Overview
Q. What is the Cisco SD-WAN solution?
A. Traditional Wide-Area Networks (WANs), in which the majority of branch office traffic flows within an enterprise’s intranet boundary, have been designed using Multiprotocol Label Switching (MPLS) for connectivity. However, new cloud applications such as Microsoft 365 and Salesforce.com, and public cloud services such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure are changing traffic patterns. Today, the majority of enterprise traffic flows to public clouds and the internet. This change creates new requirements for security, application performance, cloud connectivity, WAN management, and operations.
Cisco SD-WAN is a cloud-delivered overlay WAN architecture connecting branches to data center and multicloud environments through a single fabric. Cisco SD-WAN helps ensure a predictable user experience for applications; optimizes Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS) connections; and offers integrated security either on-premises or in the cloud. Its analytics capabilities deliver the visibility and insights necessary to isolate and resolve issues promptly and deliver intelligent data analysis for planning and what-if scenarios. Above all, Cisco SD-WAN is simple to operate. It offers:
● Predictable application experience: Increase user productivity by optimizing cloud and on-premises application performance with real-time analytics, visibility, and control.
● Right security, right place: Protect users, devices, and applications by deploying a cloud-delivered Secure Access Service Edge (SASE) or on-premises model, depending on the business requirements and compliance needs of the enterprise.
● Simplicity at enterprise scale: Centralize cloud management to make it easy to deploy SD-WAN and security while maintaining policy across thousands of sites.
Q. What problems does the Cisco SD-WAN solution help solve?
A. The Cisco SD-WAN solution solves many critical enterprise IT problems, including:
● Establishing a transport-independent WAN for lower cost and greater diversity
● Meeting Service-Level Agreements (SLAs) for business-critical and real-time applications on-premises and in the cloud
● Providing complete security from branch to SaaS and internet
● Enabling secure multicloud transformation for enterprises
● Providing centralized management, analytics, and policy across the global WAN
● Providing multitenancy for flexibility, security, and platform efficiency
Q. Who has deployed the Cisco SD-WAN solution?
A. Cisco has one of the most widely deployed enterprise-grade SD-WAN solutions in the industry, with large deployments in many sectors in both enterprise and managed service provider infrastructures. The solution is deployed across Fortune 2000 companies and in 70% of Fortune 100 enterprises, with thousands of production sites in every major industry, including healthcare, manufacturing, retail, energy, oil and gas, insurance, finance, government, logistics, distribution, and more.
Deploy and manage
Q. How do you manage and operate Cisco SD-WAN?
A. Cisco SD-WAN is a centrally managed, orchestrated, and operated solution with a cloud-hosted Cisco GUI management console and provisioning platform, SD-WAN controller, and orchestration layer at the heart of the solution.
Cisco SD-WAN controllers are the centralized brain of the solution; they implement policies and connectivity between SD-WAN branches. The centralized policy engine in Cisco controllers provides policy constructs to manipulate routing information, access control, segmentation, extranets, and service chaining.
The entire solution is managed with
Cisco vManage. vManage lets IT managers and network operators centrally automate the configuration, management, and operation of the entire SD-WAN fabric, all in a highly visualized and intuitive user experience.
vManage offers an enhanced visualized experience that lets network operators quickly deploy, manage, and automate the network and devices across the entire SD-WAN fabric. vManage includes:
● A highly visualized and intuitive interface for easy consumption
● Preconfigured templates that automate and expedite the deployment of most common use cases
● Guided step-by-step configuration designed to intelligently expedite onboarding of new devices
● A consistent user experience across Cisco solutions (Cisco DNA)
Q. How is Cisco SD-WAN deployed at branch offices and data center networks or regional hubs?
A. Branch office and regional data center hub sites can be deployed and connected using either virtual or physical secure routers.
