Friday, 29 November 2019

Using the Cisco DNA Center SDK

Cisco DNA, Cisco Study Materials, Cisco Guides, Cisco Tutorial and Materials, Cisco Certifications

Background


What is a Software Development Kit (SDK)?  Put simply a set of tools, libraries and documentation to simplify interacting with a REST API.  I am super excited, as I know how much simpler it is going to make developing scripts for the Cisco DNA Center API.

The Cisco DNA Center SDK is written in python and provides a python library in PyPI and associated documentation.  PyPI is the official python package index, and simplifies installation of the library.

I am going to assume you are familiar with Cisco DNA Center API, so focus on installing and using the SDK.

Installing the Cisco DNA Center SDK


The SDK is available via PyPI, so all that is required is “pip install”

I would recommend using a virtual environment. This is optional, but means you do not require root access and helps keep different versions of python libraries separate.   Once created, it needs to be activated, using the “source” command.

If you logout and back in, activation needs to be repeated.

python3 -m venv env3
source env3/bin/activate

To install:

pip install dnacentersdk

You are now able to use the SDK.

Using the Cisco DNA Center SDK


This is super simple.  In the past, I needed  lots of python code to get an authentication token, then wrap GET/PUT/POST/DELETE  REST API calls.

Using the SDK is so simple, I am going to use the python REPL (the python interactive console).   To start it, simply type “python” on the command line

$ python
python 3.7.2 (default, Jan 13 2019, 12:50:15) 
[Clang 10.0.0 (clang-1000.11.45.5)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>

First create a connection to DNAC. Go into the REPL (above) and paste the following commands:

from dnacentersdk import api
dnac = api.DNACenterAPI(base_url='https://sandboxdnac2.cisco.com:443',
username='devnetuser',password='Cisco123!')

For this example, I am using the DevNet sandbox. If you want to use your own DNAC, just change the base URL and credentials. You might also require “verify=False” if you have a self signed certificate.

In the past this would have been complicated. I needed to get a token, and then make sure I used that token as a header for subsequent requests. This is all taken care of with the creation of the api.DNACenterAPI object.

Now, for the first API call. This call gets all of the network devices, and the for loop prints out the managementIP address. Note that an object is returned, rather than a json structure.

devices = dnac.devices.get_device_list()
for device in devices.response:
    print(device.managementIpAddress)

This shows all of the steps with their output

$ python
Python 3.7.2 (default, Jan 13 2019, 12:50:15) 
[Clang 10.0.0 (clang-1000.11.45.5)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from dnacentersdk import api
>>> dnac = api.DNACenterAPI(base_url='https://sandboxdnac2.cisco.com:443',
username='devnetuser',password='Cisco123!')
>>> devices = dnac.devices.get_device_list()
>>> for device in devices.response:
...     print(device.managementIpAddress)
... 
10.10.20.51
10.10.20.81
10.10.20.82
10.10.20.80
10.10.20.241
10.10.20.250
10.10.20.242
10.10.20.243
10.10.20.244
10.10.20.245
10.10.20.246
10.10.20.247
10.10.20.248
10.10.20.249
>>> 


Documentation


How do you know what methods are available to call? Official documentation is available https://dnacentersdk.readthedocs.io/en/latest/api/api.html

The API is structured around groupings of endpoints. For example, all of the endpoints for network-devices are under “devices”. In the example above, dnac.devices.get_device_list() returns all network-devices.

You can also take advantage of python’s introspection capabilities.

In the example above, a dir(dnac) will return all of the properties and methods for the dnac object. The ones of interest are highlighted

>>> dir(dnac)
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_session', 'access_token', 'authentication', 'base_url', 'clients', 'command_runner', 'custom_caller', 'devices', 'fabric_wired', 'file', 'network_discovery', 'networks', 'non_fabric_wireless', 'path_trace', 'pnp', 'session', 'single_request_timeout', 'site_profile', 'sites', 'swim', 'tag', 'task', 'template_programmer', 'verify', 'version', 'wait_on_rate_limit']

You can then use the help() function to get more information about the particular methods available. In the example below, help for dnac.devices will show a method of get_device_list() which returns all of devices in the inventory.

