The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Digital transformation has ushered in a new era of long-lasting IT infrastructure changes. These changes have resulted in new challenges for the network and security teams, such as securing the distributed and hybrid workforce and delivering secure access to business-critical applications across a multicloud environment. In addition, the internet is rapidly becoming the preferred method of connectivity due to cost and availability. Still, it does not provide the security, consistency, visibility, or quality of traditional technologies such as Multiprotocol Label Switching (MPLS) links. IT needs to rearchitect its WAN edge to deliver consistent and predictable digital experiences in a multicloud world.
Cisco® SD-WAN is a cloud-delivered WAN solution that connects any user to any application, with integrated capabilities such as multicloud, security, enhanced visibility, and analytics building toward a Secure Access Service Edge (SASE)-enabled architecture.
Cisco SD-WAN offers a software-defined WAN solution that enables enterprises and organizations to connect users to their applications securely. It provides a software overlay that runs over standard network transport, including MPLS, broadband, and internet, to deliver applications and services. The overlay network extends the organization’s network to Infrastructure as a Service (IaaS) and multicloud environments, thereby accelerating their shift to the cloud.
This virtualized network runs on the industry’s most broadly deployed routing technology, from physical branch routers such as the Cisco Catalyst® 8000 Edge Platforms Family to virtual machines in the cloud such as the Cisco vEdge Cloud routers. Centralized controllers, which oversee the control plane of the Cisco SD-WAN fabric, efficiently manage the provisioning, maintenance, and security for the entire Secure Extensible Network (SEN) overlay network.
Cisco vManage provides a highly visualized dashboard that simplifies network operations. It provides centralized configuration, management, operation, and monitoring across the entire SD-WAN fabric. Integration with Cisco Umbrella® accelerates the transition to a SASE architecture. Open programmability enables data extraction for enhanced visibility and actionable insights
Cisco SD-WAN offers integrated security, including full-stack multilayer security capabilities on the premises and in the cloud. This integrated security provides real-time threat protection where and when it is needed — for branches connecting to multiple Software-as-a-Service (SaaS) or IaaS clouds, data centers, or the internet, further accelerating the transition to a SASE-enabled architecture.
“As we expand our intent-based network, the Cisco Catalyst 8000 Edge Platforms check all the boxes for an agile SD-WAN solution that can deliver the performance, security, and visibility needed to deliver these real-time connected experiences.”
IT Technical Manager, Adventist Health
Using the Cisco SD-WAN dashboard (Figure 1), you can quickly connect all company data centers, core and campus locations, branches, colocation facilities, cloud infrastructure, and remote workers. To enable this interconnection, Cisco SD-WAN applies the Overlay Management Protocol (OMP) to your entire network. Cisco SD-WAN simplifies IT operations with automated provisioning, unified policies, and streamlined management, making changes, updates, and resolutions in record time. You gain advanced network functionality, reliability, and security.
The Cisco SD-WAN dashboard
Cisco provides a flexible architecture to extend SD-WAN to any environment (Figure 2). Whether you deploy your product in the cloud or on-premises, Cisco SD-WAN automatically discovers, authenticates, and provisions both new and existing devices.
Benefits of the flexible Cisco SD-WAN architecture
Businesses are using not just one cloud data center in their IT operations, but several clouds across IaaS, SaaS, and Platform as a Service (PaaS) (Figure 3). Connecting these workloads and applications together with the WAN and remote users is a challenge.
To help reduce this complexity, Cisco SDWAN provides the ability to connect any WAN location to multiple cloud platforms or any other enterprise site, increasing connection speeds and enhancing connection reliability. Cisco SD-WAN Cloud OnRamp creates a WAN extension for your IaaS workloads, provides dynamic path selection for optimal SaaS application performance, consolidates branch office egress points into regional colocation facilities, and automates cloud-agnostic branch connectivity with cloud interconnect.
