Cisco Secure Agile Exchange (SAE) Solution Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Secure Agile Exchange (SAE) Solution Guide

Chapter Title

Assess Infrastructure and Challenges

Results

Updated:
December 21, 2018

Chapter: Assess Infrastructure and Challenges

Assess Infrastructure and Challenges

Identifying repeatable connections patterns is foundational for orchestration–one of the key services that SAE provides. An enterprise would typically begin their SAE journey by assessing their existing traffic patterns. This acts as the basis of your service design.

Assess Infrastructure and Challenges

This document explains the various stages of SAE journey taking the example of an enterprise, Acme Corp.

About Acme Corp

Acme Corp is a multinational, financial enterprise with global presence. It currently has to bear the expenses of maintaining several global data centers as well as operational expenses of hosting some of its newer applications in cloud environments.

Where Acme is Today

Application Infrastructure

  • Acme currently maintains multiple global data centers where most of its applications are hosted.

  • Some of the newer applications are also hosted in Azure and AWS clouds.

  • Currently, its infrastructure is designed for maximum capacity, which lacks optimum utilization.

Application Consumers

Acme's application consumers are accessing the applications through MPLS and SD-WAN. Such application consumers can be categorized as follows:

  • Regional branches and extranet partners connecting over MPLS

  • Remote employees connecting through remote VPN

  • Partners connecting remotely through IPSec extranet as well as through the internet

Application Providers

Acme's application providers can be categorized as follows: existing private data centers, emerging cloud providers like Azure, and other SaaS providers on the internet.

How Traffic Flows Today

Challenges

Acme currently faces the following challenegs.

  • The cost of maintaining private data centers is very high.

  • The dedicated physical infrastructure and conventional methods of configuring operating systems and applications limit the speed of data centers to respond to new customers and services.

  • Currently, all traffic terminates into the data center before it can be rerouted appropriately. The security policies are applied in the data center and the traffic is hairpinned back through WAN to reach applications in SaaS and IaaS. This rerouting causes latency.

  • There is no visibility into end-to-end traffic flow, which leads to complexity in troubleshooting and workload analysis.

  • The infrastructure relies on manual configuration and maintenance, which is error-prone.

  • Any new connections and traffic flows require additional hardware such as routers and firewalls. This is not cost-effective at scale. It also limits the speed of responding to new customers and services.

Identify Connectivity Goals

After analyzing its existing traffic flow and the challenges associated with it, Acme Corp has identified the following goals to overcome its connectivity challenges.

  • Migrate to the new, next-generation, virtualized DMZ

  • Have a single physical network that provides the required logical connectivity to interconnect its different user groups to its applications

  • Scale out its network services as needed without having to invest in additional physical infrastructure

  • Apply policies uniformly and securely across different traffic flows

  • Have visibility into its traffic and network performance

How SAE can Help

SAE can enable Acme to meet their target by offering virtualization at scale, orchestration, and automation. The following image shows how Acme's traffic would look after adopting SAE.

How SAE Eases Traffic Flow

Once Acme deploys SAE, here is how its traffic flow would flow.

  • The traffic originating from various sources would terminate into SAE, which is hosted in a carrier-neutral facility or colocation facility.

  • The security policies would then be applied depending on the trust-level of the traffic source centrally within SAE.

  • The traffic will then move forward, through service chains formed by connecting VNFs, to its destination such as data centers, SaaS, IaaS, as the case maybe.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco