Cisco Catalyst SD-WAN Solution Overview
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The continued evolution of IT infrastructure and the shift towards multicloud application strategies have created unprecedented levels of network complexity. The traditional WAN architecture is not equipped to handle the scale and diversity of modern networks, leaving organizations struggling to manage their networks effectively and provide the reliable, secure connectivity that users demand.
The challenges of network complexity are multifaceted. The proliferation of cloud applications has led to a distributed and fragmented network environment, making it difficult to ensure consistent performance and security across all locations. Additionally, the increasing number of devices and users, along with the rise of remote and hybrid work models, has further complicated the network landscape.
These challenges have highlighted the need for a transformation of network infrastructure. IT teams must simplify their network environment and ensure secure, reliable connectivity across all locations. They require a solution that can adapt to changing network requirements and provide real-time visibility into network performance and security.
That's where Cisco Catalyst SD-WAN comes in. By leveraging advanced networking and security capabilities, Catalyst SD-WAN enables organizations to manage their multicloud network environment with ease, simplify their operations, and optimize application performance across their distributed workforce.
Catalyst SD-WAN connects any user to any application with integrated capabilities for multicloud, security, predictive operations, and enhanced network visibility —all on a SASE-enabled architecture. Catalyst SD-WAN enables you to transform your IT infrastructure by delivering network connectivity that’s cloud-agnostic, efficient and simpler to manage, lowers operational costs and increases control and visibility across the entire digital service delivery chain.
Cisco Catalyst SD-WAN Manager (formerly vManage) provides a highly visualized dashboard that simplifies network operations. It provides centralized configuration, management, operation, and monitoring across the entire SD-WAN fabric.
Catalyst SD-WAN offers integrated security, including full-stack multilayer security capabilities on the premises and in the cloud. This integrated security provides real-time threat protection where and when it is needed — for branches connecting to multiple Software-as-a-Service (SaaS) or IaaS clouds, data centers, or the internet, further accelerating the transition to a SASE-enabled architecture. Catalyst SD-WAN is fully integrated with the cloud-delivered Cisco Umbrella, which offers protection against security blind spots and cyberthreats. The integration between Catalyst SD-WAN and Umbrella enables networking and security convergence capabilities that accelerate the transition to a SASE architecture in a secure and agile manner.
“As we expand our intent-based network, the Cisco Catalyst 8000 Edge Platforms check all the boxes for an agile SD-WAN solution that can deliver the performance, security, and visibility needed to deliver these real-time connected experiences.”
Ed Vanderpool,
IT Technical Manager, Adventist Health
Using the SD-WAN Manager (Figure 1), you can quickly connect all company data centers, core and campus locations, branches, colocation facilities, cloud infrastructure, and remote workers. To enable this interconnection, Catalyst SD-WAN applies the Overlay Management Protocol (OMP) to your entire network. Catalyst SD-WAN simplifies IT operations with automated provisioning, unified policies, and streamlined management, making changes, updates, and resolutions in record time. You gain advanced network functionality, reliability, and security.
The Cisco Catalyst SD-WAN Manager (formerly vManage) dashboard showing network and application health.
Cisco provides a flexible architecture to extend SD-WAN to any environment (Figure 2). Whether you deploy your product in the cloud or on-premises, Catalyst SD-WAN automatically discovers, authenticates, and provisions both new and existing devices.
Flexible and scalable architecture for network transformation
Businesses are using not just one cloud data center in their IT operations, but several clouds across IaaS, SaaS, and Platform as a Service (PaaS) (Figure 3). Connecting these workloads and applications together with the WAN and remote users is a challenge.
To help reduce this complexity, Catalyst SD-WAN provides the ability to connect any WAN location to multiple cloud platforms or any other enterprise site, increasing connection speeds and enhancing connection reliability. Cisco SD-WAN Cloud OnRamp creates a WAN extension for your IaaS workloads, provides dynamic path selection for optimal SaaS application performance, consolidates branch office egress points into regional colocation facilities, and automates cloud-agnostic branch connectivity with cloud interconnect.
Monitoring underlay performance via the Catalyst SD-WAN Manager, Cloud OnRamp automatically selects the fastest, most reliable path to the cloud infrastructure, no matter where your end users are located. In the event of network service interruptions beyond your control, Cloud OnRamp will adjust paths as necessary, helping ensure continuous uptime and predictable performance.
