cisco sd-wan · sd-wan fabric corporate software users saas cloud security provider cisco sd-wan...
TRANSCRIPT
Maura Fuertes, Technical Solutions Architect
Román Vargas, Sales Specialist
May 2020
Connect any user to any application without compromiseCisco SD-WAN
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Previously, Connecting Users to Data Center was the Priority
Users
Data Center
Applications
WANBranch/Campus
Internet
Best Effort
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WAN
Today Applications are Moving to Multiple Clouds
DC/Private Cloud
SaaS
IaaS
Mobile Users
Campus & Branch Users
Devices & Things
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CampusX2-5
Branches X100+
Mobile Users
X1000s
Internet Connectivity Becomes Business Critical
More users, things and applications, everywhere
DC/Private Cloud
SaaS
IaaS
Inconsistent user experience
Increasing complexity
Exposure to cyber threats
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
To help, IT is deploying SD-WAN
Poor user experience –impact in employee productivity
Complexity and cost to introduce new services in the network (manual operation and changes)
Users demand for SaaS apps (shadow-IT)
Requirements to migrate workloads to the public cloud (AWS, Azure, …)
Need to set up new branches in a timely manner even in remote areas
Need for centralized management: Inventory, visibility, reporting, management,config changes, SW upgrades via GUI
SECURITY (segmentation, DIA, etc.)
IT Challenges:
SD-WAN
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Cloud Scale SD-WAN Architecture
Internet5G/LTE
MPLS
Branch Security
Application Quality of Experience
Cloud Security
Voice and Collaboration
On-premise | Cloud | Multi-tenant
Automation | Network Insights | Analytics
vManage
Cloud OnRamp
Any Deployment
Any Service
Any Transport
Any Location
Satellite
Branch Colocation Cloud
Open | Programmable | Scalable
AW S
G C P
Azu re
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Cases – Cloud Integration
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why Backhauling Impacts Application Performance
Branch/CampusData Center
SD-WAN Fabric
CorporateSoftware Users
SaaS
Cloud SecurityProvider
A single path for all mission critical business applications
Single Path to Internet
• Datacenter
• Colocation provider
• Cloud security provider
ColocationProvider
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Branch/CampusData Center
SD-WAN Fabric
CorporateSoftware Users
SaaS
Cloud SecurityProvider
CiscoSD-WAN
ColocationProvider
Increased reliability and utilization of best path for SaaS applications
SaaS Optimization
Optimization via Multipath
Up to 40% faster Office 365
Performance
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Branch/CampusData Center
Improving Application Experience
Capabilities
• Application SLA
• TCP Optimization
• Forward Error Correction
• Packet Duplication
InternetIaaS/SaaS
Internet
MPLS
Pa
rity1 2
344
OptimizedTCP Connection
Path1: 10ms, 0% lossPath2: 200ms, 3% lossPath3: 140ms, 1% loss
Internet
MPLS
4G LTE
AppA
App Aware Routing PolicyApp A path must have
latency <150ms & loss <2%
Path 2
1
FEC Header
2
FEC Header
P
FEC Header
4
FEC Header
3
FEC Header
Internet
(Secondary)
MPLS
(Primary)
43
21
43
21
42
1
43
21
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Extended SD-WAN to IaaS
Internet connectionto IaaS cloud
VPC VNet
VPC
VPC
VPC VNet
VNet
VNet
SD-WAN Fabric
Branch
TransitHub
vManage
Connect to IaaS cloudvia co-location
VPC VNet
VPC
VPC
VPC VNet
VNet
VNet
SD-WAN Fabric
Branch
TransitHub
vManage
Cloud onRamp to IaaS
• Cisco WAN Edges deployed in a Transit Hub, acting as virtual aggregation routers
• Partial extension of SD-WAN Fabric
• Automated deployment process with vManage
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Branch/CampusData Center
SD-WAN Fabric
CorporateSoftware Users
How SD-WAN exposes new security challenges
Internal & External Threats
External
• Exposure to malware & phishing due to direct internet and cloud access
• Data breaches
• Guest access liability
Internal
• Untrusted access (malicious insider)
• Compliance (PCI, HIPPA, GDPR)
• Lateral movements (breach propagation)
BA
SIC
/NO
S
EC
UR
ITY
NO SECURITY
InternetIaaS/SaaS
Existing Security Stack in DMZWAN Edge Device