Enterprise customers and service providers can gain rich services such as WAN optimization and firewall or basic WAN connectivity for physical or virtual platforms across the branch, WAN, or cloud as follows:
Physical
● Branch: Cisco IOS XE and Viptela OS-based devices
● Branch: Cisco Catalyst 8300 Series Edge Platforms and Cisco 1000, 1100, or 4000 Series Integrated Services Routers (ISRs)
● Branch, regional hub, or data center: Cisco Catalyst 8500 Series Edge Platforms and Cisco ASR 1000 Series Aggregation Services Routers (ASRs)
Virtual
● SD-Branch: Cisco 5000 Series Enterprise Network Compute System (ENCS) and Integrated Services Virtual Router (ISRv)
● Network hub, colocation facility, or data center: Cisco Cloud Services Platform 5000, Catalyst 8000V Edge Software, and Cloud Services Router (CSR) 1000V Series
Public cloud (IaaS)
● Amazon Web Services
● Microsoft Azure
● Google Cloud
Security
Q. What are the SD-WAN security features?
A. Cisco SD-WAN builds on the Secure Access Service Edge (SASE) architecture. WAN security and features today must be distributed, cloud-based, flexible, and agile. Cisco SD-WAN is the industry’s first fully integrated SASE offering that combines best-in-class SD-WAN with the cloud-based Cisco Umbrella or on-premises security portfolio. Both security architectures provide full protection for enterprises connecting to cloud and internet applications. These security features are:
● Enterprise firewall: Granular policy and control of thousands of applications
● Secure web gateway: Full protection against all kinds of web-based attacks, including Secure Sockets Layer (SSL) inspection
● DNS layer security and URL filtering: Stops threats at the earliest point, significantly reducing incidents
● Intrusion Prevention System (IPS): A built-in IPS within an on-premises enterprise firewall based on Snort and powered by Cisco Talos
● Cloud Access Security Broker (CASB): Protection against account compromises, breaches, and other major risks in the cloud application ecosystem
● Malware protection: An extended security feature across both on-premises and cloud security using Cisco Advanced Malware Protection (AMP) and Secure Malware Analytics to prevent and detect malicious files with sandboxing
Q. How is Cisco SD-WAN integrated with Cisco Umbrella cloud security?
A. Cisco SD-WAN provides complete integration with Cisco Umbrella cloud security. Using Cisco vManage, automatic registration and setup of tunnels to the Cisco Umbrella cloud can be executed within a few minutes, so that the enterprise is completely protected.
Q. Does Cisco SD-WAN support 3
rd party integration with other cloud security vendors?
A. Yes, Cisco SD-WAN supports 3rd party integration with widely popular cloud security providers such as – Zscaler, Netskope and Cloudflare. The integration with these vendors provides flexibility to enterprises and allows them to leverage the benefits of Cisco SD-WAN with a disaggregated SASE solution.
Q. Does Cisco SD-WAN support 3
rd party integration with security information and event management providers?
A. Yes, Cisco SD-WAN supports 3
rd party integration with Splunk which is a leading security information and event management provider to help users with a security dashboard. This dashboard captures vital data points and provides a holistic view of all security events in the network.
Q. Why does device and firmware security matter in Cisco SD-WAN?
A. Firmware attacks on infrastructure have increased in frequency, severity, and costs, not just for public entities but also for enterprises and small businesses. These attacks are quiet, pervasive, and devastating, like many of the latest and most notable hacks. Cisco SD-WAN edge platforms and routers provide an extra layer of security via an advanced Trust Anchor, so that you can remotely activate, change, and control your SD-WAN platforms while remaining secure.
Q. Does the Cisco SD-WAN solution support network segmentation, and what are the benefits?
A. Yes, the Cisco SD-WAN solution supports network microsegmentation and identity-based policy management across Cisco Software-Defined Access (SD-Access) and non-SD-Access branches. Microsegmentation provides secure logical isolation on the SD-WAN network, where each segment is defined as a separate VPN and controlled centrally by access control policies. Some of the benefits of segmentation include:
● Security is increased by isolating your network from outside attackers and creating secure separation within multiple application segments.
● Acquisitions can be integrated into the parent network and yet kept separate. Policies control what applications the acquired company can access.
● Guest Wi-Fi can be maintained on a separate, low-priority segment and offloaded onto the internet at the closest exit point.
