Cisco has broadened the scope of Cisco SD-WAN software by growing its reach and security, and expanding its support for deploying multi-region WAN fabric.
The idea behind the new features is to help manage the complexity and security of connecting to cloud resources from the edge of the network, said JP Shukla, director, product management, in Cisco’s Enterprise Cloud & SD-WAN group. “They want to connect these users as reliably and securely as these users would be in an office environment,” he said.
To aid that design, Cisco has added the ability to encrypt SD-WAN traffic whether it’s going across a private backbone or public networks. Cisco has partnered with so-called middle-mile providers such as Megaport to support encrypted traffic as it crosses their networks as part of the SD-WAN overlay network.
Until this point customers could encrypt traffic from the branch to the middle-mile providers, but not end-to-end, Shukla said. “We have added end-to-end encryption so that now customers going from their branch to cloud using these middle-mile solutions, all traffic will be encrypted,” he said.
The SD-WAN software can now create multiple regions within the overlay networks, with inter-regional traffic managed by Cisco SD-WAN’s vManage service for controlling, configuring, and monitoring Cisco devices in the overlays. The idea is to easily expand network resources and to upgrade software and policies across a scaled environment from a central location, Shukla said.
Cisco has also integrated vManage and its Identity Services Engine (ICE) that applies policies based on identity of users and devices, and enables configuring Zero Trust Network Access (ZTNA) policies based on usernames and user-group names, Shukla said. This feature supports fine-grained control of security policies, simplifies policy management, and improves operational efficiency by keeping policies consistent even when a device’s IP address changes, Shukula said.
Until now ISE could be used with vManage, but it was a manual operation; now it is automatically enabled, Shukla said.
Cisco has in recent years made it a priority to tie its SD-WAN software closer to key cloud players such as AWS, Google, and Microsoft. In this release the company added the ability to monitor and control application traffic generated from attached Microsoft 365 clouds. Now vAnalytics can monitor the performance of these cloud-attached resources.
“What we do is we get information from our SD-WAN routers in terms of circuit capacity, bandwidth, latency, jitter and other information from Microsoft 365,” Shukla said. “And we take this information, and we correlate it with our vAnalytics dashboard, so customers can see their application experience and automatically forward traffic over one link or another based on performance needs.”
New SD-WAN gateway hardware
The company also added a new Cisco Catalyst Wireless Gateway aimed at remote branch or home/hybrid workers. The gateway features Wi-Fi 6 support and LTE failover and can be managed via the Cisco SD-WAN dashboard.
“The idea for this platform is that the end user could have it in their home office or use it wherever they are traveling. They can plug in, and get connected to the SD-WAN fabric, and be subject to the same policies and security of the enterprise SD-WAN,” Shukla said.