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deploying Cisco SD-WAN Security
Branch/CampusData Center
SD-WAN Fabric
CorporateSoftware Users
InternetIaaS/SaaS
Single Management Console
Full Edge Security Stack
On-Prem Security
Mitigate Internal & External Threats
CloudSecurity
Mitigate External Threats at Scale
• Enterprise firewall and intrusion prevention embedded for internal threats plus URL filtering and malware sandboxing for external threats
• End-to-end segmentation to stop breach propagation, enforce regulatory compliance, and promote network (and application) layer security
• Zero-trust authentication and full payload encryption between edge routers
• Integrated connectivity and cloud-delivered security with 100% business uptime
• Secure Internet Gateway protects users and devices and protects data sent to and from the cloud
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise Firewall+1400 layer 7 apps classified
Intrusion Protection SystemMost widely deployed IPS engine in the world
URL-FilteringWeb reputation score using 82+ web categories
Simplified Cloud SecurityEasy Deployment for Cisco Umbrella
Cisco SD-WAN
Cisco Security
Hours instead of weeks and months
Combining Best of Breed in Security and SD-WAN
Adv. Malware ProtectionWith File Reputation and Sandboxing
(ThreatGrid)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Segmentation across the Stack
VPN1UC
VPN2Finance
End-to-end segmentation across public and private Data Centers
VPN3HR
VPN1UC
VPN2Finance
GatewayVPC VPN2
VPN3
Finance Resources
HR Resources
VPC
VPCHR
Finance
UC Data Center
VPN3HR
Resources
HR
Finance
SD-WAN
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How is SD-WAN Threat Defense Delivered?
Internet
Branch
VPN FW URLF AMPIPS
Internet
Branch
VPN FW URLF AMPIPS
Internet
Branch 1 Branch 2
Reg ional Hub
VPN FW URLF AMPIPS
Internet
Branch 1 Branch 2
Cisco Umbrella
Integrated Dedicated Service Chaining Cloud Delivered
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How is Security Delivered?
Internet
Branch 1 Branch 2
Cisco Umbrella
Cloud Delivered
Internet
Branch 1
Cisco Umbrella
Cloud Delivered
Branch to internet Roaming to internetInside Branch
Internet
Branch 1
Cisco Umbrella
Integrated+
Cloud Delivered
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialEasiest way to protect all of your users and endpoints in minutes
ANY DEVICE ON NETWORK
ROAMING / MOBILE
BRANCH OFFICES
• Safe DNS
• Content control
• Application control
• Advanced web content control
• Advanced web application control
• L3/L4/L7 Firewalling
• Data at rest control
wwwCASB
DNSControls
CloudNGFW
www
CloudProxy
53 80-.443
Umbrella
Cisco UmbrellaSASE
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN Management
Single Monitoring Dashboard
• Configuration: OnRamp, Security, Devices, Policies, Templates
• Lifecycle management
• Role based access/Multi-tenant
One management dashboard for branch, co-location, cloud and Security
Cisco vManage
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN Analytics
Real-Time Information
• Future planning and what-if scenarios
• Recommendations for predictable app performance
• Benchmarking
Cisco vAnalytics
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Umbrella Management
Cisco Umbrella
DEMO
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
v
Why Cisco SD-WAN?
*Gartner Critical Capabilities for WAN Edge Infrastructure, December 2018
Right Security, Right PlaceProtect all users, devices and applications by deploying the right security, on-premise and cloud delivered, in the right place, quickly.
Simplicity at Enterprise ScaleDelivering Intent-based Networking with best of breed technologies across every domain with consistent policy and assurance integration
Predictable Application ExperienceNo matter where your applications are hosted Cisco SD-WAN delivers the best user experience, securely across any cloud.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Learn more about improving Office 365 connectivity with Cisco SD-WAN: https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white_paper-c11-741353.html
https://www.cisco.com/c/es_es/products/security/cloud-security/umbrella-sd-wan.html
Additional Resources: www.cisco.com/go/sdwan
Contact your channel partner or Cisco sales team for more information
Learn More