SD-WAN Cloud OnRamp for Multicloud
Catalyst SD-WAN makes connecting the company WAN to IaaS environments such as Amazon Web Services, Google Cloud, and Microsoft Azure simple, automated, and secure — as though the cloud databases themselves are part of the corporate network. In the Catalyst SD-WAN console, your network and operations teams can automate virtual private cloud connections to IaaS environments, extending the Catalyst SD-WAN OMP to the cloud. Catalyst SD-WAN applies automated connectivity requirements (loss, latency, and jitter) to find the optimal path to cloud IaaS applications, adjusting the IPsec route as needed to help ensure service delivery and performance while monitoring the hosting infrastructure for anomalies.
Cisco SD-WAN Cloud OnRamp for IaaS, PaaS, and SaaS applications
Cisco SD-WAN Cloud Hub
Cisco SD-WAN Cloud Hub leverages SD-WAN to interconnect branch sites, on-premises data centers, and the cloud using a public cloud service provider’s backbone (such as AWS, Google Cloud, or Microsoft Azure) as an underlay. Cloud Hub reduces provisioning from months to minutes with site-to-cloud network automation as well as offering high availability and multiple points of presence across the world using a cloud service provider’s global infrastructure for site-to-site connectivity (Figure 4).
Cisco SD-WAN Cloud Hub
SD-WAN Cloud OnRamp for SaaS
In addition to building application workloads in IaaS cloud environments, many companies today use SaaS applications for streamlined operations. As with IaaS, connectivity to these applications requires sharing resources with other customers on distant hardware. Fortunately, Cisco SD-WAN Cloud OnRamp for SaaS makes connecting to and securing these SaaS environments simple.
Partnering with several SaaS providers, Cisco SD-WAN Cloud OnRamp automatically selects the fastest, most reliable path to SaaS applications for your users (Figure 5), engaging in real-time traffic steering to deliver the best user experience no matter where they are located. Should an internet service issue cause connectivity that falls below your benchmarks, Cloud OnRamp finds the next best path to help ensure continued application performance. In fact, Cisco has partnered with over 14 leading SaaS vendors to deliver superior application performance compared to competing SD-WAN solutions. In addition, the solution automates best path selection for custom and standard NBAR (Network Based Application Recognition) applications, allowing enterprises to enable Cloud OnRamp for SaaS capabilities with the application of their choice.
Cisco SD-WAN Cloud OnRamp for SaaS has taken communication, collaboration, and video capabilities to the next level with Webex. Catalyst SD-WAN segregates Webex traffic from generic internet traffic and routes it via the best path from a specific branch router to deliver a seamless, consistent, and high-quality user experience. The solution also allows you to enjoy up to 40 percent faster performance for Microsoft 365. Features such as informed network routing and URL categorization greatly streamline the customer experience, giving users deeper abilities to manage and route traffic within Microsoft 365 to improve speed, efficiency, and performance across the entire suite of applications.
Dynamic path selection in Cisco SD-WAN Cloud OnRamp for SaaS
Cisco SD-WAN Cloud Interconnect
Cisco SD-WAN Cloud Interconnect (Figure 6) uses a cloud agnostic backbone to connect from site to site and site to multiple clouds. This Cloud OnRamp solution automates on-demand connectivity between multiple sites and to the world’s leading cloud provider networks directly from your SD-WAN controller. Combined with a Software-Defined Cloud Interconnect (SDCI) partner, this solution delivers reliable network performance while decreasing operational costs and complexity. Cloud Interconnect provides a single, easy-to-use console to automate deployment of connections, reducing provisioning from weeks to minutes. SDCI partners like Equinix or Megaport, provide secure, reliable connectivity using a global ecosystem and significantly reduce cloud data egress fees and network charges.
Cisco SD-WAN Cloud Interconnect
SASE-ready, cloud-delivered security
As IT architectures are changing, so is the threat landscape, which continues to evolve as well. The digital transformation that has resulted in the adoption of multicloud access and the proliferation of applications and devices has also increased the attack surface and exposed organizations to new security vulnerabilities.
