Cisco announced on Monday new SD-WAN on-ramps that were designed to tie branch offices to private data centers by going through colocation facilities.
Cisco's SD-WAN Cloud onRamp for CoLocation is a blend of Cisco's hardware and software solutions that allows distributed enterprises, such as global organizations, to tie each branch office to enterprise data center databases.
The benefits include a shorter path between cloud-to-branch links while also improving on the connectivity between infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS) providers.
All of which sounded familiar to analyst Scott Raynovich.
“It looks like Cisco is creating regional POPs (points-of-presence) for SD-WAN, which has already been implemented for many years by SD-WAN players such as Aryaka, Cato Networks, and VeloCloud (VMware,)" said Raynovich, the founder and chief analyst of Futuriom. "Cisco is acknowledging that routing may increasingly happen in the cloud in the future.”
In addition to large global organizations, Cisco's Anand Oswal, senior vice president of engineering in Cisco's Enterprise Networking Business, wrote in a blog today that aggregating access to multi-cloud applications from multiple branches to regional CoLocation facilities could be a good fit for multi-national organizations that can't use direct internet connections to cloud and SaaS platforms due to security restrictions and international privacy regulations for sharing information across borders.
Another use case for Cisco's SD-WAN Cloud onRamp for CoLocation could include partners and vendors that are not using SD-WAN but still need connectivity to their customers' enterprise resources and applications without installing an SD-WAN device at each location.
Remote office workers also stand to benefit from it because they need low cost secure VPN connections to enterprise resources over direct internet links without first backhauling the traffic to a VPN firewall or central data center.
"With Cisco SD-WAN Cloud onRamp for CoLocation operating regionally, connections from colocation facilities to branches are set up and configured according to traffic loads (video vs web browsing vs email), SLAs (requirements for low latency/jitter), and quality of experience for optimizing cloud application performance," according to Oswal. "Each branch or private data center is equipped with a network interface that provides a secure tunnel to the regional colocation facility.
"In turn, the Cloud onRamp for CoLocation establishes secure tunnels to SaaS application platforms, multi-cloud platform services, and enterprise data centers. All traffic is securely routed through the Cloud onRamp for CoLocation stack which includes security features such as application-aware firewalls, URL-filtering, intrusion detection/prevention, DNS-layer security, and Advanced Malware Protection (AMP) Threat Grid, as well as other network services such as load-balancing and Wide Area Application Services."
OnRamp works with Cisco's SD-WAN vManage for centralized management of the SD-WAN fabric. The Cloud onRamp CoLocation feature also makes it easier to manage and deploy virtual network functions (VNFs) in a colocation facility.
The platform, which is based on Cisco's Viptela SD-WAN technologies, also uses Cisco's Catalyst 9500-40 switches to provide multi-gigabit backplane switching to the VNFs, redundancy, inbound and outbound WAN connectivity and access to the colocation management tools.
According to Oswal, all of the traffic is securely routed through the Cloud onRamp for CoLocation stack which includes security features such as application-aware firewalls, URL-filtering, intrusion detection/prevention, DNS-layer security, and Advanced Malware Protection (AMP) Threat Grid, as well as other network services such as load-balancing and wide area application services.
"With the SD-WAN functionality hosted in a colocation facility, ensuring that router appliances and software are original Cisco products and have not been tampered with at any stage of installation and operation is a critical consideration," according to Oswal. "That’s why Cisco embeds an encrypted Secure Unique Device Identifier (SUDI) in tamper-resistant silicon in SD-WAN router appliances. This foundational level of trust is complimented with VNF image signing, secure boot, and the Cisco Secure Development Lifecycle to ensure software and hardware are tamper-proof.
"With this built-in level of trust established, IT can remotely configure and manage Cisco Cloud onRamp for CoLocation installations from the other side of the world with confidence that the target Cisco hardware and software are original and uncorrupted."