>>> help(dnac.devices)

Thursday, 28 November 2019

Why 20,000 Customers Trust Cisco for SD-WAN Solutions

For the past two years, I have been proud to work on bringing the next generation of SD-WAN technology to our customers. We’ve achieved great success, at significant scale. We’ve learned a lot along to way, as have our customers. It’s safe to say that adopting SD-WAN is important to them.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Certifications, Cisco SD-WAN, Cisco Learning

Today, we can disclose that over 20,000 customers trust Cisco for SD-WAN solutions across our Viptela and Meraki lines (as of Q1, FY2020). We have deployments across industries, and around the world.

Backbone of the Modern Enterprise


IDC research shows that almost 95% of the enterprises they surveyed expect to be using SD-WAN within 24 months. This tracks with our own metrics: As of August 2019, 70% of the Fortune 100 are using Cisco’s SD-WAN solutions.

Clearly, SD-WAN is a critical technology for businesses adopting cloud services. It is the common connective tissue between the campus, branch, IoT, data center, and cloud. It brings all the network domains together and delivers the outcomes business requires. It must align user and device policies, and provide assurance to meet application service-level agreements. It must deliver robust security to every device, and every cloud, that the enterprise’s data touches.

Every customer is looking for agility, but not at the expense of security, visibility, or control.

The transition to SD-WAN is accelerating, thanks to the pervasive adoption of cloud services. Today’s businesses are adopting clouds apps like Microsoft’s Office365 productivity suite and many other SaaS apps. Our surveys show our customers have, on average, 30 paid SaaS applications each. And that they are actually using many more: over 100 in several cases.

As our customers reach these levels of cloud usage, they quickly find that their WAN architectures must change, as well as their entire approach to security. Our customers need to maintain choice and control as their WAN stretches over networks that are outside their control.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Certifications, Cisco SD-WAN, Cisco Learning

Cisco SD-WAN offers simplicity, cost savings, scale, application performance, security, visibility, and investment protection.

To help them grapple with the different public clouds, SaaS apps, colocation facilities and the different types of connectivity available, customers are looking for a trusted advisor to help them navigate the maze of options. What they can’t accept are WAN solutions that require compromise, like getting better application experience, but at the expense of security.

Cisco provides the most secure cloud scale SD-WAN. It is part of our wider strategy to deliver multi-domain networking with an intent-based architecture.

Secure and Cloud-Scale – Why customers trust Cisco


The only way for Cisco to make the move to SD-WAN work is to listen to and collaborate with our customers and partners. We have been doing this for years and will continue to do so. It’s why we are, and will remain, the market leader.

For example, National Instruments was facing the need for drastically more bandwidth across its 88 sites. But the network team’s budget, and its reliance on existing networking links, wasn’t up to the challenge. Stopgap solutions were adding complexity and frustrating employees.

We partnered with National Instruments to bring their WAN under control, with Cisco SD-WAN powered by Viptela. National Instruments’ new network has 30 times the bandwidth of their previous solution, it’s easier to manage, and it’s less expensive to run.

As Luis Castillo, Global Network Team Manager for National Instruments said, “Having more bandwidth at our sites means that our WAN issues aren’t impacting business operations. Software updates that used to take eight hours to replicate across the network now take 10 minutes. We don’t have to bother with call admission control or limiting video quality or the other measures we had to take to deal with bandwidth constraints. We have been unbelievably impressed with the performance, reaching numbers we’ve never been able to before, while at the same time reducing costs like never before.” 

In Australia and New Zealand, the plumbing company Reece Group, with 5,000 employees over 600 branches, had embarked on a digital transformation. Peter Castle, a Network Administrator, told us the company wanted to provide an always-connected workplace, for all its staffers across all its locations.