Monitoring underlay performance via the Cisco SD-WAN dashboard, Cloud OnRamp automatically selects the fastest, most reliable path to the cloud infrastructure, no matter where your end users are located. In the event of network service interruptions beyond your control, Cloud OnRamp will adjust paths as necessary, helping ensure continuous uptime and predictable performance.
SD-WAN Cloud OnRamp for Multicloud
Cisco SD-WAN makes connecting the company WAN to IaaS environments such as Amazon Web Services, Google Cloud, and Microsoft Azure simple, automated, and secure — as though the cloud databases themselves are part of the corporate network. In the Cisco SD-WAN console, your network and operations teams can automate virtual private cloud connections to IaaS environments, extending the Cisco SD-WAN OMP to the cloud. Cisco SD-WAN applies automated connectivity requirements (loss, latency, and jitter) to find the optimal path to cloud IaaS applications, adjusting the IPsec route as needed to help ensure service delivery and performance while monitoring the hosting infrastructure for anomalies.
Cisco SD-WAN Cloud OnRamp for IaaS, PaaS, and SaaS applications
Cisco SD-WAN Cloud Hub
Cisco SD-WAN Cloud Hub leverages SD-WAN to interconnect branch sites, on-premises data centers, and the cloud using a public cloud service provider’s backbone as an underlay. Cloud Hub reduces provisioning from months to minutes with site-to-cloud network automation as well as offering high availability and multiple points of presence across the world using a cloud service provider’s global infrastructure for site-to-site connectivity (Figure 4).
Cisco SD-WAN Cloud Hub
SD-WAN Cloud OnRamp for SaaS
In addition to building application workloads in IaaS cloud environments, many companies today use SaaS applications for streamlined operations. As with IaaS, connectivity to these applications requires sharing resources with other customers on distant hardware. Fortunately, Cisco SD-WAN Cloud OnRamp for SaaS makes connecting to and securing these SaaS environments simple.
Partnering with several SaaS providers, Cisco SD-WAN Cloud OnRamp automatically selects the fastest, most reliable path to SaaS applications for your users (Figure 5), engaging in real-time traffic steering to deliver the best user experience no matter where they are located. Should an internet service issue cause connectivity that falls below your benchmarks, Cloud OnRamp finds the next best path to help ensure continued application performance. In fact, Cisco has partnered with over 14 leading SaaS vendors to deliver superior application performance compared to competing SD-WAN solutions. In addition, the solution automates best path selection for custom and standard NBAR (Network Based Application Recognition) applications, allowing enterprises to enable Cloud OnRamp for SaaS capabilities with the application of their choice.
Cisco SD-WAN Cloud OnRamp for SaaS has taken communication, collaboration, and video capabilities to the next level with Webex. Cisco SD-WAN segregates Webex traffic from generic internet traffic and routes it via the best path from a specific branch router to deliver a seamless, consistent, and high-quality user experience. The solution also allows you to enjoy up to 40 percent faster performance for Microsoft 365. Features such as informed network routing and URL categorization greatly streamline the customer experience, giving users deeper abilities to manage and route traffic within Microsoft 365 to improve speed, efficiency, and performance across the entire suite of applications.
Dynamic path selection in Cisco SD-WAN Cloud OnRamp for Multicloud
Dynamic path selection in Cisco SD-WAN Cloud OnRamp for SaaS
SD-WAN Cloud OnRamp for Colocation
Cisco SD-WAN refines distributed architectures so that colocations can serve as regional hubs for branches with both MPLS and Direct Internet Access (DIA). Colocation hubs streamline multicloud access by reducing the number of egress points to the cloud, regionalize security to reduce the attack surface, and encourage network efficiency through easier enforcement of end-user application policy.
Cisco SD-WAN Cloud OnRamp for Colocation
By consolidating branches, remote offices, and even remote worker connectivity into a colocation facility (Figure 7), you can bring users closer to the services and applications they use, improving the application experience. In addition, Cloud OnRamp for Colocation can help address data sovereignty requirements for compliance and privacy legislation. Finally, Cloud OnRamp for Colocation provides simple, efficient scaling capabilities for consolidating network function deployments.
