Data Centre


New appliances from Cisco aim to make branch SD-WAN easier

Optimised Office 365 performance also on cards

By Richard Chirgwin


Cisco has claimed to be "bringing intent-based networking into every domain", the latest being branch offices which need software-defined WAN capabilities and security.

The quote came from product management senior veep Sachin Gupta, who told El Reg the cloud has destroyed traditional notions of the "network edge", and while SD-WAN makes it easier to shift packets in the multi-cloud world, securing such environments involves too much heavy lifting.

"The cloud has a 'pretty fluid edge' that could be in your HQ, Branch, DC, cloud," Gupta told The Register. A business wants the same security everywhere, without destroying the amenity of its cloud services.

Three launches comprised the announcement: a couple of new appliances; Cisco Umbrella getting SD-WAN support; and SD-WAN support for Office 365; and all three are aligned with the company's intent-based networking strategy.

The appliances are the ISR 1111X-8P and the ISR 4461, both targeting branch deployment with integrated SD-WAN support, and available immediately.

The ISR 1111X-8P is a compact unit with Wi-Fi and LTE support, while the ISR 4661 targets the largest branches and integrates storage and compute.

Security includes integrated firewall, intrusion prevention, and URL filtering, with deployment simplified by Cisco Umbrella.

Gupta explained that someone trying to implement SD-WAN and security from different devices and interfaces lets themselves in for "a ton of actions" which are "costly and prone to error".

The SD-WAN capabilities follow the intent-based networking aim of compressing weeks of work into hours, with a single vManage interface for everything.

The same interface also lets the sysadmin bring all branch sites under Cisco Umbrella with a single action.

Gupta noted that system admin can happen either on-premises, or in the cloud.

The security capabilities don't require a separate licence, Gupta said, they're embedded into the three existing SD-WAN licence tiers.

It wouldn't be a 2018 Cisco announcement without open APIs and DevNet.

The APIs expose all Cisco SD-WAN capabilities, so third parties can have their application talking to the SD-WAN, and DevNet has new SD-WAN learning labs and sandboxes.

Integrated Office 365... but why?

Alongside appliances, security and cloudy admin, an Office 365 optimisation offering looks a little out of place, but Gupta said the Microsoft suite is the foundation of how most people spend their office day, and in cloud environments low performance hits productivity hard.

An end user might be accessing Office 365 via head office from a branch gateway, from the enterprise data centre, from a third-party colocation centre, or over 4G. "Customers will have multiple methods to connect to the cloud," he said.

To overcome this, the SD-WAN offers real-time monitoring of "all available paths to the Microsoft Office 365 cloud", and it uses Microsoft Office URLs to identify the closest cloud to the user.

"People expect the same performance as they get on their office desktop," Gupta said. The integration is designed to automatically take "the best path, the most reliable path, to get the best performance".

Of course, understanding the performance of different routes to a host is a Cisco core competence, but Gupta said the Office 365 integration goes beyond "ping host" and selecting optimal routes... and it goes beyond identifying and prioritising Office 365 traffic.

"I'm getting data from the application itself on how the application is performing," Gupta said, "so although Path A is faster, Path B has better latency, and that's what matters at the moment."

"Performance characteristics change on different circuits," he added. "Sometimes the shortest path is not the best." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cisco waves swatter at ten new vulnerabilities

It's 2017, and UPnP is still a critical attack vector

SD-WAN admin? Your number came up in Cisco's latest bug list

Webex, security, IoT systems also need patches

The weekend starts here... right after you've installed these critical Cisco bug patches

Coding screwups for Prime Infrastructure and DNA Center admins to slurp up

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Who watches the watchers? Anybody who has the login

M-M-M-MONSTER KILL: Cisco's bug-wranglers swat 29 in single week

Replace those end-of-life VPN devices, they won't be patched

Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software

Critical bugs patched in switches, messaging, analytics

We're two weeks into 2019, and an email can potentially knacker your Cisco message box – plus other bugs to fix

Process data, crash, restart, process data, crash, restart...

If at first you don't succeed, you may well be Cisco: WebEx patch needs its own patch

Updated Switchzilla has a second go at fixing videoconferencing app's 'I'm the captain, now' hole

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow

By design, though, not... er, general rubbishness

Telco IT admins on red alert as Cisco flings out patches for security holes in policy toolkit

Twenty-five bugs writhing on the netops floor this week