Reece went with Cisco SD-WAN to be able to deploy new apps and features, bring up new locations quickly, and prioritize network traffic for cloud applications. Castle said that with Cisco SD-WAN, “My life as a network administrator is significantly easier. To deploy new configurations and policy changes across the entire network, what would have taken a very long time previously, touching many devices individually, now takes a matter of minutes.”

In banking, we’ve worked with customers like Associated Bank, Wisconsin’s largest bank. The institution has over 5,000 employees over more than 250 branches. After evaluating eight SD-WAN platforms for security, traffic management, scalability, and simplicity of operation, they installed the Meraki MX platform to meet their needs. Associated’s network architect Tim Larson says this solution saved the company over $500,000 annually while improving its average bandwidth to branches by 7,800%.

I’m  proud of what we were able to do for National Instruments, Reece Group, Associated Bank, and thousands more SD-WAN customers. Our portfolio is the broadest and the deepest in the industry, and we look forward to working with even more businesses who have their own unique needs.

Simplicity, cost savings, scale, application performance, security, visibility, and investment protection. Combined with our world-class partners and global support and services, we are delivering peace of mind while accelerating our customers’ cloud strategies.

Wednesday, 27 November 2019

AlgoSec Security Management Solution available on Cisco Global Price List

Today marks an important milestone for Cisco’s Data Center offerings to our customers with the unveiling of a new ACI technology ecosystem partner solution. We are pleased to announce availability of “AlgoSec Security Management Solution” on Cisco’s Global Price List.

Cisco Study Materials, Cisco Online Exam, Cisco Tutorial and Material, Cisco Guides

“AlgoSec Security Management solution (ASMS)” has delivered tremendous value to our joint customers across the world, with its ability to extend ACI’s policy-driven automation to security devices in the fabric, helping them automate policy enforcement for security devices in the fabric and ensure continuous compliance across multicloud ACI environments. To make it easier for our customers to procure that solution, we onboarded AlgoSec to Cisco Global Price List through Cisco DevNet Solutions Plus Program. Now Cisco’s direct and channel sales network can offer AlgoSec’s solution together with Cisco networking products as a single package. For details on AlgoSec solution orderability, check Cisco commerce.

What makes this solution compelling for you as a Cisco customer or a partner? Rapidly changing business needs and application connectivity requirements in modern data centers pose big challenges to ensuring compliance and security. With thousands of firewall rules across many different security devices, frequent changes, limited visibility and lack of trained security personnel , managing security policies manually is now impossible. This is where ASMS (AlgoSec Security Management Solution) comes in.

ASMS automates and orchestrates network security policy management, maps and migrate application connectivity, and proactively analyze risk to applications risk –  across any cloud and on-premise networks.

AlgoSec integrates with Cisco ACI to extend ACI’s Application centric policy- based automation to AlgoSec managed security devices across their data center, on its edges and in the cloud. AlgoSec Security Management Solution for ACI enables customers to ensure continuous compliance and automate the provisioning of security policies not just across the ACI fabric but also across multi-vendor security devices connected to ACI fabric, helping customers build secure data centers. The solution is based on Cisco APIC and ASMS integration to deliver a powerful multi-tenant, policy-driven, application-centric model for network security. Read Solution brief for details.

The AlgoSec Security Management Solution comprises three key components – AlgoSec Firewall Analyzer, AlgoSec Fireflow, and AlgoSec Application Connectivity Management.

Cisco Study Materials, Cisco Online Exam, Cisco Tutorial and Material, Cisco Guides

AlgoSec Firewall Analyzer (AFA) – Network Security Policy Analysis, auditing and compliance


AlgoSec Firewall Analyzer delivers visibility and analysis of complex network security policies across Cisco ACI, firewalls attached to ACI fabric and other upstream security devices. The solution automates and simplifies security operations including troubleshooting, auditing policy cleanup, risk and compliance analysis and audit preparations.