Cisco SD-WAN Cloud Interconnect
Cisco SD-WAN Cloud Interconnect (Figure 8) uses a cloudagnostic backbone to connect from site to site and site to multiple clouds. This Cloud OnRamp solution automates on-demand connectivity between multiple sites and to the world’s leading cloud provider networks directly from your SD-WAN controller. Combined with a Software-Defined Cloud Interconnect (SDCI) partner, this solution delivers reliable network performance while decreasing operational costs and complexity. Cloud Interconnect provides a single, easy-to-use console to automate deployment of connections, reducing provisioning from weeks to minutes. SDCI partners like Equinix or Megaport, provide secure, reliable connectivity using a global ecosystem and significantly reduce cloud data egress fees and network charges.
Cisco SD-WAN Cloud Interconnect
As IT architectures are changing, so is the threat landscape, which continues to evolve as well. The digital transformation that has resulted in the adoption of multicloud access and the proliferation of applications and devices has also increased the attack surface and exposed organizations to new security vulnerabilities.
Securing these modern IT environments requires a fresh approach that is an alternative to a traditional centralized security stack in the data center. SASE unifies networking and security services into a cloud-delivered service to provide comprehensive integrated security. Cisco offers an unmatched breadth of assets and expertise in networking and security for both on-premises and cloud deployments.
Cisco SD-WAN can deploy a complete security solution, either on-premises or with Cisco Umbrella cloud security. Enabling DIA with SD-WAN provides more efficient SaaS and internet connectivity but has security blind spots. Web-based attacks are a major source of threats. Cisco’s on-premises and cloud security provides strong protection against web-based attacks and delivers a complete set of features such as enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection. Implement segmentation across the entire network to isolate and protect critical assets (Figure 9). By choosing Cisco SD-WAN, you gain the ability to automate the right security in the right place, all from a single dashboard. It eliminates the cost and complexity of multiple standalone point products for a cloud-delivered, fully integrated solution.
Cisco SD-WAN built-in on-premises security or Cisco Umbrella cloud security
Whether you deploy your SD-WAN security on-premises or in the cloud, Cisco SD-WAN uses real-time threat intelligence from Cisco Talos®, the industry’s leading threat intelligence group, which provides comprehensive threat protection in real time for market-leading protection. After a few simple clicks in the dashboard (Figure 10), Cisco SD-WAN will harden your entire network from core to edge and cloud with security capabilities such as Cisco Secure Firewall, Cisco Umbrella Secure Internet Gateway, and Malware Defense. No other SD-WAN solution delivers this level of comprehensive routing and threat intelligence on a certified trustworthy infrastructure.
Only Cisco can deploy multilayered security across the network in an automated manner. As a result, end users — whether in the data center, in a branch, on the campus, or in a remote location — can enjoy protection from a multitude of security threats. Cisco SD-WAN makes comprehensive network security simple, protecting your business against data exfiltration and insider threats.
“We’ve never had application visibility like this before. This added security protects our staff from the ever-present threats on the internet.”
IT Director, Tamimi Markets
Setting up security policies in Cisco SD-WAN
Applications and users are more distributed than ever, and the internet has become the new enterprise WAN. As SD-WAN has evolved to connect users across multicloud, branch, data centers, and a hybrid workforce, enterprises and organizations are constantly challenged to deliver reliable connectivity, application experience, and security over networks and services they don’t own or directly control. Enterprises and organizations need a network analytics solution that provides enhanced visibility and insights to help them take control over such a dynamic environment.
Advances in telemetry and algorithms have transformed network analytics by offering enhanced visibility and improvement in operational efficiency. The Cisco® SD-WAN Analytics solution aggregates a large volume of telemetry data and correlates analytics to provide insights. A highly visualized and intuitive user interface addresses the traditional challenges associated with network analytics for an improved user experience. By aggregating large volumes of telemetry data, establishing historical benchmarks, and correlating analytics to provide actionable insights across the internet, cloud, and SaaS, Cisco SD-WAN Analytics transforms network operations from a reactive model to a highly proactive one.
