SD-WAN Solution Philosophy

  • By
  • August 24, 2019
  • Networking
SD-WAN Solution Philosophy

SD-WAN Solution Philosophy

Welcome to the world of Software-Defined WAN (SD-WAN) and try to understand that is it really going to replace MPLS (Multi-Protocol Label Switching)!

With Cisco we got some brand new special announcement coming your way from folks of cisco, this is the great time we get a chance to kind of see what’s on the horizon for technology and its great opportunity for the folks around the world to kind of give your thoughts and feedback going on, its

looks like a SD-WAN that’s a hot new topic that I think a lot of people are interested to learn more about because cisco has a really great history with SD-WAN for a long time both u know back when it was kind of at the forefront of the technology with their IWIN product but also now that they have

the acquired patella, a fact I see some of my few friends hanging out from the back we are probably going to hear from them pretty soon so you are going to want to stay tuned for this whole blog where we got a lot great content.

We have a lot of new and exciting stuff to talk about today around SD-WAN and the whole evolution that we are seeing with respect to cloud security.

The evolution of SD-WAN in last 3 years:

In the year 2016:

It started with SD-WAN uprising in 2016 with 1st 100 customers known as the pioneers.

-Hybrid WAN cost Arbitrage


-Business Partners

It is really around how do we take expensive MPLS circuits and add to broadband and build the fabric out of that and get the cost efficiencies and the cost arbitrage that came with it along with it we saw a whole bunch of deployments around segmentation. How do we do mergers and acquisitions and how do we segment our networks for line of business for compliance and so on and so forth so those where kind of early adopters of the technology really focused on this along with kind of how do we bring business partners into the mix and give them access to the infrastructure so this was 3 years ago and then in.

In the year 2017:

SD-WAN started maturing with 2 acquisition and deployment at scale

-DIA (Dedicated Internet Access) and DCA (Direct Cloud Access)

-Manage Services.


And the 2 years back was the phase that I would call as it is divine maturing mainly because there are a couple of acquisitions and the pioneers who actually jumped into the deep end of the pool were we were able to see the deployments work and available to scale it to like thousands of sites and in some cases as well and the focus at that time was ok now we got the cost arbitrage and the efficiency there how do we get security to work , how do we do direct internet access in to office 365 and how do we have an on-ramp into AWS (Amazon Web Service), Microsoft Azure and so forth so DIA and DCA are the key topics of conversation among all of our customer last 2 years and hence so we build a lot of technologies and innovation around that it was also the time that manages service providers large Telco’s, in particular, jumped in and said hey i have a managed service offering so if u are an enterprise customer you can actually get this as a service from me I will give you the circuit, I will give u the managed capabilities on top you don’t have to worry about your network irrespective weather it is hundred sites or thousands of sites and with that also kind of virtualization, I have really cool technology in the form of SD-WAN will bring security into the mix, will bring elements of optimization and will offer everything in a virtualized form factor so that was last 2 years ago.

In the year 2018:

SD-WAN Mainstream with every vertical, every segment and every WAN conversation.
– It is the Year of the Multi-cloud and security

So let’s forward to the last year where many of you have seen the stats around this in a next 2 years 90% of the enterprises are going to make a decision on SD-WAN it’s no longer a question of if it’s purely a question on when and that’s all the reason why we all saw a Gartner as well issue the Magic Quadrant and it helps separate how we would call the men from the boys. There are few vendors who shows up on the top right because they have the credibility and deployment to show last year every single WAN conversation that we are having inside of Cisco and as Cisco you should expect them to be in the table at least on many of this WAN conversation because every single conversation is SD-WAN conversation right across every vertical be it a public sector or utilities, retail manufacturing, financials and so forth every single one of them is a WAN conversation and there are 2 things, in particular, that keeps coming up time and again 1st how do we use this opportunity to revamp our security architecture entirely and how do we build efficient on-ramp into the cloud so all the innovations we will talk about and show you in action are going to be revolving around what are we doing in respect to cloud, with respect to security while at the same time making sure that you get a really good view into how we are migrating customers from their traditional network architecture to architecture of today so these are the kind of main topics.




We are in a world where traditional campus and branches are no longer the same we are in a world where we have mobility that is pervasive everywhere IoT device is becoming the norm everyone wants to connect everything at any point of time on any device and our traditional concept of where applications set is fundamentally changing their use to be a time where there were datacenter and a private cloud it’s no longer that you still have that along with things like IAAS (Infrastructure As A Service) and SAAS(Software As A Service) and it is truly Multi-cloud world with all the conversation