AlgoSec FireFlow (AFF) – Security Policy Change Automation


AlgoSec FireFlow helps you process security policy changes in a fraction of the time, so you can respond to business requirements with the agility they demand. FireFlow automates the entire security policy change process — from design and submission to proactive risk analysis, implementation, validation and auditing with the support for automated policy enforcement on Cisco ACI and multi-vendor security devices, including Cisco ASA & FTD, Check Point Software, Fortinet and Palo Alto Networks.

AlgoSec Application Connectivity Management: AlgoSec AppViz & AppChange


The AppViz (Application Visibility Add-On) add-on accelerates identification and mapping of all the network attributes and rules that support business-critical applications – making it easier for organizations to make changes to their applications across any on-premise and cloud platform, and to troubleshoot network and change management issues across the entire enterprise environment.

AlgoSec’s AppChange (Application Lifecycle Change Management Add-On) automatically translates and implements network security policy changes on all relevant devices across the entire network to reflect specific connectivity requirement for applications. This saves time for IT and security teams and eliminates manual errors and misconfigurations. AppChange addresses the critical issues of human error and configuration mistakes that are the biggest causes of network and application outages.

These components are offered as independent software licenses and bundles on Cisco’s Global Price List.

In summary, the AlgoSec Security Management Solution integrates with and complements Cisco ACI Anywhere, providing consistent security policy management and visibility across data centers and clouds.

Tuesday, 26 November 2019

Our focus on security in an open collaboration world

Cisco Study Materials, Cisco Certifications, Cisco Learning, Cisco Online Exam

Interoperability and openness should never be a trade-off with security, and our users shouldn’t believe they need to sacrifice one over the other. Interoperability and security can and should work in unison, and this requires today’s software companies to work with some basic norms on how we collectively secure our mutual customers.

Cisco has created a rich partner, developer, and integrator ecosystem so our customers have the flexibility and choice to super-charge their tools and workflows with our collaboration technologies, seamlessly.  We are serious about interoperability with the tools you love and use every day. Some examples of the work we have done in this regard include our native integrations with Google, Apple, Microsoft, Slack and more.

This flexibility, choice, and interoperability, however, must come with zero compromises on security and data integrity.

Unsupported collaboration integrations could lead to increased customer risk. Compatibility and security can be challenging, and that is why we will only support third-party collaboration vendors who meet our security standards and who integrate with our products and services through our supported open APIs.

Zoom Connector for Cisco Issue: Interop between Zoom and Cisco Video Devices


Cisco was notified of a serious security risk with the Zoom Connector for Cisco on October 31st, 2019 and followed our well-established process to investigate the issue. We believe Zoom had also been notified on October 31 or thereabouts.  On November 18th, our CISO notified Zoom’s CISO of our findings and advised immediate action to address all security risks. I am sharing the details of this issue as we are committed to transparency and to protecting our customers in the constantly evolving security landscape.

The Zoom Connector for Cisco, owned and operated by Zoom Video Communications, connects their cloud to a customers’ internal network and specifically a Cisco Endpoint/Video Device and its management interface.

What was the issue? Regrettably, the access (through a Zoom URL) for the Zoom Connector for Cisco hosted on zoom.us was accessible without authentication.

Issue details: Cisco Webex Devices can be managed through a web interface that provides management of configuration, status, logs, security and of integrations such as in-room controls and macros. The Zoom Connector for Cisco created a device specific URL hosted on the Zoom website for each endpoint configured in the connector. This URL provided access to the device’s web interface by using Zoom’s on-premises API Connector to modify the Cisco web pages so they could be accessed from the Zoom URL outside the customer’s network. Regrettably, this Zoom URL provided from their website was accessible without authentication. In addition, Zoom provided a landing page that copied Cisco’s landing page, including Cisco’s logo and brandings, misleading customers into believing they were on a Cisco webpage with Cisco security, rather than a publicly accessible URL.

Cisco Study Materials, Cisco Certifications, Cisco Learning, Cisco Online Exam

The Zoom Connector for Cisco created the following critical security risks:

1. The Zoom URL did not require credentials. Anyone with knowledge of the URL could access it from the public internet, allowing unauthenticated access to a Cisco Webex Device configured and managed through the Zoom Connector for Cisco. Once a person had the URL, they could reach the endpoint directly and control it, including creating a call from that endpoint to eavesdrop onto critical business meetings.