The Cisco SD-WAN Analytics solution consists of two applications:
Cisco vAnalytics aggregates a large volume of telemetry data and correlates application performance with underlying networks for operational insights, in a highly visualized and simplified manner. vAnalytics enhances network visibility, establishes historical benchmarks, and expedites root-cause isolation, ultimately enabling enterprises to take the necessary corrective actions and total control of the user experience.
The integration of Cisco SD-WAN and ThousandEyes brings end-to-end visibility into application delivery and network performance beyond the traditional enterprise network boundaries. This integration provides the only SD-WAN solution with turnkey ThousandEyes vantage points, delivering an optimal application experience over any network. Enterprises and other organizations can expedite the deployment of ThousandEyes agents through vManage integration to quickly pinpoint the source of issues, get to resolution faster, and manage the performance of what matters.
“Cisco SD-WAN Security delivers simplicity and automation so that we can apply the right security controls where needed, when needed. We are very excited to bolster that solution with the Catalyst 8000 Edge Platform solution.”
Director of Product Management,
● Enhanced visibility: Extend visibility beyond the underlying SD-WAN fabric and into the internet, cloud, and SaaS.
● Operational insights: Correlate raw telemetry sources, establish historical benchmarks, and provide operational insights, thereby transforming network operations from a reactive model to a highly proactive one.
● Application experience: See detailed metrics and waterfalls showing the sequential fetching and loading of web components, so you can identify errors and bottlenecks and understand the impact on application performance.
● Faster resolution: Lower the Mean Time To Identification (MTTI) of issues with fast root-cause isolation.
● Efficient SLA management: Gain evidence to successfully escalate issues to providers and effectively manage Service-Level Agreements (SLAs).
● Improved user experience: Deploy highly visualized graphic capabilities that simplify analytics for an improved user experience.
● Reporting: Offer your CIO, CTO, and COO visual representation and analysis reports for offline review.
Cisco SD-WAN supports Unified Communications (UC) and SD-WAN within a single box (Figure 13). Unified communications integrate communication services, including voice, extension mobility and single number reach, instant messaging, presence information, and video conferencing, as well as other advanced features such as unified messaging with integrated voicemail, messaging, email, and faxing.
Integrated unified communications
Cisco is the only vendor to natively integrate analog, digital, and IP telephony interfaces directly into its Customer Premises Equipment (CPE).
Reduced OpEx and CapEx
Having both UC and SD-WAN within a single CPE device means lower support and licensing costs and eliminates the cost of the UC hardware.
VoIP solution investment protection
Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC and voice on Cisco edge devices helps ensure that investments in existing equipment can be leveraged, since they are supported in the cloud with Cisco SD-WAN.
Cisco vManage can orchestrate scalable and consistent UC configurations across the entire enterprise via templates, and policies can prioritize specific application links, with fallback capability in case of link failure or degradation.
Prevent internal and external IP phone outages using Cisco Unified Survivable Remote Site Telephony (SRST), enabling the edge device as the fallback IP PBX with access to the Public Switched Telephone Network (PSTN).
Cisco is the only vendor extensively partnering with colocation and SDCI partners for optimization with cloud applications (Cisco Webex®, Unified Communications Manager Cloud, and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.
Security and communication integrity
Cisco SD-WAN also integrates best-in-class security with cloud-based Cisco Umbrella or Cisco’s on-premises security portfolio, thereby ensuring the security and integrity of your network and unified communications.
Cisco offers the widest selection of platforms and appliances so that you can deploy SD-WAN anywhere (Figure 14). These industry-leading edge platforms combine innovative cloud networking capabilities with multilayer security support, hardware-accelerated encryption, and robust port flexibility to offer flexible, secure cloud connectivity in SD-WAN that scales. With Cisco SD-WAN, you can create the most comprehensive fabric possible, scaling your entire business into hybrid and multicloud environments with ease.
