hub egress architecture for their Microsoft 365 traffic. This architecture will not offer the same performance and cost-effectiveness as local and direct Internet exit; Cisco SD-WAN can help ensure the best possible path through the available regional hub infrastructure. In this scenario, Cloud OnRamp can be deployed in a "gateway mode," helping ensure that the optimal regional gateway is dynamically chosen for the customer's Microsoft 365 application traffic.
Cisco Umbrella - Secure Internet Gateway (SIG)
- Organizations that backhaul traffic from branch offices to a central location are experiencing inconsistent security policies, suboptimal performance across the enterprise WAN, and higher recurring WAN costs. This design falls short in today's operating environment in the ever-evolving cloud-centric world and the need for uninterrupted performance regardless of location and device type. To resolve this, Cisco's solution is to unify the network and security services by providing cloud-delivered security services through Cisco Umbrella.
- As Cisco builds more solution offerings in the "middle-mile" space, the Umbrella solution adds on the cloud-native security solution that encompasses a consistent security policy no matter the location of the user or device. Instead of backhauling a remote branch office back to the DC, the branch traffic can use SD-WAN to egress the site directly into Umbrella and a cloud workload without leaving the SD-WAN fabric.
Key benefits
- Part of Cisco's Secure Access Service Edge (SASE) architecture.
- Single management and a monitoring dashboard.
- Seamless integration with Cisco Cloud Hub and Cisco Interconnect Gateway SD-WAN architectures.
- Improve application access performance for end-user.
- Secures direct-to-internet access and cloud application usage with
- Domain name system (DNS) security
- A full proxy secure web gateway (SWG)
- Cloud access security broker (CASB)
- Firewall as a service (FWaaS)
- Zero Trust Network Access (ZTNA)
Solution benefits
- Hosted SDWAN-as-a-Service: Cisco Router endpoint on Customer SD-WAN overlay. Site-to-Cloud access: vManage automated direct-connect to all major cloud providers from a single UI.
- Secure SD-WAN service hosted at global colocation facilities. Megaport and Equinix are partners hosting the Cisco SD-WAN service.
- Unified policy delivery, Automated, full-stack network deployment via Cisco vManage.
- More reliable than public Internet traffic paths with guaranteed SLAs.
- Increased visibility.
- Scale to hundreds of connected remote offices in minutes.
- Umbrella cloud security right from your SD-WAN controller
- One Architecture, One Network, Any Cloud.
Use case scenarios
Site-to-cloud
- Hosted SD-WAN service at SDCI data centers.
- Provisioning of all Cloud direct connections in vManage.
- vManage integrated control for:
- SDWAN Policy, Overlay, and Devices.
- Site-to-cloud connectivity via programmable cross-connects.
- On-demand cloud direct connects.
- SDWAN Policy, Overlay, and Devices.
- Flexibility to select Umbrella data centers.
Site-to-site between enterprise locations
- Provision connectivity through vManage in a matter of minutes.
- Modifications for scale can be done monthly (i.e., change bandwidth).
- Geographically dispersed PoP'sCisco's worldwide.
- Quickly provision Umbrella with vManage SIG Templates.
How can we help
We can help you explore cloud optimization solutions in detail with guided labs for customers to experience closing gaps quickly and build confidence in your SD-WAN cloud journey. WWT encompasses a full enablement suite beginning in design and architecture, moving customers into professional services and partnering with our managed services.
Explore four of the top SD-WAN vendors and highlight the innovative features that set each solution apart, including a live demonstration of our on-demand SD-WAN lab environments and an explanation of how to access them.
You can start exploring these solutions by requesting a briefing with WWT.