2. Zoom exposed Cisco Webex Devices to perpetual administrative exposure by placing itself between the user and the Cisco interface, modifying the Cisco webpage using unsupported methods through a Zoom URL, thereby bypassing all Cisco Security norms. The Zoom URL did not expire during our testing period. Even when the Zoom administrator changed their password, the Zoom URL managing the Cisco Webex Device lived on.

3. The Zoom URL link did not get revoked if the Zoom administration password was changed or upon deletion of a Zoom administrative user. Thus, an ex-employee would continue to have access to the devices through the firewall from the public internet, if they had the Zoom URL stored in their history.

On November 19th, 2019, Zoom released a “bug fix” that partially addressed the security issues and, after further communication from Cisco, provided an email with incomplete information on the security risks to their affected customers.

Our promise to our customers


At Cisco Webex, we live by secure, simple, and scalable principles. Over my decades in the software industry, I have learned that it is never acceptable to bypass security norms for the sake of convenience and simplicity. And when so much sensitive data is being shared through video conferencing, including the ability to use a device’s camera, security must be of utmost importance. That is the promise we at Cisco hold dearly for every one of our customers, and embodied by the steps we took for this issue:

1. We take every notification seriously, especially from our customers.

2. We engaged our Cisco Product Security Incident Response Team (PSIRT)and the Talos Security Intelligence and Research Group (Talos) to investigate this security risk. The Cisco PSIRT team is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information related to Cisco products and networks. Talos is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products. Cisco has well established practices for investigating and reporting security issues (https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html), and cooperates with industry in researching security issues.

3. As I noted previously, these findings were shared with Zoom on November 18th, 2019.

4. We all live in a heightened state of alert, ready to act proactively as and when notified. Each of us have, over the years, had our own issues and need to cooperate in the future for the sake of our mutual customers. We appreciate Zoom password-enabling these Zoom URLs starting November 19th, 2019. It is a good first step, but we need them to do more. We would like them to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.

Call to action


If you are a customer using the Zoom Connector for Cisco, please review your administrative logs and analyze the usage to see if there was any breach as a result of the implementation described here.

At present, the Zoom Connector for Cisco is not a Cisco supported solution that meets our standards of enterprise-grade security. Our supported solutions meet the standards our customers expect out of Cisco by using our well documented open APIs.

Monday, 25 November 2019

Everything you love about SD-WAN on vEdge, now on the ISR

Cisco Study Materials, Cisco Learning, Cisco Tutorial and Material, Cisco SD-WAN

Ever wish you could take the best of Cisco SD-WAN software and combine it with the best routing platform? Well, you’ll be pleased to know we’re introducing new models, the ISR 1100-4G and ISR 1100-6G, which run Viptela OS on ISR hardware. Now you get best-in-class SD-WAN with best-in-class hardware. All the SD-WAN features you’ve loved on vEdge devices are now available with the ISR 1000 Series.

The ISR 1100-4G and 1100-6G are feature-rich platforms with Cisco SD-WAN delivering WAN, security and multi-cloud capabilities. Viptela OS and Cisco SD-WAN’s vManage provide automated, network-wide deployment, configuration, monitoring, and troubleshooting as well as transport independence, network services, and endpoint flexibility. So, if you are looking to upgrade from the vEdge 100B or vEdge 1000 the ISR 1100-4G/6G provide a powerful replacement.

Cisco Study Materials, Cisco Learning, Cisco Tutorial and Material, Cisco SD-WAN

Give me the specs!

◉ Up to 4 built-in 10/100/1000 Ethernet ports for WAN or LAN with SFP support

◉ 4 GB DRAM, 8 GB bulk flash

◉ Dedicated control plane for service reliability, multicore data plane for higher performance

◉ Embedded device security with high platform reliability

◉ Fanless, compact form factor perfect for branch offices

What can you accomplish with the ISR 1100-4G/6G?