Securing these modern IT environments requires a fresh approach that is an alternative to a traditional centralized security stack in the data center. SASE unifies networking and security services into a cloud-delivered service to provide comprehensive integrated security. Cisco with our partners offers an unmatched breadth of assets and expertise in networking and security for both on-premises and cloud deployments.
Catalyst SD-WAN can deploy a complete security solution, either on-premises or with Cisco Umbrella cloud security. Enabling DIA with SD-WAN provides more efficient SaaS and internet connectivity but has security blind spots. Web-based attacks are a major source of threats. Cisco’s on-premises and cloud security provides strong protection against web-based attacks and delivers a complete set of features such as enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection. Implement segmentation across the entire network to isolate and protect critical assets (Figure 9). By choosing Catalyst SD-WAN, you gain the ability to automate the right security in the right place, all from a single dashboard. It eliminates the cost and complexity of multiple standalone point products for a cloud-delivered, fully integrated solution.
Catalyst SD-WAN built-in on-premises security or Cisco Umbrella cloud security
Whether you deploy your SD-WAN security on-premises or in the cloud, Catalyst SD-WAN uses real-time threat intelligence from Cisco Talos®, the industry’s leading threat intelligence group, which provides comprehensive threat protection in real time for market-leading protection. After a few simple clicks in the dashboard (Figure 10), Catalyst SD-WAN will harden your entire network from core to edge and cloud with security capabilities such as Cisco Secure Firewall, Cisco Umbrella Secure Internet Gateway, and Malware Defense. No other SD-WAN solution delivers this level of comprehensive routing and threat intelligence on a certified trustworthy infrastructure.
Only Cisco can deploy multilayered security across the network in an automated manner. As a result, end users — whether in the data center, in a branch, on the campus, or in a remote location — can enjoy protection from a multitude of security threats. Catalyst SD-WAN makes comprehensive network security simple, protecting your business against data exfiltration and insider threats.
“We’ve never had application visibility like this before. This added security protects our staff from the ever-present threats on the internet.”
Joel Marquez,
IT Director, Tamimi Markets
Applications and users are more distributed than ever, and the internet has become the new enterprise WAN. As SD-WAN has transformed to connect users across multicloud, branch, data centers, and a hybrid workforce, IT and network operation teams are constantly challenged to deliver reliable connectivity, application experience, and security over networks and services they don’t own or directly control.
In parallel, networks and devices generate a multitude of data points across thousands of sites, network paths, applications, and distributed users. It has become impossible to digest and make sense of this data. Time spent on the identification of issues and troubleshooting requires significant resources and further prolongs negative impacts on productivity.
Cisco Catalyst SD-WAN Analytics simplifies network operations by providing granular network insights, predictivity, and automation that not only heighten network integrity but also deliver optimal application experience. By liberating IT and network teams from complex network operations, Catalyst SD-WAN empowers IT and network operation teams to maximize productivity and improve operational efficiency and resiliency, ultimately accelerating digital transformation and innovation.
SD-WAN Analytics
SD-WAN Analytics aggregates a large volume of telemetry data and correlates application performance with underlying networks for operational insights, in a highly visualized and simplified manner. SD-WAN Analytics enhances network visibility, establishes historical benchmarks, and expedites root-cause isolation, ultimately enabling enterprises to take the necessary corrective actions and total control of the user experience.
Cisco Catalyst SD-WAN Analytics
Predictive Path Recommendations
Cisco’s Predictive Path Recommendations (PPR) powered by ThousandEyes WAN Insights, an integral component of Cisco Predictive Networks, delivers a predictive network solution, enabling Catalyst SD-WAN customers to proactively improve the application experience for users. Leveraging advanced algorithms and predictive models, PPR determines the performance and policy compliance of the paths carrying the site application traffic. When performance is below historical benchmarks or SLA, PPR can make recommendations and automatically implement corrective actions – before impacting users. Predictive Path Recommendation is available today. Closed-loop automation feature is expected to be available in August 2023.
Predictive Path Recommendations
Cisco ThousandEyes
The integration of Catalyst SD-WAN and ThousandEyes brings end-to-end visibility into application delivery and network performance beyond the traditional enterprise network boundaries. This integration provides the only SD-WAN solution with turnkey ThousandEyes vantage points, delivering an optimal application experience over any network. Enterprises and other organizations can expedite the deployment of ThousandEyes agents through SD-WAN Manager integration to quickly pinpoint the source of issues, get to resolution faster, and manage the performance of what matters.
