Tuesday, 18 January 2022

Cisco Nexus Dashboard Orchestrator (NDO): The maestro of the network

Orchestrate your multi-fabric and multicloud network simply

In any symphony you need a good maestro to help orchestrate all the different instruments to produce a harmonious sound.  Everything must be in time and to the beat.   It is the same with your networks.  When running multiple fabrics both on premise, private clouds or public clouds, you need a maestro or orchestrator as well that can be automated and help manage the network and security policies across vast landscapes.

Since it’s early days, Cisco’s Nexus Dashboard Orchestrator (NDO) has been that maestro, allowing network administrators, engineers and cloud operators work together harmoniously to provide a fast, safe and agile network.  We have new versions of NDO, release 3.5 and release 3.6 which will help you build your network capabilities, provide greater ease of use and enhance your security across multiple network fabrics.

What is Cisco NDO

NDO provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single pane of glass while allowing the data center to go wherever the data is.

NDO allows you to interconnect separate Cisco® Application Centric Infrastructure (Cisco ACI®) sites, Cisco Cloud ACI sites, and Cisco Nexus Dashboard Fabric Controller (NDFC) sites, each managed by its own controller (APIC cluster, NDFC cluster, or Cloud APIC instances in a public cloud). The on-premises sites can be extended to different public clouds for hybrid-cloud deployments while cloud-first installations can be extended to multi-cloud deployments without on-premises sites. In addition, Nexus Dashboard Orchestrator can be deployed through the Cisco Nexus® Dashboard, which provides a single automation platform to access the data center network’s operational services and tools.

The single-pane network interconnect policy management and the consistent network workload and segmentation policy provided by NDO allows monitoring the health of the interconnected fabrics, enforcement of segmentation and security policies, and performance of all tasks required to define tenant intersite policies in multiple sites through an easy to manage user interface.

Cisco Nexus Dashboard Orchestrator (NDO), Cisco Exam Prep, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation, Cisco Skills, Cisco Jobs

What’s New?


NDO is always evolving to meet the needs of the ever-growing hybrid cloud world.  So, what is new now?   Recently Cisco launched NDO release 3.5 and 3.6 which incorporates several enhancements to help orchestrate consistent networks across multi-fabric and multicoud environments.

Key NDO 3.5 Enhancements: 

  • BGP for underlay peering with ISN –
  • This provides support peering spines with the ISN devices using BGP adjacencies.  It simplifies ISN connectivity using BGP only.
  • External connectivity from Cloud Sites
  • This allows you to establish external connectivity between Cloud CSRs and external devices with IPsec & BGP, which provides access to cloud resources from external networks (Branch, Campus, Co-lo, Internet)
  • Show DCNM object fault info from all sites
  • Scalability improvement of 12 DCNM sites

Key NDO 3.6 Enhancements: 

  • Configuration drift reconciliation workflow for APIC and NDFC provides:
    • NDO workflow that synchronizes and merges any policy config discrepancies/changes made in APIC or NDFC level.
    • Ease of Use Improvements
    • Scalable static port binding with leaf/port range provisioning
    • Bulk update workflow for template objects
  • NDO Cloud Enhancements allows:
    • Google Cloud connectivity
    • Multi-cloud inter-site connectivity between AWS, Azure, and Google Cloud Sites
    • Partial mesh EVPN-VXLAN connectivity between on premises and AWS and Azure cloud sites
    • Workload connectivity for multicloud without policy
    • Proxy support for cloud sites
  • SD-Access Campus (DNAC) and ACI Integration – Macro-Segmentation includes automating:
    • Connectivity of Campus VN to access DC VRF
    • Internet access for Campus VNs through ACI
    • Visibility of VN-VRF extension and connectivity status
    • NDFC 12.0(2) support

With all these updates customers can continue to enjoy simple orchestration across hybrid cloud environments all through the single interface of the Nexus Dashboard.

Source: cisco.com

Saturday, 15 January 2022

300-515 SPVI | CCNP Service Provider | Syllabus | Questions | Exam Info | All You Need to Know

 

Cisco CCNP Service Provider Exam Description:

The Implementing Cisco Service Provider VPN Services v1.0 (SPVI 300-515) exam is a 90-minute exam associated with the CCNP Service Provider and Cisco Certified Specialist - Service Provider VPN Services Implementation certifications. This exam tests a candidate's knowledge of implementing service provider VPN services, including Layer 2, Layer 3, and IPv6. The course, Implementing Cisco Service Provider VPN Services, helps candidates to prepare for this exam.