we have had with the customers more than 85 to 90% of our customer base is looking to have applications in more than a single cloud right so everybody is looking at whether its AWS or Azure or Office 365 or Salesforce here are multiple clouds now the WAN is really the connecting fiber between all of this and this connectivity is no longer through MPLS circuits we are depending on internet connectivity’s and internet connectivity is now becoming business-critical it’s no longer a best-effort kind of transport anymore enterprises are looking at internet as the way to access there applications across the Multi-cloud now this becomes important because when you are doing this you have to ensure the same level of reliability, as well as security over the internet,  links that you expected over MPLS and you, are talking about enterprises that have few campuses hundreds of branches and thousands of users that are all mobile so this is fairly complicated problem statement that we are trying to solve and all of these interconnections are making life harder for  network administrators not necessarily easier the cloud makes users life easier it doesn’t necessarily make the network administrator life easier. So the new paradigm that we see is that there is certainly this gap between user devices IoT things and Multi-Cloud and this gap is creating a new paradigm called Cloud Edge. The cloud edge is in our mind is where networking and security and cloud all come together and this is going to become or this is currently new battleground on the WAN side and we need to figure out how we are going to protect the cloud edge there is clearly level of exposure now with internet becoming pervasive and business-critical that didn’t exist in the past , security is fundamental to securing the cloud edge application experience MPLS provided you guaranteed SLA(Service Level Agreement) and metrics because you are paying for that the internet is no longer than guaranteed of SAAS we have to make sure that experience is consistent whether you are going over an MPLS circuit or  going over an internet circuit and it has to be given the same level of performance characteristic that MPLS used to give you and complexity, of course, you have to make sure that the WAN is intelligent enough to be able to take the best part with the most secure part to anywhere you want to go.

So let’s dive into the security piece of this, let’s take an example that how we do security in a branch, there are typically four ways of doing security in a branch and we will go over all of them and there are pros and cons for each of them.

  1. So the traditional way of doing it is we want to get access to the internet we basically go from our branch location backhaul to the data center and then go to the internet.

Pros and Cons:

Security is easier here because the security parameter is actually in your data center and you have all of the security appliances sitting there, the user experience is not good when you are going to a SAAS application or to the Multi-cloud through a datacenter you are going to have performance implications.

  1. The second way that we will do this is through cloud security let the security be handled directly by the cloud there are number of vendors out there that says we will handle your security you don’t actually need security sitting in your branch you can do it all in the cloud now while that may be fairly simple there is not any effort required by the enterprise to do this, a lot of large enterprises get very nervous when you talk about essentially outsourcing your security to the cloud right there is a level of control that they loose and they don’t like it so while this is durable this probably not the model that a lot of enterprises are going to do.
  1. Third model is you are really paranoid about security you want to deploy a unified threat management system in every branch so this give you a level of control that you didn’t have with options to however this does get you a lot of complexity it is more expensive to have a dedicated UTM appliance sitting in every branch and management becomes the problem you have 2 different points of management for your routing an SD-WAN as well for your security appliances.
  2. Lastly the fourth you could do all of this where you could deploy all of this in some form or fashion and a lot of intervals actually do this today like there is no single answer here but again this increases complexity and these reduce control based on what you for in which branch so we believe that we actually have an answer that might be better than all of this, the question really is how can IT maintain choice and control when you are connecting to a Cloud Force and a multi-cloud kind of world.

So what Cisco really announced that to begin with is full-stack security embedded within a routing portfolio with SD-WAN so cisco introduce SD-WAN the VIPTELA stack in the ISR IOS code based in July 2018 and along with that we are embedding there core security functions which is application-aware firewalls, IPS (Intrusion Prevention System), IDS (Intrusion Detection System), URL Filtering in the SD-WAN IOS router itself.
So an enterprise will get a full-stack solution so that they can deploy this in one place and manage it consistently from one Dashboard which is our managed dashboard.

So one place to deploy security and one place is managed it and one place to monitor it so this will be the key innovation all of the ciscoes installed Base already out there as millions of ISR’s they can be enabled with SD-WAN today with the firmware upgrade and now we can add security to it. Second thing that cisco announced is integration with umbrella stack for cloud security it’s not just embedded branch security that they are talking hey are also added elements from cloud security stack which is cisco Umbrella and integrating that with the ISR’s so now we get a system that is fully secure wherever users are connected in the branch r they are roaming around and connected through Starbucks or some other remote place.

The last piece of this is multi-cloud piece, as today we already have solutions for cloud on-ramp where we can connect and accelerate performance to 14 SAAS applications using cloud on-ramp which is shipping feature for the last year what Cisco has announced is partner with Office 365 and added enhancements to show that capability so that Cisco can get you better performance by reaching to the closest O365 locations from where your branches, so you don’t have a performance penalty of essentially going across the world, or going across the country to go to O365 location, will make sure that you reach the nearest location to your deployment.

Nitin Gawli


For Free, Demo classes Call: 7798058777
Registration Link: Click Here!

Call the Trainer and Book your free demo Class for now!!!

call icon

© Copyright 2019 | Sevenmentor Pvt Ltd.

Submit Comment

Your email address will not be published. Required fields are marked *