Cisco ThousandEyes
“Catalyst SD-WAN Security delivers simplicity and automation so that we can apply the right security controls where needed, when needed. We are very excited to bolster that solution with the Catalyst 8000 Edge Platform solution.”
Director of Product Management,
Riedel Networks
See more Catalyst SD-WAN customer stories
Benefits of the Catalyst SD-WAN Analytics solution
● Optimize efficiency - Correlate raw telemetry sources, establish historical benchmarks, and provide operational insights, thereby transforming network operations from a reactive to a highly predictive model.
● Optimize resiliency - Monitor network and application performance proactively, while validating implemented policies with business requirements to avoid performance issues before impacting users.
● Optimize user experience - Enable a unified application experience your end users have come to expect, irrespective of their location and associated network environment.
● Optimize operational sustainability - Establish a perpetual optimization cycle that achieves overall CapEx and OpEx efficiency. Predictive analytics improve network engineering that enables organizations to plan optimal capacity, thereby driving CapEx efficiency. OpEx efficiency is achieved by proactively preventing user-impacting issues, automating resolution, and reducing the overall troubleshooting cycles.
● Optimize productivity - Create a proactive engagement model that allows network conditions that may otherwise have gone unnoticed, to be addressed before reaching a noticeable level. A proactive operating model will ultimately free up resources and time that can shift to higher-level strategic and innovation priorities.
● Optimize operations - Deliver strategic business outcomes to enterprise and service providers. Workforce challenges in the IT sector are not new with difficulties in finding the right talent to keep up with attrition and growth. Skill gaps grow greater each year as employers chase a smaller pool of highly skilled workers with expertise in cloud-native platforms, networking engineering, and security. Enhanced visibility, automation, and prediction can fill the gaps by standardizing operations and executing routine operational activities on a proactive basis.
Simplifying communications with integrated unified communications
Catalyst SD-WAN supports Unified Communications (UC) and SD-WAN within a single box (Figure 13). Unified communications integrate communication services, including voice, extension mobility and single number reach, instant messaging, presence information, and video conferencing, as well as other advanced features such as unified messaging with integrated voicemail, messaging, email, and faxing.
Integrated unified communications
Benefits of Catalyst SD-WAN unified communications and voice integration
Telephony integration
Cisco is the only vendor to natively integrate analog, digital, and IP telephony interfaces directly into its Customer Premises Equipment (CPE).
Reduced OpEx and CapEx
Having both UC and SD-WAN within a single CPE device means lower support and licensing costs and eliminates the cost of the UC hardware.
VoIP solution investment protection
Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC and voice on Cisco edge devices helps ensure that investments in existing equipment can be leveraged, since they are supported in the cloud with Catalyst SD-WAN.
Reduced complexity
SD-WAN Manager can orchestrate scalable and consistent UC configurations across the entire enterprise via templates, and policies can prioritize specific application links, with fallback capability in case of link failure or degradation.
Telephony survivability
Prevent internal and external IP phone outages using Cisco Unified Survivable Remote Site Telephony (SRST), enabling the edge device as the fallback IP PBX with access to the Public Switched Telephone Network (PSTN).
Middle-mile optimization
Cisco is the only vendor extensively partnering with colocation and SDCI partners for optimization with cloud applications (Cisco Webex®, Unified Communications Manager Cloud, and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.
Security and communication integrity
Catalyst SD-WAN also integrates best-in-class security with cloud-based Cisco Umbrella or Cisco’s on-premises security portfolio, thereby ensuring the security and integrity of your network and unified communications.
SD-WAN platforms
Cisco offers the widest selection of platforms and appliances so that you can deploy SD-WAN anywhere (Figure 14). These industry-leading edge platforms combine innovative cloud networking capabilities with multilayer security support, hardware-accelerated encryption, and robust port flexibility to offer flexible, secure cloud connectivity in SD-WAN that scales. With Catalyst SD-WAN, you can create the most comprehensive fabric possible, scaling your entire business into hybrid and multicloud environments with ease.