Cisco 300-515 SPVI Exam Overview:

Related Articles:-

Attaining Business Resiliency with Cisco Nexus Dashboard Insights

Identifying and Resolving Issues

IT teams require end-to-end visibility to ensure business critical applications are accessible and running effectively. But they often struggle with siloed processes and juggling multiple tool-sets to manage and monitor the network. They also need to ensure the network configuration is compliant with the established business intent. Cisco just released Nexus Dashboard 2.1.2 and Nexus Dashboard Insights 6.0.2 that addresses these issues and enables IT to identify and quickly resolve issues that ultimately enhance workforce productivity and efficiency.

It is often difficult to understand where issues lie in the network. Is it the physical devices, the endpoints, the applications, or the configurations—or possibly something else? Having this lack of knowledge increases the troubleshooting complexity as well as the time it takes to locate pain points.

Nexus Dashboard Insights 6.0 brings innovative One-Click Remediation, with which IT can identify issues in a single dashboard and resolve them with—literally—the click of a button. For example, as shown in the following screenshot, there is an anomaly with an access-entity profile that’s not associated to any of the domains. This issue will have a major impact into the network and applications for the workforce.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

To fix this type of problem, NetOps needs to login to the Cisco Application Policy Infrastructure Controller (APIC) and check the application profiles, domains, and cross-check numerous places to make sure it won’t impact any other connections. However, the new One-Click Remediation feature provides NetOps with a diagnostic report and a “fix button” that will immediately resolve the issue. This dramatically reduces the amount of time and steps to identify and resolve an issue.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

IT also needs to support business-critical applications by ensuring they are compliant with business intent and security policies. The new Compliance and Pre-Change Analysis features in Cisco Nexus Dashboard Insights provides a proactive approach to ensure configurations are properly setup to ensure applications are meeting the company’s business intent.

For example, a company may have a standard policy to prevent traffic from an internal server to the Internet. IT can create an applicable compliance requirement (shown in screen below) to be notified if the server begins communicating with the internet.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

If there is a traffic between the internal server and the internet, then IT will receive a CRITICAL traffic restriction violation based on the compliance policy. IT can then analyze the anomaly to see what configuration is incorrectly allowing the traffic flow. In this example there is a contract allowing the traffic between the internal server and the internet. The new compliance feature enables IT to be proactive and identify issues before they start becoming a threat.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

As part of Nexus Dashboard Insights new features, the Pre-Change Analysis enables IT to fix this specific traffic violation issue (by deleting the contract) and to ensure this won’t cause any other issues. Using the Pre-Change Analysis, IT can test the proposed configuration change and evaluate its impact on the network prior to committing any network changes. The following screen shows an example of deleting an existing contract between the internal server and the internet.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

IT can also identify if there are any potential issues with a particular configuration change by looking at a snapshot of the current configuration and comparing it with the proposed configuration. IT can also look at all the resources that will be affected by this proposed change.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

As shown in the following figure, the compliance requirement is met with the proposed change. IT can confidently make the change and know that there will be no negative impact on the network. With these Cisco Nexus Dashboard Insights features, IT can quickly and easily fix an issue to meet a compliance requirement for their business-critical applications, as well as validate the outcomes of the fix through Pre-Change Analysis before implementing the configuration.

Cisco Nexus Dashboard Insights, Cisco Preparation, Cisco Exam Prep, Cisco Career, Cisco Guides, Cisco Skills

Insights for Network Resiliency


At any point of time, IT strives to maintain network resiliency to securely meet the goals of business operations. Cisco Nexus Dashboard and Nexus Dashboard Insights provides the visibility, trust, and tools that IT needs to be successful. Learn more details about Nexus dashboard Insights from our Resource links below.

