Cisco has claimed to be “bringing intent-based networking into every domain”, the latest being branch offices which need software-defined WAN capabilities and security.
The quote came from product management senior veep Sachin Gupta, who told El Reg the cloud has destroyed traditional notions of the “network edge”, and while SD-WAN makes it easier to shift packets in the multi-cloud world, securing such environments involves too much heavy lifting.
“The cloud has a ‘pretty fluid edge’ that could be in your HQ, Branch, DC, cloud,” Gupta told The Register. A business wants the same security everywhere, without destroying the amenity of its cloud services.
Three launches comprised the announcement: a couple of new appliances; Cisco Umbrella getting SD-WAN support; and SD-WAN support for Office 365; and all three are aligned with the company’s intent-based networking strategy.
The appliances are the ISR 1111X-8P and the ISR 4461, both targeting branch deployment with integrated SD-WAN support, and available immediately.
The ISR 1111X-8P is a compact unit with Wi-Fi and LTE support, while the ISR 4661 targets the largest branches and integrates storage and compute.
Security includes integrated firewall, intrusion prevention, and URL filtering, with deployment simplified by Cisco Umbrella.
Gupta explained that someone trying to implement SD-WAN and security from different devices and interfaces lets themselves in for “a ton of actions” which are “costly and prone to error”.
The SD-WAN capabilities follow the intent-based networking aim of compressing weeks of work into hours, with a single vManage interface for everything.
The same interface also lets the sysadmin bring all branch sites under Cisco Umbrella with a single action.
Gupta noted that system admin can happen either on-premises, or in the cloud.
The security capabilities don’t require a separate licence, Gupta said, they’re embedded into the three existing SD-WAN licence tiers.
It wouldn’t be a 2018 Cisco announcement without open APIs and DevNet.
The APIs expose all Cisco SD-WAN capabilities, so third parties can have their application talking to the SD-WAN, and DevNet has new SD-WAN learning labs and sandboxes.
Integrated Office 365… but why?
Alongside appliances, security and cloudy admin, an Office 365 optimisation offering looks a little out of place, but Gupta said the Microsoft suite is the foundation of how most people spend their office day, and in cloud environments low performance hits productivity hard.
An end user might be accessing Office 365 via head office from a branch gateway, from the enterprise data centre, from a third-party colocation centre, or over 4G. “Customers will have multiple methods to connect to the cloud,” he said.
To overcome this, the SD-WAN offers real-time monitoring of “all available paths to the Microsoft Office 365 cloud”, and it uses Microsoft Office URLs to identify the closest cloud to the user.
“People expect the same performance as they get on their office desktop,” Gupta said. The integration is designed to automatically take “the best path, the most reliable path, to get the best performance”.
Of course, understanding the performance of different routes to a host is a Cisco core competence, but Gupta said the Office 365 integration goes beyond “ping host” and selecting optimal routes… and it goes beyond identifying and prioritising Office 365 traffic.
“I’m getting data from the application itself on how the application is performing,” Gupta said, “so although Path A is faster, Path B has better latency, and that’s what matters at the moment.”
“Performance characteristics change on different circuits,” he added. “Sometimes the shortest path is not the best.” ®