● Business partners can each be defined in a separate segment or in a collective business-partner network segment. Polices control business partners’ access to data center applications.
● A single pane of glass helps organizations to avoid complex configurations and frequent policy changes that lead to uneven user experience, thereby increasing overall network efficiency and reliability.
Q. What are the SD-WAN security capabilities, and which platforms support SD-WAN security?
A. Cisco SD-WAN security capabilities include an application-aware enterprise firewall, intrusion prevention, DNS layer enforcement (Cisco Umbrella), and URL filtering. Cisco SD-WAN reduces complexity by having a single management interface (vManage) for both the network and security.
Platform support for SD-WAN security is shown in the following table.
Table 1. SD-WAN security highlights
| Platform |
Enterprise firewall |
Enterprise firewall application awareness |
IPS |
URL filtering |
AMP and Secure Malware Analytics |
Full cloud security with Cisco Umbrella |
| 1000 Series ISRs |
Yes |
Deep Packet Inspection (DPI) using Qosmos |
X |
X |
X |
Yes |
| CSR 1000V |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| Catalyst 8000V Edge Software |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| ISRv, 5000 Series ENCS |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| Catalyst 8300 Series |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| 4000 Series ISRs |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| 1111X-8P ISR |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| 1111-4P, 1111-8P, 1116-4P, and 1117-4P ISRs (1000 Series ISRs) |
Yes |
Yes |
X |
X |
X |
Yes |
| Catalyst 8500 Series |
Yes |
Yes |
X |
X |
X |
Yes |
| ASR 1000 Series |
Yes |
Yes |
X |
X |
X |
Yes |
Q. Can the Cisco SD-WAN solution provide insight into threats in encrypted traffic, without the need for decryption?
Q. Does Cisco SD-WAN support identity firewall capabilities?
A. Yes, vManage integration with the Cisco Identity Services Engine (ISE) applies policies based on identity within the SD-WAN network. ISE interfaces with external Active Directory (AD) to provide user identity mapping. It helps customers to configure access rules and security policies based on user names and user group names and classification of flows and enhances SD-WAN policies with identity information on edge routers so that customer intent can be addressed by employee identity and/or role across SD-WAN. It also helps customers address the security limitations associated with IP addresses/subnets, ports, Fully Qualified Domain Name (FQDN), geo locations, protocols, and applications and enables more fine-grained control with security policies based on user identity and user groups.
SD-WAN Analytics
Q. How does a lack of application visibility impact overall IT operations?
A. Applications and users are more distributed than ever, and the internet has become the new enterprise WAN. As SD-WAN has evolved to connect users across multicloud, branch, data center, and a hybrid workforce, enterprises and other organizations are constantly challenged to deliver reliable connectivity, application performance, and security over networks and services they don’t own or directly control.
Network teams often carry the burden of proving the network innocent when something goes wrong. Application issues might manifest as network issues. Service disruptions can lead to endless finger-pointing. The resulting cycles spent pinpointing the source of issues can lead to prolonged service interruptions that ultimately damage the revenue and reputation of the business. Enterprises and other organizations need a network analytics solution that provides enhanced visibility and insights to help them take control over such a dynamic environment.
Q. What is the Cisco SD-WAN Analytics solution?
A. Cisco SD-WAN Analytics aggregates a large volume of telemetry data and correlates analytics to provide predictive insights. A highly visualized and intuitive user interface addresses the traditional challenges associated with network analytics for an improved user experience. By aggregating large volumes of telemetry data, establishing historical benchmarks, and correlating analytics to provide proactive, actionable insights across the internet, cloud, and SaaS, Cisco SD-WAN Analytics transforms network operations from a reactive model to a highly proactive one.
The Cisco SD-WAN Analytics solution consists of Cisco ThousandEyes and Cisco vAnalytics.
Q. What is Cisco vAnalytics?
A. Cisco vAnalytics aggregates a large volume of telemetry data and correlates application performance with underlying networks for operational insights in a highly visualized and simplified manner. vAnalytics enhances network visibility, establishes historical benchmarks, and expedites root-cause isolation, ultimately enabling enterprises to take the necessary corrective actions and gain total control of the user experience.
