Data Centre


New appliances from Cisco aim to make branch SD-WAN easier

Optimised Office 365 performance also on cards

By Richard Chirgwin


Cisco has claimed to be "bringing intent-based networking into every domain", the latest being branch offices which need software-defined WAN capabilities and security.

The quote came from product management senior veep Sachin Gupta, who told El Reg the cloud has destroyed traditional notions of the "network edge", and while SD-WAN makes it easier to shift packets in the multi-cloud world, securing such environments involves too much heavy lifting.

"The cloud has a 'pretty fluid edge' that could be in your HQ, Branch, DC, cloud," Gupta told The Register. A business wants the same security everywhere, without destroying the amenity of its cloud services.

Three launches comprised the announcement: a couple of new appliances; Cisco Umbrella getting SD-WAN support; and SD-WAN support for Office 365; and all three are aligned with the company's intent-based networking strategy.

The appliances are the ISR 1111X-8P and the ISR 4461, both targeting branch deployment with integrated SD-WAN support, and available immediately.

The ISR 1111X-8P is a compact unit with Wi-Fi and LTE support, while the ISR 4661 targets the largest branches and integrates storage and compute.

Security includes integrated firewall, intrusion prevention, and URL filtering, with deployment simplified by Cisco Umbrella.

Gupta explained that someone trying to implement SD-WAN and security from different devices and interfaces lets themselves in for "a ton of actions" which are "costly and prone to error".

The SD-WAN capabilities follow the intent-based networking aim of compressing weeks of work into hours, with a single vManage interface for everything.

The same interface also lets the sysadmin bring all branch sites under Cisco Umbrella with a single action.

Gupta noted that system admin can happen either on-premises, or in the cloud.

The security capabilities don't require a separate licence, Gupta said, they're embedded into the three existing SD-WAN licence tiers.

It wouldn't be a 2018 Cisco announcement without open APIs and DevNet.

The APIs expose all Cisco SD-WAN capabilities, so third parties can have their application talking to the SD-WAN, and DevNet has new SD-WAN learning labs and sandboxes.

Integrated Office 365... but why?

Alongside appliances, security and cloudy admin, an Office 365 optimisation offering looks a little out of place, but Gupta said the Microsoft suite is the foundation of how most people spend their office day, and in cloud environments low performance hits productivity hard.

An end user might be accessing Office 365 via head office from a branch gateway, from the enterprise data centre, from a third-party colocation centre, or over 4G. "Customers will have multiple methods to connect to the cloud," he said.

To overcome this, the SD-WAN offers real-time monitoring of "all available paths to the Microsoft Office 365 cloud", and it uses Microsoft Office URLs to identify the closest cloud to the user.

"People expect the same performance as they get on their office desktop," Gupta said. The integration is designed to automatically take "the best path, the most reliable path, to get the best performance".

Of course, understanding the performance of different routes to a host is a Cisco core competence, but Gupta said the Office 365 integration goes beyond "ping host" and selecting optimal routes... and it goes beyond identifying and prioritising Office 365 traffic.

"I'm getting data from the application itself on how the application is performing," Gupta said, "so although Path A is faster, Path B has better latency, and that's what matters at the moment."

"Performance characteristics change on different circuits," he added. "Sometimes the shortest path is not the best." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw

That's how you pronounce 😾😾😾: A means to bury spyware deep inside pwned networking gear

Cisco waves swatter at ten new vulnerabilities

It's 2017, and UPnP is still a critical attack vector

Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs

Updated Oh no, these patches kinda blow, go go Switchzilla!

Cisco whispers the three little words to really get an ASR 9000 net admin's blood pumping: Remote unauthenticated access

Critical patch available now for those with vulnerable kit

The weekend starts here... right after you've installed these critical Cisco bug patches

Coding screwups for Prime Infrastructure and DNA Center admins to slurp up

SD-WAN admin? Your number came up in Cisco's latest bug list

Webex, security, IoT systems also need patches

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Better ban this gear from non-US core networks, right?

Check yo self before you HyperWreck yo self: Cisco fixes gimme-root holes in HyperFlex, plus more security bugs

Patches available now spread across more than a dozen advisories

NX-OS-hit! Got Cisco Nexus and MDS 9000 switches? Then you've got patching to do, too

Oof. Crop of vulns include remote code execution as root

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Who watches the watchers? Anybody who has the login