Cisco Assesses The Top Enterprise SD-WAN Technology Drivers

Cisco this week celebrated the second anniversary of its purchase of SD-WAN vendor Viptela and reiterated its expectation that 2019 will see the technology change enterprise networks in major ways.

In a blog outlining trends in the SD-WAN world, Anand Oswal, Cisco senior vice president, engineering, in the company’s Enterprise Networking Business described how SD-WAN technology has changed the network for one of its customers,  test and measurement systems vendor National Instruments.

“The existing WAN greatly constrained video conferencing, slowed large software transfers, and couldn’t provide acceptable application performance,” Oswal wrote.  Implementing SD-WAN turned those issues around by:

• Reducing MPLS spending by 25% while increasing bandwidth by 3,075%
• Categorizing traffic by function and type, sending backup traffic over the Internet under an SLA, eliminating bandwidth bottleneck on MPLS circuits
• Reducing the time for software updates to replicate across the network from 8 hours to 10 minutes
• Adding new internet-based services used to take months, but with the agility of SD-WAN, new services can be deployed in the cloud immediately
• Eliminating the need for call -dmission controls and limiting video quality for conferencing

National Instruments’ bandwidth requirements were growing10 to 25 percent per year, overwhelming the budget, Luis Castillo, global network team manager told Cisco in a case study of the SD-WAN project. “Part of the problem was that these sites can have very different requirements. R&D shops need lots of bandwidth. One site may have a special customer that requires unique segmentation and security. Our contact centers need to support mission-critical voice services. All of that is dependent on the WAN, which means escalating complexity and constantly growing costs.”

After the shift to SD-WAN, the company no longer has 80 people with diverse IT workloads copeting for a sinlge 10-Mbit circuit, Castillo says.

It’s not just cost savings by supplementing or replacing MPLS with direct internet connections that is motivating the transition to software-defined WAN architecture, Oswal said.   “It’s also about gaining flexibility and stability with intelligent, continuously monitored connections to multicloud resources and SaaS applications that are fueling the current SD-WAN transition.”

In its most recent SD-WAN Infrastructure Forecast, IDC researchers talked about a number of other factors driving SD-WAN evolution.

“First, traditional enterprise WANs are increasingly not meeting the needs of today’s modern digital businesses, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage. Second, enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience,” said Rohit Mehra, vice president, Network Infrastructure at IDC. “Combined with the rapid embrace of SD-WAN by leading communications service providers globally, these trends continue to drive deployments of SD-WAN, providing enterprises with dynamic management of hybrid WAN connections and the ability to guarantee high levels of quality of service on a per-application basis.”

IDC also said that the SD-WAN infrastructure market continues to be highly competitive with sales increasing 64.9% in 2018 to $1.37 billion. IDC stated Cisco holds the largest share of the SD-WAN infrastructure market, with VMware coming in second followed by Silver Peak, Nokia-Nuage, and Riverbed.

IDC also recently wrote about how security is also a key driver in recent SD-WAN deployments.

“With SD-WAN, mission-critical traffic and assets can be partitioned and protected against vulnerabilities in other parts of the enterprise. This use case appears to be especially popular in verticals such as retail, healthcare, and financial,” IDC wrote.

“SD-WAN can also protect application traffic from threats within the enterprise and from outside by leveraging a full stack of security solutions included in SD-WAN such as next-gen firewalls, IPS, URL filtering, malware protection, and cloud security.

These security features can enable Layer 3-7 protection for WAN traffic regardless of where it’s headed – to the cloud or to the data center, IDC wrote.

Application traffic to the cloud straight from the branch can now be secured using an internet or cloud gateway, IDC wrote. Users, applications and their data at the branch edge can be protected by the stack of security solutions incorporated into the SD-WAN on-premises appliance, vCPE or router, which typically includes  next-gen firewall, intrusion protection, malware protection and URL filtering, IDC wrote.

Cisco most recently added support for its cloud-based security gateway – known as Umbrella – to its SD-WAN software offerings.  According to Cisco, Umbrella can provide the first line of defense against threats on the internet. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure and blocks requests to malicious destinations before a connection is even established — without adding latency for users. With Umbrella, customers can stop phishing and malware infections earlier, identify already infected devices faster and prevent data exfiltration, Cisco says.

The Umbrella announcement is on top of other recent SD-WAN security enhancements the company has made. In May Cisco added support for Advanced Malware Protection (AMP) to its million-plus ISR/ASR edge routers in an effort to reinforce branch- and core-network malware protection across the SD-WAN. AMP support is added to a menu of security features already included in Cisco’s SD-WAN software including support for URL filtering, Snort Intrusion Prevention, the ability to segment users across the WAN and embedded platform security, including the Cisco Trust Anchor module.

Last year Cisco added its Viptela SD-WAN technology to the IOS XE version 16.9.1 software that runs its core ISR/ASR routers.―Network World