Q. How is Cisco vAnalytics activated?
A. Cisco vAnalytics is included in Cisco DNA Advantage and Premier. Contact your Technical Assistance Center to activate Cisco vAnalytics.
Q. What is Cisco ThousandEyes?
A. Cisco ThousandEyes enables enterprises that are increasingly dependent on internet, cloud, and SaaS to see, understand, and improve digital experiences for customers, employees, and users. Its end-to-end visibility from any user to any application over any network enables enterprises to quickly pinpoint the source of issues, get to resolution faster, and measure and manage the performance of what matters.
ThousandEyes collects multilayer telemetry data from vantage points distributed throughout the internet, as well as in enterprise data centers and cloud, branch, and campus environments, providing detailed metrics on conditions between those vantage points and applications and services distributed throughout the globe. The result is insight into the application experience and underlying dependency, whether network, service, or application related.
Q. How is Cisco SD-WAN integrated with ThousandEyes?
A. Cisco SD-WAN is the only SD-WAN solution with turnkey ThousandEyes vantage points. This solution supports eligible routers from the Cisco Catalyst 8200, 8300, and 8500 Series Edge Platforms; Cisco 4000 and 1000 Series ISRs; and the Cisco ASR 1000 Series. Existing customers can expedite the deployment of ThousandEyes agents with the vManage integration and enable faster time to value for their IT operators.
Q. How is ThousandEyes ordered?
A. Customers can leverage an existing ThousandEyes subscription with eligible Cisco Catalyst 8200, 8300, and 8500 Series Edge Platforms and Cisco 4000 and 1000 Series ISRs, as well as Cisco ASR 1000 Series Aggregation Services Routers.
● Existing ThousandEyes customers can use their available ThousandEyes license and units toward new tests.
● New ThousandEyes customers will need to purchase a ThousandEyes license to activate the ThousandEyes agents.
Q. What is the difference between Cisco ThousandEyes and Cisco vAnalytics?
A. Cisco vAnalytics aggregates a large volume of telemetry data and correlates application performance with underlying networks for operational insights, in a highly visualized and simplified manner. Cisco ThousandEyes enables enhanced visibility beyond the traditional SD-WAN fabric into the internet, cloud, and SaaS to deliver an optimal application experience.
Q. Can Cisco vAnalytics provide enhanced visibility and insights for Microsoft 365 applications?
A. Yes, Cisco vAnalytics provides enhanced visibility and insights for Microsoft 365 informed network routing by providing visibility into network Quality of Experience (QoE) metrics and Microsoft telemetry metrics for each available path. Microsoft 365 path analytics provide visibility into which path is being used by Microsoft 365 traffic over a given period, enabling network operators to easily visualize the best path. This helps in monitoring the traffic and application experience and provides insights to make troubleshooting easier.
Q. Can SecOps teams leverage Cisco vAnalytics for security insights and visibility?
A. Cisco SD-WAN offers a SecOps persona on the vManage dashboard. This security-focused dashboard equips the SecOps team with security management, reporting, and deeper security insights. The creation of a default SecOps user group in vManage with the right level of access helps security teams scale faster, smarter, and more efficiently.
Q. How does the Cisco SD-WAN Analytics solution deliver greater application visibility?
A. Cisco SD-WAN Analytics enables greater visibility for IT operators to drive optimal digital experience across the internet, cloud, and SaaS. With this solution, you can:
● Gain enhanced visibility into the network underlay, including detailed path and performance metrics
● Measure and proactively monitor SD-WAN overlay performance and routing policy validation
● Determine the reachability and performance of SaaS and internally owned applications
● Establish network and application performance baselines across global regions before, during, and after deployment of SD-WAN to mitigate risk and establish and validate Key Performance Indicators (KPIs)
● Correlate raw telemetry sources, establish historical benchmarks, and provide operational insights, thereby transforming network operations from a reactive model to a highly predictive one
● Offer a seamless Microsoft 365 and Webex user experience via deeper analytics, path optimization, and policy automation.