Cisco SD-WAN platform capabilities
Edge locations are at the forefront of digital transformation. These locations vary widely, from branch offices to restaurants, sports stadiums, and more. They’re united in requiring reliable security, connectivity, and application storage for IoT. Deploy Cisco SD-WAN on Catalyst 8500, 8300, and 8200 Series Edge Platforms or on Cisco 1100 Series Integrated Services Routers (ISRs) with a single image for Cisco IOS® XE. Cisco SD-WAN can also be deployed on SD-Branch solutions such as the Catalyst 8200 Series Edge uCPE and Cisco UCS® E-Series platforms using Network Functions Virtualization (NFV). In addition, you can even extend Cisco SD-WAN into adverse conditions, industrial facilities, vehicles, and factories with the Catalyst 1101, 1800, 8100, and 8300 industrial routers for mission-critical use cases. Catalyst industrial routers offer a ruggedized industrial form factor and simplified management with Cisco SDWAN on Cisco IOS XE.
Core locations are the backbone of any corporate WAN and include data centers and campuses. These locations have heavy traffic and require powerful aggregation throughput capabilities, resilient connectivity, and built-in security. Deploy Cisco SD-WAN at the core with the Catalyst 8500 Series Edge Platforms to connect your core to the SD-WAN fabric.
Simplify WAN management with Cisco SD-WAN Cloud OnRamp for Colocation. Deploy regional hub solutions on the Cisco Cloud Services Platform 5000, or connect SD-WAN with the Cisco Catalyst 8500 Series.
Cisco SD-WAN extends control and connectivity to cloud environments such as Amazon Web Services, Google Cloud, and Microsoft Azure. Deploy Cisco SD-WAN in cloud environments through the Cisco Catalyst 8000V Edge Software or the Cloud Services Router 1000V Series.
Cisco DNA Software for SD-WAN and Routing subscriptions are available in three subscription tiers. Subscriptions can be purchased either transactionally or as an enrollment in an Enterprise Agreement. Software licenses are portable across cloud and premises, are easy to upgrade across tiers, and include Software Support Service (SWSS) for the Cisco DNA Software stack.
Cisco DNA subscription tiers
● Cisco DNA Essentials for SD-WAN and Routing: Simplified management and security protection for the cost-conscious customer. Centralized, secure SD-WAN management for up to 4+1 VPNs. Optimized for cloud connectivity.
● Cisco DNA Advantage for SD-WAN and Routing: Advanced SD-WAN with enhanced security for feature-rich and valued branch deployment models. Unlimited SD-WAN segmentation, plus network and application assurance using WAN optimization and real-time analytics.
● Cisco DNA Premier for SD-WAN and Routing: Advanced SD-WAN security will mitigate the most sophisticated threats to your business. Cisco DNA Premier includes all the features of Cisco DNA Essentials and Advantage, plus adds Cisco Umbrella SIG Essentials licenses.
Cisco DNA licensing tiers
Cisco SD-WAN helps organizations connect any user to any application, with integrated capabilities for multicloud, security, unified communications, and application optimization — all on a SASE-enabled architecture. It delivers the following key technology differentiators:
● Multicloud access
● Goes beyond traditional SD-WAN
● Integrated security
● Integrated unified communications
● Enhanced network visibility with Cisco ThousandEyes and vAnalytics
● Multigigabit capability
● Robust and diversified platform
Cisco Services helps IT teams worldwide design, manage, and maintain some of the most sophisticated, secure, and intelligent platforms for digital business. Our innovation, expertise, and services quality, coupled with advanced analytics, automation, and security, help you bridge the talent gap, manage risk, deliver excellence, and stay ahead of the pace of change.
There’s no question that businesses undergoing digital transformation are seeing their IT architectures change — and the challenges are enormous. Choose Cisco SD-WAN for the latest in networking and security technology, built with the trust earned from a history of innovation. Visit https://cisco.com/go/sdwan today to learn more.
To view buying options and speak with a Cisco sales representative, visit https://www.cisco.com/c/en/us/about/contact-cisco.html.