In This Article

Cisco's cloud optimization package under SD-WAN cloud networking

Close to a decade ago, companies focused on the high cost of WAN circuits as resiliency and performance demand grew. As cloud connectivity grew, so did IT budgets for WAN connectivity continued to burst at the seams. SD-WAN existed before the coined term in 3rd party products, which offered the technology synonymous to previous times when the CSU/DSU was a separate appliance from a network router. However, in its early stages, SD-WAN was focused on providing better performance and resiliency in a hub and spoke design and were applicable between office locations.

As time evolved, so did traffic patterns. As a result, there is no longer a hard requirement to backhaul traffic to central services. However, due to fast-paced cloud adoption, clients and applications are no longer found in physical locations such as an office building or data center but connect from any location. As a result, cloud adoption by businesses quickly outpaced SD-WAN adoption. As the SD-WAN adoption pace has gained momentum, IT leaders are trying to understand how to expand the WAN fabric beyond the on-premises boundary into cloud workloads. As a result, customers are asking, "How do we connect our locations to build a global fabric capable of being resilient, scalable, secure, and providing the same experience no matter the geographical location?" 

Cisco Systems is already a leader in the SD-WAN revolution and multi-cloud strategies. Cisco offers SD-WAN OnRamp as part of the SD-WAN solution that simplifies and automates connecting on-premises environments into Cloud Service Providers.

Cisco Cloud Solutions

Cisco Systems provides three solutions that meet commonly found cloud optimization use-case scenarios based on the most common feedback from customers. Cisco is better positioned as a site-to-cloud or site-to-site cloud interconnect solution, offering unmatched security with Umbrella, and robust analytics, as well as segmentation, integrated within a single pane of glass (vManage). The Cisco SD-WAN Cloud Networking offerings consist of:

Cisco Cloud Hub

  • The Google Cloud Platform integration will enable cloud applications to dynamically request network resources by publishing application data in the Google Cloud Service Directory. The service communicates the application's metadata from there and allows the network to provision itself for appropriate SD-WAN policies and access.
  • This solution, with tighter integrations between Cisco and Google Cloud, will bring an end-to-end network that adapts to application needs, and that enables secure and on-demand connectivity from a customer's branch to the edge of the cloud, through Google Cloud's backbone, and to applications running in Google Cloud, a private data center, another cloud or a SaaS application.
  • Business traffic can ingress Google Cloud Platform, backbone directly from the last-mile Service Provider traversing the globe using the Google backbone. This allows app-aware, SD-WAN policy automation based on application metadata.
  • An SD-WAN path selection based on network and service telemetry data exchange.

Software-Defined Cloud Interconnect (SDCI), replaces CIG

  • Cisco SD-WAN Cloud Interconnect Gateway integrates the middle-mile backbone network provided by either Megaport or Equinix to help customers accelerate their multi-cloud adoption and enterprise site connectivity. SDCI is a virtualized SDWAN edge that provides SD-WAN an aggregation point in the co-location for your regional branches. Once connected to the gateway, there is a clear path to Cloud Service Providers.
  • The technology is used as a hub to connect an enterprise to a large variety of cloud, network, and internet service providers. To support the use of multiple cloud providers and to support multi-cloud applications, the same technology can also interconnect two or more Cloud Service Providers without traversing the Internet.
  • vManage will act as the overlay for software-defined cloud interconnects, providing ease of management and the capability to rapidly instantiate connections.
  • This collaboration will offer Cisco's SD-WAN customers access to Megaport's global reach. Megaport offers extensive connectivity choices, backed by service-level guarantees for assurance. It includes peering with location data centers, with a global footprint across 23 countries. Megaport connects to more than 200 cloud on-ramps, including leading SaaS services like Office365 and Salesforce, and to the six largest public cloud providers:  AWS, Azure, Google, Oracle, IBM, and Alibaba. The Megaport ecosystem also connects to 200 network service providers, more than 700 data centers, and 360 IT service providers and aaS providers.

