The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cloud applications and distributed workforces are on the rise as enterprises adopt Software-as-a-Service (SaaS) applications, which can be accessed from anywhere in the world. According to a Gartner report1, 48% of employees are expected to work remotely post-pandemic and a hybrid workplace environment will be the new norm.
However, this transition in work environments and rising trend of migrating applications to the cloud has introduced new challenges for enterprises. The 2022 Global Networking Trends Report by Cisco 2021 found that 40% of enterprises view accommodating new applications as the biggest business challenge their network must face. The legacy WAN architecture that takes traffic from branches to data centers and then to the internet poses major problems in this new cloud paradigm, such as network path inefficiency, high costs due to expensive links, and application performance degradation caused by latency, all of which can degrade the user experience.
In such a scenario, the performance of any SaaS application is only as good as that of the underlying network, because these SaaS applications rely on fast, efficient, and secure network connectivity to provide a seamless experience to users. To address underlying network issues and optimize user connectivity to SaaS applications, Cisco Catalyst SD-WAN has developed a cloud networking solution called Cloud OnRamp for SaaS, which uses real-time path probing data to steer traffic over an optimal path for a seamless user-to-SaaS application performance. This solution supports top business-critical applications such as Webex by Cisco, Microsoft 365, Salesforce, Google Apps and many more.
Cisco SD-WAN Cloud OnRamp for SaaS continuously monitors all possible paths to the SaaS applications by sending probes and then, based on probe latency and loss, selecting the best possible path for routing the traffic, thereby helping ensure fast, efficient, and reliable connectivity (Figure 1). On Cisco Catalyst SD-WAN Manager, probe loss and latency values are used to calculate a Quality-of-Experience (QoE) score, which gives network administrators visibility into network path performance over a period of time, which they can use for troubleshooting and improving the user experience.
Cisco SD-WAN Cloud OnRamp for SaaS
Key benefits of Cloud OnRamp for SaaS include:
● Reliability: Dynamically route SaaS traffic to the best path, providing a fast, secure, and reliable end-user experience.
● Visibility: Gain real-time and historical visibility into application performance through QoE metrics.
● Automation: Automatically apply application-aware routing policies for direct branch connectivity to trusted applications.
Cloud OnRamp for SaaS supports top business productivity and collaboration applications like Webex, Microsoft 365, AWS, Google Apps, Salesforce, Dropbox, SAP Concur, Intuit, Box, Oracle, Zendesk, Zoho, SugarCRM and GoToMeeting. The solution also automates best path selection for custom and standard NBAR (Network Based Application Recognition) applications, allowing enterprises to enable Cloud OnRamp for SaaS capabilities with the application of their choice.
Additionally, Cloud OnRamp for SaaS has built deeper integrations with Webex and Microsoft 365 to further enhance the selection of best-performing path and provide an optimal user experience for these applications.
With Cloud OnRamp for SaaS with Webex by Cisco, Cisco Catalyst SD-WAN segregates Webex traffic from generic internet traffic and routes it via the best path from a branch router to deliver a seamless, consistent, and high-quality user experience (Figure 2). There are various Webex regions across the globe, which have responder endpoints that respond to probes from SD-WAN routers.
Cisco Catalyst SD-WAN router sends continuous probes to these Webex responders and calculates the QoE score based on the loss and latency values returned by probe results, which is then used to determine the best performing path. For seamless automation of the above mechanism, Cisco Catalyst SD-WAN Manager integrates with Webex using APIs to periodically fetch Webex region prefixes, responders’ details, and automatically update edge router configuration and policies appropriately.
With the Webex app experience feedback via telemetry, customers can visualize the app performance metrics such as loss, latency, jitter, resolution height, media-bitrate, framerate, and much more via the Webex 360 panel within the Cisco Catalyst SD-WAN Analytics dashboard. Webex telemetry also provides insights into application perspective via network KPIs such loss, latency, etc., offering a holistic view of network and application health. This feature also empowers IT teams and network admins of organizations to proactively identify and resolve network or application problems across their global offices, for an improved user experience.
Cloud OnRamp for SaaS with Webex
Cloud OnRamp for SaaS segregates Microsoft 365 traffic from generic internet traffic and uses path probing mechanism to identify the best performing path to route user traffic for Microsoft 365 Apps over that path. Microsoft 365 IP and URL categories separate and group their Apps into 3 categories (Optimize, Allow and Default) based on Apps endpoint sensitivity and network requirements to deliver an effective user experience. Cloud OnRamp for SaaS uses these URL categories to apply a different policy to Microsoft 365 Apps that belong to a particular category. With Microsoft 365 IP and URL categorization, network administrators have granularity and flexibility to define what Microsoft 365 endpoints are accessed over Direct Internet Access circuits and what endpoints are accessed via data center back-haul with security inspection.
Cloud OnRamp for SaaS is tightly integrated with Cisco Software-Defined Application Visibility and Control (SD-AVC). Cisco SD-AVC periodically fetches Microsoft 365 IP and URL categories (Optimize, Allow, and Default) using Microsoft 365 Web Service APIs. The application classification cache on SD-WAN routers is updated continuously by Cisco SD-AVC based on details fetched. This allows Network administrators to selectively enable Cloud OnRamp for SaaS optimization for specific Microsoft 365 IP and URL categories. For more details on IP and URL categorization, see details at aka.ms/IPURLBlog.
Additionally, Cloud OnRamp for SaaS is integrated with Microsoft 365 informed networking routing telemetry for Microsoft Exchange, Teams and SharePoint which provides deeper visibility into network and application performance. With Microsoft 365 informed network routing, Cloud OnRamp for SaaS receives Microsoft’s opinion score on network paths and uses this to improve its optimal path selection algorithm for Microsoft 365 traffic. The end-result is a seamless Microsoft 365 user experience via path optimization, deeper analytics, and policy automation. SD-WAN Analytics provides further visibility and insights for the Microsoft informed network routing through Path Analytics by delivering visibility into network Quality of Experience (QoE) metrics and Microsoft 365 telemetry metrics for each available path. This helps in monitoring and troubleshooting easily in case of user experience issues.
Cloud OnRamp for SaaS with Microsoft 365
The Cloud OnRamp for SaaS: Kubernetes integration reduces time to configure Cloud OnRamp for SaaS, enabling automation and optimization of traffic between Kubernetes applications and the SaaS they are consuming. The integration extracts pre-defined SaaS connectivity requirements from Kubernetes applications and automatically programs those into Cloud OnRamp for SaaS. Learn more about the integration with the Cloud OnRamp for SaaS: Kubernetes Integation white paper.
In some SD-WAN deployments, enterprises may choose to send user traffic destined to the internet to be routed via SIG providers such as Cisco Umbrella, Zscaler, and others so they can apply various security policies and inspect the user traffic.
For all such deployments, the Cloud OnRamp for SaaS integration with SIG solution enables continuous probing for SaaS applications via SIG tunnels to select the best-performing SIG tunnels to deliver optimal performance for SaaS applications. With this integration all the benefits of Cloud OnRamp for SaaS are now extended to deployments using Secure Internet Gateway providers. (Figure 4).
Cloud OnRamp for SaaS with Secure Internet Gateway (SIG)
With ease of automation, intelligent traffic routing, and greater visibility into network performance, Cisco SD-WAN Cloud OnRamp for SaaS empowers enterprises with unique capabilities to enhance the workforce productivity and network efficiency of their business, making SaaS easy from anywhere and everywhere.