Intelligent WAN (IWAN) Application for the Cisco® Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) allows you to accelerate the deployment of IWAN and align to business priorities based on applications and user needs.
The IWAN Application simplifies WAN deployments by providing a highly intuitive, policy-based interface that helps IT abstract network complexity and design for business intent. The business policy is automatically translated into network policies that are propagated across the network. This solution enables IT to accelerate the transition to hybrid WAN, and quickly realize the benefits of Software-Defined WAN (SD-WAN): lower costs, simplified IT, increased security, and optimized application performance.
The IWAN Application is prescriptive of the Cisco Validated Design and provisioning of its core pillars for a large number of sites from a centralized location. Upon power-up the branch-office routers are automatically configured and ready to use. This architecture is based on open interfaces, a software-defined networking (SDN) services plane, and device-layer abstraction. This approach will allow full policy-directed deployment and operation of the network. IT can now meet line-of-business (LOB) time-to-market needs with automated functions that are propagated in minutes as you activate branch offices or roll out applications. The network including all routers is abstracted and IT can focus on the business priorities without being concerned about the underlying topology.
Features and Benefits
Table 1 lists the features and benefits of the Cisco APIC-EM Application for IWAN.
Table 1. Features and Benefits of Cisco APIC-EM Application for IWAN
Plug and Play
The network is used to deploy Cisco 4000 Series Integrated Services Routers (ISRs) in new sites. When the controller scanner discovers a new router, it creates a Network Information Database (NIDB) entry for it and then automatically configures it. This capability (zero-touch deployment) eliminates manual intervention, saving you time and helping prevent errors. All you need to do is connect the cable and power up the device.
Centralized policy automation
The IWAN Application has a centralized policy automation engine that helps guarantee that all sites run the business policies intended by the administrator.
The IWAN Application is also designed to allow the administrator to specify the business needs in terms of application delivery in a drag-and-drop intuitive fashion (figure 1). You can deliver highly advanced technologies such as Dynamic Multipoint VPN (DMVPN), quality of service (QoS), and Performance Routing (PfR) without having to spend any time learning command-line interface (CLI) commands.
Public-key-infrastructure (PKI) certificate
The IWAN Application uses the APIC-EM Trust Manager service. This service automates the lifecycle management of issuing, renewing, and revoking the PKI X.509 certificate for IWAN. With this feature, IWAN Application greatly simplifies the process of establishing and keeping trust in the network.
Centralized hybrid WAN management
The IWAN Application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. This feature allows for cost savings by helping guarantee delivery of application experience over any connection and using otherwise inactive or backup links.
QoS deployment and change of management
The IWAN Application can enforce QoS priority policies facing the WAN as well as the LAN. You can categorize applications into business-critical, default, or best-effort. This feature helps application traffic behave consistently and in accordance with your QoS service-level agreements (SLAs).
Network wide visibility and segmentation with Application Visibility and Control (AVC)
The IWAN Application provides a prepopulated set of common applications and lets you create a profile for custom applications. This feature helps you apply QoS and path control by application or set of applications and by business needs and priority (Figure 2).
DMVPN deployment and change of management
The IWAN Application fully automates the provisioning of the Cisco DMVPN. This automation includes the management of DMVPN intern IP address allocations as well as setting the high encryption policies. With the application the provisioning of DMPVN is highly automated and simplified.
Cisco Validated Designs based IWAN deployment workflows
Business-intent workflows allow for rapid deployment of a large number of sites without spending time building templates. It is preloaded with Cisco best practices for deploying hybrid WANs and with the most common service providers’ QoS models.
Figure 1. APIC-EM IWAN Application Main Set Up Page
Figure 2. APIC-EM Application for IWAN Application Policy Setup Page
Supported Cisco Platforms and Software Releases
Cisco IWAN supports the following Cisco router platforms and software releases.
Cisco 4000 Series Integrated Services Routers
Cisco IOS XE 3.16.2S and later and later with AppX and Security licenses
Cisco ASR 1000 Series Aggregation Services Routers
Cisco IOS XE 3.16.2S
Cisco CSR 1000v Series Routers
Cloud Services Router 1000v
Cisco IOS XE 3.16.2S
Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers
Cisco IOS 15.5(3)M2a
The IWAN Application is a component of the APIC-EM. APIC-EM can be purchased a-la-carte or with the Cisco ONE Software. With the a-la-carte option, Cisco provides a bundle license for the number of devices in the network. This license allows you to manage IWAN routers with either the APIC-EM Application for IWAN or Cisco Prime™s Infrastructure 3.1+.
More details and ordering information can be found here: http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-735996.pdf
The APIC-EM with the IWAN Application runs on a virtual appliance. The system resources to run the application follow:
● Server: 64-bit x86
● vCPU: 6 (2.4 GHz)
● RAM: 64 GB
(Note: For a multi-host hardware deployment (two or three hosts), 32GB RAM is sufficient for each host.)
● Disk I/O Speed: 200 Mbps
● Browser: Chrome (47 or later)
● Storage: 500-GB hard disk drive or preferably 1-TB HDD
● Network adapter: 1x
You also must have an HTTP or Secure HTTP (HTTPS) proxy to connect the APIC-EM plug and play service to the public cloud. This proxy can be a commercial standard HTTP or HTTPS proxy.
For Cisco IWAN on APIC-EM, the following software is required to access the server:
◦ Chrome (Version 47.0 or higher)
◦ Mozilla Firefox (Version 44.0 or higher)
Cisco and Partner Services
The Cisco APIC-EM Application for IWAN is part of the Cisco ONE Enterprise Networks architecture and is supported by Cisco ONE Services, which provides post sale technical support and advanced services.
Financing to Help You Achieve Your Objectives
Cisco Capital® financing can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce your capital expenditures (CapEx). Accelerate your growth. Optimize your investment dollars and return on investment (ROI). Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.