Cloud OnRamp for SaaS

  • The SD-WAN fabric continuously measures the performance of a designated SaaS application through all permissible paths from a branch. For each path, the fabric computes a quality-of-experience score ranging from 0 to 10, with 10 being the best performance. This score gives network administrators visibility into application performance that has never before been available. Most importantly, the fabric automatically makes real-time decisions to choose the best-performing path between the end-users at a remote branch and the cloud SaaS application.
  • For some enterprises, it may not be practical to get Internet connectivity directly to every branch, and as an intermediate step, they may want to use a regional hub egress architecture for their Microsoft 365 traffic. This architecture will not offer the same performance level and cost-effectiveness as local and direct Internet exit, Cisco SD-WAN can help ensure the best possible path through the available regional hub infrastructure. In this scenario, Cloud OnRamp can be deployed in a "gateway mode", helping ensure that the optimal regional gateway is dynamically chosen for the customer's Microsoft 365 application traffic.

Cisco Umbrella - Secure Internet Gateway (SIG)

  • Organizations that backhaul traffic from branch offices to a central location are experiencing inconsistent security policies, suboptimal performance across the enterprise WAN, and higher recurring WAN costs. This design falls short in today's operating environment in the ever-evolving cloud-centric world and the need for uninterrupted performance regardless of location and device type. To resolve this, Cisco's solution is to unify the network and security services by providing cloud-delivered security services through Cisco Umbrella.
  • As Cisco builds more solution offerings in the "middle-mile" space, the Umbrella solution adds on the cloud-native security solution that encompasses a consistent security policy no matter the location of the user or device. Instead of backhauling a remote branch office back to the DC, the branch traffic can use SD-WAN to egress the site directly into Umbrella and into a cloud workload without leaving the SD-WAN fabric.

Key benefits

  • Part of Cisco's Secure Access Service Edge (SASE) architecture.
  • Single management and a monitoring dashboard.
  • Seamless integration with Cisco Cloud Hub and Cisco Interconnect Gateway SD-WAN architectures.
  • Improve application access performance for end-user.
  • Secures direct-to-internet access and cloud application usage with
    • Domain name system (DNS) security
    • A full proxy secure web gateway (SWG)
    • Cloud access security broker (CASB)
    • Firewall as a service (FWaaS)
    • Zero Trust Network Access (ZTNA)

Solution benefits

  • Hosted SDWAN-as-a-Service: Cisco Router endpoint on Customer SD-WAN overlay. Site-to-Cloud access: vManage automated direct-connect to all major cloud providers from a single UI.
  • Secure SD-WAN service hosted at global colocation facilities. Megaport and Equinix are partners hosting the Cisco SD-WAN service.
  • Unified policy delivery, Automated, full-stack network deployment via Cisco vManage.
  • More reliable than public Internet traffic paths with guaranteed SLA's.
  • Increased visibility.
  • Scale to hundreds of connected remote offices in minutes.
  • Umbrella cloud security right from your SD-WAN controller
  • One Architecture, One Network, Any Cloud.

Use case scenarios


  1. Hosted SD-WAN service at SDCI data centers.
  2. Provisioning of all Cloud direct connections in vManage.
  3. vManage integrated control for:
    1. SDWAN Policy, Overlay, and Devices.
      1. Site-to-cloud connectivity via programmable cross-connects.
      2. On-demand cloud direct connects.
  4. Flexibility to select Umbrella data-centers.

Site-to-site between enterprise locations

  1. Provision connectivity through vManage in a matter of minutes.
  2. Modifications for scale can be done on a monthly basis (i.e. change bandwidth).
  3. Geographically dispersed PoP's worldwide.
  4. Quickly provision Umbrella with vManage SIG Templates.

How we can help

We can help you explore cloud optimization solutions in detail with guided labs for customers to experience closing gaps quickly and build confidence in your SD-WAN cloud journey. WWT encompasses a full enablement suite beginning in design and architecture, moving customers into professional services and partnering with our managed services.

Explore four of the top SD-WAN vendors and highlight the innovative features that set each of their solutions apart, including a live demonstration of our on-demand SD-WAN lab environments and an explanation of how to access them.

You can start exploring these solutions by requesting a briefing with WWT.