Data Centre


New appliances from Cisco aim to make branch SD-WAN easier

Optimised Office 365 performance also on cards

8 Got Tips?

Cisco has claimed to be "bringing intent-based networking into every domain", the latest being branch offices which need software-defined WAN capabilities and security.

The quote came from product management senior veep Sachin Gupta, who told El Reg the cloud has destroyed traditional notions of the "network edge", and while SD-WAN makes it easier to shift packets in the multi-cloud world, securing such environments involves too much heavy lifting.

"The cloud has a 'pretty fluid edge' that could be in your HQ, Branch, DC, cloud," Gupta told The Register. A business wants the same security everywhere, without destroying the amenity of its cloud services.

Three launches comprised the announcement: a couple of new appliances; Cisco Umbrella getting SD-WAN support; and SD-WAN support for Office 365; and all three are aligned with the company's intent-based networking strategy.

The appliances are the ISR 1111X-8P and the ISR 4461, both targeting branch deployment with integrated SD-WAN support, and available immediately.

The ISR 1111X-8P is a compact unit with Wi-Fi and LTE support, while the ISR 4661 targets the largest branches and integrates storage and compute.

Security includes integrated firewall, intrusion prevention, and URL filtering, with deployment simplified by Cisco Umbrella.

Gupta explained that someone trying to implement SD-WAN and security from different devices and interfaces lets themselves in for "a ton of actions" which are "costly and prone to error".

The SD-WAN capabilities follow the intent-based networking aim of compressing weeks of work into hours, with a single vManage interface for everything.

The same interface also lets the sysadmin bring all branch sites under Cisco Umbrella with a single action.

Gupta noted that system admin can happen either on-premises, or in the cloud.

The security capabilities don't require a separate licence, Gupta said, they're embedded into the three existing SD-WAN licence tiers.

It wouldn't be a 2018 Cisco announcement without open APIs and DevNet.

The APIs expose all Cisco SD-WAN capabilities, so third parties can have their application talking to the SD-WAN, and DevNet has new SD-WAN learning labs and sandboxes.

Integrated Office 365... but why?

Alongside appliances, security and cloudy admin, an Office 365 optimisation offering looks a little out of place, but Gupta said the Microsoft suite is the foundation of how most people spend their office day, and in cloud environments low performance hits productivity hard.

An end user might be accessing Office 365 via head office from a branch gateway, from the enterprise data centre, from a third-party colocation centre, or over 4G. "Customers will have multiple methods to connect to the cloud," he said.

To overcome this, the SD-WAN offers real-time monitoring of "all available paths to the Microsoft Office 365 cloud", and it uses Microsoft Office URLs to identify the closest cloud to the user.

"People expect the same performance as they get on their office desktop," Gupta said. The integration is designed to automatically take "the best path, the most reliable path, to get the best performance".

Of course, understanding the performance of different routes to a host is a Cisco core competence, but Gupta said the Office 365 integration goes beyond "ping host" and selecting optimal routes... and it goes beyond identifying and prioritising Office 365 traffic.

"I'm getting data from the application itself on how the application is performing," Gupta said, "so although Path A is faster, Path B has better latency, and that's what matters at the moment."

"Performance characteristics change on different circuits," he added. "Sometimes the shortest path is not the best." ®

Sign up to our NewsletterGet IT in your inbox daily


Keep Reading

What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Switchzilla says remote networking gear has a grab-bag of holes

Life's certainties: Death, taxes, and Cisco patching more serious vulnerabilities

Switchzilla closes off 18 CVE-listed holes, get to work

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Cisco warns miscreants are crippling IOS XR network gear over the internet with memory black-holes. No patch yet

In brief Plus: Time to dump that old backdoored ZTE mobile hotspot

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

As for the rest, you're on your own

Cisco Webex bug allowed anyone to join a password-protected meeting

Patched vuln was 'in active use', firm reveals

Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them

Can't fix flaws if you don't look for them

Oh cool, more Cisco patches to apply. Happy Monday

In Brief Meanwhile, KDE desktops can be pwned by evil archives

Finally done with all those Patch Tuesday updates? Think again! Here's 33 Cisco bug fixes, with five criticals

And who's that in the background? Just Oracle and its *cough* 443 bugs

Tech Resources

Navigating the New Era of Cloud Computing

Hear from Steve Sibley, VP of Offering Management for IBM Power Systems about how IBM Power Systems can enable hybrid cloud environments that support “build once, deploy anywhere” options.

Simplifying Hybrid Cloud Flash Storage

According to industry analysts, a critical element for secure hybrid multicloud environments is the storage infrastructure.

Accelerate Your Journey to the Cloud

Increasingly, enterprises are looking to the cloud to run their core mission-critical systems and the cloud is often the primary platform for launching new applications.

Komprise: Unstructured Data Management

Komprise is a compelling data management platform that boasts an analytics-focused approach.