● Deploy highly visualized graphic capabilities that simplify analytics for an improved user experience
● Offer your CIO, CTO, and COO visual representation and analysis reports for offline review
Q. What are the benefits of the Cisco SD-WAN Analytics solution?
A. With Cisco SD-WAN Analytics, IT managers can rapidly pinpoint the root cause of application and network disruptions, provide actionable insights, and accelerate resolution time.
● Lower Mean Time To Identification (MTTI) of issues: Provide transport path visualization with detailed metrics such as usage, availability, and granular flow information that expedite issue identification.
● Accelerate Mean Time to Repair (MTTR): Provide hop-by-hop analytics to quickly troubleshoot issues.
● Manage SLAs efficiently: Concrete proof to successfully escalate issues to providers and effectively manage Service-Level Agreements (SLAs).
Multicloud
Q. Can the Cisco SD-WAN solution provide automated connectivity and optimization for IaaS and SaaS platforms such as AWS, Microsoft Azure and Microsoft 365, Google Cloud, Salesforce.com, Webex by Cisco, etc.?
A. The Cisco SD-WAN fabric connects users at the branch through the internet, through interconnect providers, or even via colocation environments to applications in the cloud in a seamless, secure, and automated fashion. Cisco delivers this comprehensive capability for IaaS and SaaS applications with Cisco SD-WAN Cloud OnRamp, which is currently available with Cisco IOS XE SD-WAN or Viptela OS platform SD-WAN solutions.
With Cloud OnRamp, the Cisco SD-WAN fabric continuously measures the performance of a designated application through all permissible paths from a branch (MPLS, internet, 4G LTE, etc.). The SD-WAN fabric automatically makes real-time decisions to choose the best-performing path between the end users at a remote branch and the cloud application. Enterprises and service providers have the flexibility to deploy this capability in multiple ways and according to business needs and security requirements.
Q. Does Cisco SD-WAN support Software-Defined Cloud Interconnect (SDCI) or middle-mile connectivity?
A. Yes, with Cisco SD-WAN you can have fast, secure, and private network connectivity between your branches, datacenter, and the world’s leading cloud providers, from anywhere. Cisco SD-WAN’s middle-mile network optimization solutions offer anywhere to everywhere connectivity within minutes. Through centralized control with a choice of middle-mile providers, Cisco SD-WAN can connect users and workloads site-to-site, site-to-cloud, or cloud-to-cloud. Integrating a middle-mile provider’s private backbone with Cisco SD-WAN allows you to strengthen your security posture and maximize protection for users with complete end-to-end encryption and segmentation. Using Cisco’s SD-WAN vManage controller, you get full network stack automation and visibility to provision and orchestrate the entire network – simplifying your day-to-day operations.
Q. Can the Cisco SD-WAN solution provide end-to-end encryption of traffic traversing a third-party backbone?
A. Yes, Cisco SD-WAN Cloud Interconnect offers end-to-end encryption of traffic from the branch to the cloud through the Software-Defined Cloud Interconnect (SDCI) backbone of Megaport or Equinix. Cisco extends the SD-WAN fabric over the private underlay all the way into the cloud service provider by hosting virtual SD-WAN routers in transit Virtual Private Clouds (VPCs) and Virtual Networks (VNets).
This not only allows for end-to-end encryption for the branch-to-cloud traffic but also ensures that traffic is automatically steered to alternate paths for site-to-cloud traffic, whenever the primary underlay path is unavailable.
Hybrid work
Q. Does Cisco SD-WAN support a remote workforce?
A. The Cisco Remote Workforce Routing solution extends a uniformed enterprise SD-WAN to a home and remote workforce. Extensive cloud integration delivers a consistent and optimal application experience. The cloud-delivered SASE architecture provides unified security and compliance. Centralized management automates the deployment, configuration, and troubleshooting in an agile and scalable manner. The Cisco Remote Workforce Routing solution consists of the following flexible hardware and software solutions:
● Cisco 1131 Integrated Service Router (ISR): The ability to connect users reliably and securely across multicloud, branch, data center, and hybrid workforce has become a critical success factor to any organization. The 1131 ISR is the next iteration of ISRs, optimized for distributed small branches and a remote workforce with built-in Wi-Fi 6 and 5G support for enhanced SD-WAN connectivity.