◉ Create a secure automated WAN – Using Cisco SD-WAN you can automatically provision and maintain secure connections across the WAN.

◉ Optimize application performance – Provide a consistent user and application quality of experience for optimal performance across any transport, location and cloud.

◉ Provide secure Direct Internet Access – Multi-layer cloud security delivers comprehensive protection against external and internal threats and provides your users with direct internet access. With Cisco SD-WAN you’ll get cost effective and secure access over the internet and secure access to business critical applications for remote sites.

◉ Simplify management and operations – A single, centralized user interface that is open and programmable gives you the ability to easily scale to thousands of sites.

Not only do the new ISR platforms provide full SD-WAN feature parity with Cisco vEdge devices, they also offer investment protection with the ability to switch to IOS XE SD-WAN in the future.

Sunday, 24 November 2019

Deep-dive into Cisco DNA Software Subscriptions for Switching

Cisco DNA, Cisco Tutorial and Material, Cisco Certifications, Cisco Learning

What is the structure?


Cisco DNA Software for Switching is divided into three tiers: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier. As you go up in tiers, the features and capabilities become more differentiated. When you attach a Cisco DNA software subscription to your switch, you will also get the bundled perpetual license: Network Essentials or Network Advantage. Network Essentials is bundled with Cisco DNA Essentials, like the name suggests. Network Advantage is bundled with Cisco DNA Advantage or Cisco DNA Premier.

Cisco DNA Essentials, the base tier, offers simplified management and base automation & monitoring, which you’d have access to on the Cisco DNA Center application. Cisco DNA Advantage offers policy-based and all other advanced automation and assurance capabilities, including SD-Access, although some of these capabilities and features do require an integration to Cisco Identity Services Engine (ISE), which is licensed by number of endpoints as well as an ISE instance (you can choose either a physical appliance or a virtual machine/VM). As a result, you can get full SD-Access capabilities in the Advantage level tier if you already have an ISE server and endpoint licenses in your network. If you do not have ISE in your network and want SD-Access, Cisco DNA Premier would offer the best value to get these ISE endpoint licenses, as well as Stealthwatch flow licenses for those who want to deploy Encrypted Traffic Analytics (ETA). With Cisco DNA Premier, all Cisco DNA use cases and required licenses are provided.

Why should I purchase a subscription for my switches?


Subscription matters because it gives you faster access to innovation with access to the latest features, and it gives you enhanced agility and better financial planning with license portability and a linear, predictable budget.

Now, with the bundled perpetual Network stack and DNA subscription licenses, you will get a lot more value for the same price. For those who were accustomed to purchasing LAN Base access switches, you can now get a next-generation Catalyst 9000 series switch with Network Essentials as well as a 3-year Cisco DNA Essentials subscription for less. For those who used to purchase IP Base or IP Services, you can get Network Advantage and a 3-year subscription to Cisco DNA Advantage for less. See the details below:

Cisco DNA, Cisco Tutorial and Material, Cisco Certifications, Cisco Learning

I purchased Cisco ONE, what about me?


For Cisco ONE customers, we have you covered for an easy transition to Cisco DNA Software subscriptions. When you renew your SWSS (software support service) contract, we will provide entitlement to Cisco DNA Software subscription at no additional cost. So, for the same term and price that you are paying for SWSS, we will include Cisco DNA Essentials or Cisco DNA Advantage subscription licenses. (Cisco ONE Foundation receives Cisco DNA Essentials, and Cisco ONE Advanced receives Cisco DNA Advantage).

What support do I get with the subscription?


With Cisco DNA subscription for switching, there is embedded software support that includes 24/7 TAC support, new software downloads, and knowledge base access. Please note that this support is for the Cisco DNA Subscription components only. All switches also come with E-LLW (Cisco Enhanced Limited Lifetime Warranty) which include the following:

◉ 90 days of Cisco TAC support; local business hours, 8×5
◉ Hardware replacement (next business day where available)
◉ Duration is lifespan of hardware product

For those who are looking for TAC support beyond 90 days on the network stack (Network Essentials/Advantage), you should purchase Solution Support or Smart Net Total Care on the switch, which covers both the hardware and the network stack.