Catalyst SD-WAN platform capabilities
Edge
Edge locations are at the forefront of digital transformation. These locations vary widely, from branch offices to restaurants, sports stadiums, and more. They’re united in requiring reliable security, connectivity, and application storage for IoT. Deploy Catalyst SD-WAN on Catalyst 8500, 8300, and 8200 Series Edge Platforms or on Cisco 1100 Series Integrated Services Routers (ISRs) with a single image for Cisco IOS® XE. Catalyst SD-WAN can also be deployed on SD-Branch solutions such as the Catalyst 8200 Series Edge uCPE and Cisco UCS® E-Series platforms using Network Functions Virtualization (NFV). In addition, you can even extend Catalyst SD-WAN into adverse conditions, industrial facilities, vehicles, and factories with the Catalyst 1101, 1800, 8100, and 8300 industrial routers for mission-critical use cases. Catalyst industrial routers offer a ruggedized industrial form factor and simplified management with Catalyst SD-WAN on Cisco IOS XE.
Core
Core locations are the backbone of any corporate WAN and include data centers and campuses. These locations have heavy traffic and require powerful aggregation throughput capabilities, resilient connectivity, and built-in security. Deploy Catalyst SD-WAN at the core with the Catalyst 8500 Series Edge Platforms to connect your core to the SD-WAN fabric.
Colocation
Simplify WAN management with Catalyst SD-WAN Cloud OnRamp for Colocation. Deploy regional hub solutions on the Cisco Cloud Services Platform 5000, or connect SD-WAN with the Cisco Catalyst 8500 Series.
Cloud
Catalyst SD-WAN extends control and connectivity to cloud environments such as Amazon Web Services, Google Cloud, and Microsoft Azure. Deploy Catalyst SD-WAN in cloud environments through the Cisco Catalyst 8000V Edge Software or the Cloud Services Router 1000V Series.
Cisco DNA Software for SD-WAN and Routing subscriptions are available in three subscription tiers. Subscriptions can be purchased either transactionally or as an enrollment in an Enterprise Agreement. Software licenses are portable across cloud and premises, are easy to upgrade across tiers, and include Software Support Service (SWSS) for the Cisco DNA Software stack.
Cisco DNA subscription tiers
Software tiers:
● Cisco DNA Essentials for SD-WAN and Routing: Simplified management and security protection for the cost-conscious customer. Centralized, secure SD-WAN management for up to 4+1 VPNs. Optimized for cloud connectivity.
● Cisco DNA Advantage for SD-WAN and Routing: Advanced SD-WAN with enhanced security for feature-rich and valued branch deployment models. Unlimited SD-WAN segmentation, plus network and application assurance using WAN optimization and real-time analytics.
● Cisco DNA Premier for SD-WAN and Routing: Advanced SD-WAN security will mitigate the most sophisticated threats to your business. Cisco DNA Premier includes all the features of Cisco DNA Essentials and Advantage, plus adds Cisco Umbrella SIG Essentials licenses
Cisco DNA licensing tiers
Catalyst SD-WAN helps organizations connect any user to any application, with integrated capabilities for multicloud, security, unified communications, and application optimization — all on a SASE-enabled architecture. It delivers the following key technology differentiators:
● Optimized for Multicloud
● Goes beyond traditional SD-WAN
● Integrated security
● Flexible and scalable architecture
● Integrated unified communications
● Enhanced network visibility and predictivity with Cisco ThousandEyes, SD-WAN Analytics and Predictive Path Recommendations (PPR)
● Multigigabit capability
● Robust and diversified platform
● Operational Simplicity
Cisco Services helps IT teams worldwide design, manage, and maintain some of the most sophisticated, secure, and intelligent platforms for digital business. Our innovation, expertise, and services quality, coupled with advanced analytics, automation, and security, help you bridge the talent gap, manage risk, deliver excellence, and stay ahead of the pace of change.
There’s no question that businesses undergoing digital transformation are seeing their IT architectures change — and the challenges are enormous. Choose Catalyst SD-WAN for the latest in networking and security technology, built with the trust earned from a history of innovation. Visit https://cisco.com/go/sdwan today to learn more.
To view buying options and speak with a Cisco sales representative, visit https://www.cisco.com/c/en/us/about/contact-cisco.html.