● Cisco SD-WAN Remote Access (SD-WAN RA): Integrates remote access functionality into the SD-WAN fabric, thereby delivering all the benefits of Cisco SD-WAN to the remote workforce. Remote workers can simply leverage existing remote access clients (including Cisco AnyConnect, Windows, Apple OS native clients, and hardware-based routers to access the nearest Cisco SD-WAN edge device, regardless of their location and devices.
● Cisco Catalyst Wireless Gateway CG113 Series: A simple-to-deploy wireless router designed to empower the remote workforce to collaborate like never before. Flexible Wi-Fi 6 and cellular failover deliver a consistent application experience, with enterprise Wi-Fi connectivity and security extended to the remote workforce A centralized dashboard automates deployment and management in an agile manner. A small and silent form factor accelerates the transition to a hybrid workforce where and when it is needed.
Q. What are the key benefits and features of these routing solutions?
A. These solutions:
● Provide a consistent and optimized application experience with seamless connectivity to cloud and SaaS applications
● Automate the deployment, configuration, and management of hybrid work routing solutions with Cisco vManage
● Integrate a cloud-delivered SASE architecture for unified security policy and compliance across a hybrid workforce
● Enable adoption of scalable hardware or software endpoint options that accelerate the transition to hybrid work where and when they are needed, in a simple and agile manner
● Can leverage existing branch infrastructure, thereby lowering overall TCO while extending enterprise-grade SD-WAN in a flexible and distributed manner
● Provide end-to-end micro- and macrosegmentation
● Are based on a highly scalable and distributed architecture, eliminating single points of failure in the network
Positioning
Q. What is the difference between Cisco SD-WAN and Cisco Meraki SD-WAN?
A. Cisco SD-WAN can help your business no matter its size with a variety of deployment options. For lean IT operations, Cisco SD-WAN powered by Meraki is preferred, and for full-featured, sophisticated deployments, Cisco SD-WAN powered by Viptela is preferred.
● Lean IT: Deploy Cisco SD-WAN powered by the Meraki MX unified threat management hardware, and enjoy a unified, secure SD-WAN for businesses with lean IT teams.
● Branches and campuses: With both physical and virtual options, you can deploy Cisco SD-WAN on the Catalyst 8000V, CSR 1000V, Catalyst 8300 Series, 1000 and 4000 Series ISRs, or with Network Functions Virtualization (NFV) using Cisco SD-Branch with the ISRv on the 5000 Series ENCS and Cisco UCS E-Series platforms.
● Headquarters, data center, and colocation: With physical or virtual options, deploy Cisco SD-WAN on the Catalyst 8500 Series, the ASR 1000 Series, or with NFV and network hub solutions on the Cisco Cloud Services Platform 5000.
Ordering and licensing
Q. How is the Cisco SD-WAN solution ordered?
Q. How is the Cisco SD-WAN solution licensed?
A.
The Cisco SD-WAN solution license is called Cisco DNA Software for SD-WAN and Routing. Three levels of subscription licenses are available: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. Similar to the subscription offers for switching and wireless, these are nested SKUs and represent good, better, and best offers. For more information, see the
Cisco DNA Software for SD-WAN and Routing page
.
Q. Is a Cisco DNA license mandatory?
A. Cisco DNA Software is mandatory for the Catalyst 8000 Series Edge Platforms at the initial time of purchase of the hardware. An active Cisco DNA Software stack entitlement is mandatory for any SD-WAN deployment, regardless of device or platform.
Q. What are the Cisco DNA Subscription offers?
A. There are three Cisco DNA SD-WAN and Routing subscription offers to choose from. A subscription can be purchased either as an individual transaction or as an enrollment in a
Cisco Enterprise Agreement. Subscription licenses can be purchased for a 3- or 5-year term. Cisco DNA Advantage is also available in a 7-year term. Software licenses are portable across the cloud and premises, are easy to upgrade across tiers, and include Software Support Service (SWSS) for the Cisco DNA Software stack.