Saturday, 23 November 2019

The Rise of Cisco SD-WAN

Cisco Study Materials, Cisco Certification, Cisco Tutorial and Material, Cisco Online Exam, Cisco SD-WAN

Today, many businesses are shifting from a centralized infrastructure to decentralized applications that run in many clouds. The workload is also shifting from the corporate data center to the edge to access a multicloud environment more efficiently. When you combine the increasing number of users, devices, and locations that need access to cloud applications, you end up with overwhelming IT complexity.

Cisco SD-WAN is a wide area network (WAN) that extends the principles of software-defined networking (SDN) into the WAN. This secure, cloud-scale architecture is designed to meet the complex needs of modern wide area networks and includes:

◉ A predictable application experience that can help improve user productivity by optimizing cloud and   on-premises application performance with real-time analytics, visibility, and control.

◉ Security to help protect users, devices, and applications that quickly deploys embedded or cloud security and threat intelligence.

◉ Simplicity at enterprise scale with a single user interface to make it easy to deploy SD-WAN and security while maintaining policy across thousands of sites.

◉ End-to-end visibility with Cisco vManage, which can quickly establish an overlay fabric to connect data centers, branches, campuses, and colocation facilities.

Optional vAnalytics, which identifies connectivity and contextual issues to determine optimal paths for users to get to their destination, regardless of their connectivity.

Cisco SD-WAN includes application-aware routing and application-aware policies that allow real-time policy enforcement for cloud and on-premises solutions. A recent survey showed that many IT organizations were able to bring unplanned outages down by 82% and their software updates now take 51% less time with Cisco SD-WAN.¹

Cisco SD-WAN solutions can help you decrease costs, increase profitability, improve operational efficiencies, provide better performance and integrate security. In a single overlay that extends to data center, cloud, and branch locations, Cisco SD-WAN optimizes software-as-a-service (SaaS) performance for Office 365, Salesforce, and other cloud-based applications. It also delivers seamless connectivity to the public cloud to simplify workflows for Amazon Web Services (AWS), and Azure.

Cisco Delivers a Secure, Intelligent Platform for Multicloud Access


Cisco Study Materials, Cisco Certification, Cisco Tutorial and Material, Cisco Online Exam, Cisco SD-WAN
In a multicloud environment, access from distributed branches can lead to challenges such as network management costs and complexity. For example, to deploy or maintain solutions at each branch, you may need to dispatch technicians. Having separate solutions and services at each branch can reduce security, and the geographic distance to many cloud applications can result in suboptimal performance.

Cisco SD-WAN helps you solve these challenges by consolidating regional branch locations into a co-location facility. With the Cisco SD-WAN Cloud onRamp for Colocation solution, you can:

◉ Aggregate your network services for SD-WAN or traditional routing by connecting branch offices to key regional locations and colocations

◉ Deploy secure virtualized network services automatically in minutes, on demand, with centralized policy management

◉ Maintain SLAs and improve user experiences because of proximity to multiple clouds

◉ Reduce transport costs by connecting to multiple clouds and colocation centers

◉ Decrease the need for trained IT professionals at each branch site without sacrificing security

With Cisco SD-WAN, enterprises can choose to deploy and manage Cisco SD-WAN themselves or work with any of our service provider partners who offer Cisco SD-WAN as a managed service.

Managed SD-WAN


With a managed SD-WAN solution, the service provider monitors and maintains the SD-WAN solution for you. The biggest benefit of managed services is that instead of spending time managing the SD-WAN connectivity, your IT resources are freed to perform other important tasks. By taking the managed service approach, you can:

◉ Take advantage of the expertise the service provider has in implementing and managing the SD-WAN infrastructure

◉ Recover the time your IT staff spends on running the business, so they can spend more time implementing IT strategy

◉ Potentially shift to an OpEx model from a purely CapEx model