The following table describes the components in each Cisco DNA Software for SD-WAN and Routing subscription license.
Table 2. Licensing options
| Component |
Description |
| Cisco DNA Premier for SD-WAN and Routing |
Cisco DNA Premier for SD-WAN and Routing is an SD-WAN subscription package with advanced SD-WAN security to mitigate the most sophisticated threats to your business. This package contains all components from Cisco DNA Essentials for SD-WAN and Routing and Cisco DNA Advantage for SD-WAN and Routing as well as the following features:
● Cisco Umbrella SIG Essentials
● Cisco Secure Malware Analytics with Sandboxing
|
| Cisco DNA Advantage for SD-WAN and Routing |
Cisco DNA Advantage for SD-WAN and Routing delivers flexible connectivity, enhanced security for feature-rich and valued branch deployment models, and a robust application experience. This package includes all components from Cisco DNA Essentials for SD-WAN and Routing as well as the following features:
● Unlimited segmentation
● vAnalytics
● Advanced Cloud OnRamp for Multicloud and SaaS (all applications and telemetry)
● AppQoE
● Automated service switching for Cisco and third-party Virtual Network Functions (VNFs)
● vAnalytics
● Cisco DNA Assurance
|
| Cisco DNA Essentials for SD-WAN and Routing |
Cisco DNA Essentials for SD-WAN and Routing provides centralized and secure SD-WAN management and security protection for the cost-conscious customer. This package enables the following SD-WAN and traditional WAN features:
● Limited segmentation (four user VPNs, one management VPN)
● Full mesh topology
● Secure VPN overlay
● Application-aware routing
● Basic SLA-based policy engine
● Dynamic routing (IPv4/IPv6, Border Gateway Protocol [BGP], Open Shortest Path First [OSPF])
● Forward error correction
● Packet duplication
● TCP optimization
● Cisco Advanced Malware Protection (AMP)
● Snort-based Intrusion Prevention System (IPS)
● Cisco Umbrella DNS Monitoring and Application Discovery
|
Q. What is included in the Cisco DNA for SD-WAN and Routing software license?
A. Cisco DNA for SD-WAN and Routing subscriptions include a perpetual network stack license and a term-based Cisco DNA software stack license. After the subscription term expires, customers will retain the network stack entitlement; however, for any SD-WAN deployment, an active Cisco DNA software stack entitlement is mandatory.
Q. What are the entitlements of the perpetual network stack?
Q. What are the entitlements of the Cisco DNA subscription software stack?
A. The Cisco DNA subscription software stack provides entitlements for SD-WAN features (controller mode) including cloud-hosted vManage, vSmart, and vBond devices. For a complete listing of network stack entitlements, see the
Cisco DNA Software SD-WAN and Routing Matrices page.
Q. Are the Cisco DNA subscription licenses portable and able to be moved to another hardware platform?
A. Yes, the Cisco DNA software licenses can be moved across routing platforms, including 1000 and 4000 Series ISRs, Catalyst 8300 and 8500 Series, ASR 1000 Series, 5000 Series ENCS, and Cisco vEdge routers. With software portability you have investment protection for your licenses, regardless of which Cisco routing platform you choose now or upgrade to in the future. For more information, see the
Software License Portability Policy.
Multitenancy
Q. Does the Cisco SD-WAN solution support multitenancy?
A. Yes, a service provider can manage multiple customers, called tenants, from vManage running in multitenant mode. All tenants share a single vBond orchestrator. All tenants share the service provider’s domain name, with each tenant having a subdomain name to identify the tenant. For example, the service provider fruit.com might manage the tenant’s mango (mango.fruit.com) and plum (plum.fruit.com) domains. For each tenant, you configure one or more vSmart controllers and edge platforms in the same way that you configure these devices on a single-tenant vManage Network Management System (NMS). Enterprise customers may also choose to implement multitenancy to ensure separation and security of organizations and their data.
Scalability
Q. Can we divide the architecture of a single Cisco SD-WAN overlay network to increase the scalability?
A. Yes, Cisco SD-WAN Multi-Region Fabric (also called Hierarchical SD-WAN) provides the ability to easily divide a single Cisco SD-WAN overlay network into multiple regions and a central core-region network for managing interregional traffic. The SD-WAN Multi-Region Fabric architecture enables you to use different traffic transport service providers for each region, and for the central core-region network, to optimize cost and traffic performance. It also simplifies traffic configuration for some scenarios and provides a robust, adaptive topology that can help prevent routing failures in specific network scenarios. SD-WAN Multi-Region Fabric is a core enabler for WAN architectures involving a middle-mile WAN. It’s a foundational capability that underpins our journey to multicloud and SDCI. SD-WAN Multi-Region Fabric offers managed service providers and global enterprises the ability to enhance, scale up, and more importantly, simplify Cisco SD-WAN fabric across regions.
Q. Does Cloud OnRamp Multicloud for Interconnect Gateway (SDCI and cloud backbone) capability of Cisco SD-WAN support Multi-Region Fabric architecture?
A. Yes, CoR MC for Interconnect Gateway (SDCI and cloud backbone) capability of Cisco SD-WAN supports Multi-Region Fabric architecture. The Multi-Region Fabric architecture can be utilized to deploy SDCI-related Cisco SD-WAN infrastructure by using the CoR Multicloud Interconnect Gateway workflows on vManage. The capabilities within MRF architecture improve the user experience of the IT teams by enabling – simplified control policy configurations, automatic resolution of routing loop and blackhole scenarios and provide the ability to assign regions and roles to SD-WAN Edges deployed within SDCI infrastructure.
Q. Can the Cisco SD-WAN Multi-Region Fabric be segmented into multiple sub-regions?
A. Yes, Cisco SD-WAN Multi-Region Fabric supports dividing a given access region into multiple sub-regions and share BR(s) between these sub-regions, allowing for flexible BR redundancy and failover centric network designs. The introduction of sub-regions enables users to create sub-domains of full-mesh connectivity between branch sites within a region, such that devices in the same sub-region communicate directly.
Programmability
Q. Is Cisco’s SD-WAN solution programmable, and does it support APIs?
A. Yes, the Cisco SD-WAN solution is open and programmable, with open APIs. Cisco SD-WAN provides service providers and partners the opportunity to create new and unique services, including operational and business support systems. With Cisco SD-WAN you can access the available representational state transfer (REST) APIs, create API calls, obtain device and interface information using code, pass parameters and write applications, and work on innovative solutions.
As part of the SD-WAN developer resources and learning content, there are two additional resources that are great value-added services for developers:
● DevNet Ecosystem Exchange makes it easy to find and share an application or solution built for Cisco platforms. Business leaders and developers alike can use this online portal to discover partner solutions that span all Cisco platforms and products. Currently, this central repository for developers contains over 1300 solutions.
● DevNet Code Exchange gives developers a place to access and share software to quickly build next-generation applications and workflow integrations. It offers a curated list of sample code, adapters, tools, and Software Development Kits (SDKs) available on GitHub and written by Cisco and the DevNet community. Code Exchange spans Cisco’s entire portfolio and is organized according to Cisco platform and product areas.
Services and resources
Q. Are any services available to support my SD-WAN solution?
A. Regardless of where you are in your journey, Cisco Services offers a full lifecycle of services to support your transition. Our portfolio allows you to create a roadmap for success, speed deployment, and maximize network performance, security, uptime, and efficiency. Cisco experts will help you build your in-house IT expertise and effectively migrate and manage your SD-WAN solution to achieve high service levels at lower costs.
Learn more.
Q. Where can I find more information on Cisco SD-WAN?
Q. What voice and application optimization features does Cisco SD-WAN support?
A. Cisco has the only SD-WAN solution with full integrated unified communications support.
● For voice optimization, Cisco SD-WAN supports Forward Error Correction (FEC) and packet duplication.
● For internet optimization, Cisco SD-WAN supports TCP optimization.
● For on-premises applications, Cisco SD-WAN support SLA-based dynamic routing based on real-time network telemetry.
● For SaaS applications, Cisco provides dynamic routing based on cloud and internet telemetry