Source: cisco.com

Thursday, 13 January 2022

Cisco Networking Academy partner NIIT Foundation creatively addresses inclusivity

Cisco Networking Academy, NIIT Foundation, Cisco Exam Prep, Cisco Career, Cisco Learning, Cisco Preparation

While the International Monetary Fund (IMF) predicts India’s economy will bounce back strongly from the pandemic — with GDP predicted to grow 12.5 percent in 2021, after an eight percent decline in 2020 — a big challenge is ensuring that the growth is inclusive.

India has achieved a great deal in inclusive growth, lifting as many as 133 million people out of poverty in the last two decades, but it is clear that more needs to be done. Upon the release of India’s Global Human Development Report, The Real Wealth of Nations: Pathways to Human Development, Syeda Hameed, a member of India’s Planning Commission, said “far too many people are being left out of India’s growth story.”

Overcoming the insurmountable

In an emerging market with nearly 1.4 billion people, that may sound like an insurmountable challenge. There are a few factors, especially in the area of education, that indicate a more inclusive future is possible.

As early as 2014, Indian Prime Minister Narendra Modi proclaimed, “I dream of a digital India where quality education reaches the most inaccessible corners driven by digital learning.” In the same year, the Ministry of Skill Development and Entrepreneurship was established, with the aim of matching the supply of skilled candidates with the requirements of employers.

Unfortunately, around the world inequality widened throughout the pandemic. Disadvantaged communities and individuals with poor infrastructure and employment prospects felt the heaviest impact. In an increasingly digitized world, lack of access equates to lack of opportunity.

While technology drives overall economic expansion, it is more specifically digital connectivity that determines access to economic and social opportunity. At Cisco we believe that connectivity is critical to create a society and economy in which all citizens can participate and thrive. And we’re working to make that happen.

Cisco India innovates on inclusivity

Even before the pandemic, Cisco India started to bridge the education divide, with the creation of the Cisco Ideathon in 2019, which fundamentally changed our hiring practices to be more inclusive. The program was open to students from Cisco Networking Academy partner colleges and universities in rural and peri-urban areas, which are not part of the traditional talent supply chain. And top performers are often offered internships or jobs with Cisco.

Cisco Networking Academy equips educators with leading curriculum (licensed free to educational and non-profit institutions), Webex by Cisco, and resources for students that lead to industry-recognized skills and certifications. This is a true end-to-end skills-to-jobs program connecting learners with peers, mentors, and job opportunities through our job-matching engine, Talent Bridge.

Job offers to date have been equally distributed by gender, with a significant number of students hired from rural and peri-urban states, such as Odisha, Uttar Pradesh, Madhya Pradesh, and Rajasthan, where practically no top-tier company traditionally sought top talent before. Through Cisco Networking Academy’s training and education partnership with the NIIT Foundation, these underserved communities can participate in growth opportunities.

Making inclusive magic with the NIIT Foundation

NIIT Foundation, an education NGO, has a mandate to reach the unreached, uncared for, and unattended, to ensure inclusive development. The NIIT Foundation’s mission is to positively impact the underprivileged of the country through educational initiatives and skill development programs.

For its extraordinary work on inclusive education, the NIIT Foundation recently received Cisco Networking Academy’s Be the Bridge Award.

Starting as an Academy Support Center in 2019 with 6,000 learners, the NIIT Foundation quickly grew to support as many as 56,300 student participants. Last year it registered 236 percent growth in student numbers, and a massive 885 percent growth in career student participants.

NIIT Foundation works hard to ensure all Indians have access to the education and skills that jobs of the future require, to ensure inclusive development for all Indians. The NIIT Foundation held its first Skill-a-Thon for Tier 2 and 3 colleges in urban and rural areas in Northern India, using a focused campaign to attract students to career and Cisco Certified Technician (CCT) courses. This event attracted more students to CCT courses than the number of students who participated last year.

Educating the underserved

The organization also launched a pilot program to train people with disabilities on IT Essentials, with plans to scale beyond the current two locations, as well as a program to include India’s LGBTQIA+ community. And we have recently started a program to provide skills training to prison staff and inmates in Indian prisons.

Many underserved institutions in rural parts of India that lack resources and trained instructors have been exposed to the untapped power of the NIIT Foundation’s resources. NIIT even developed ATM-like “Hole-in-the-Wall Learning Stations,” making computers and the internet available for children who would otherwise not have access.

In India, Cisco Networking Academy currently boasts 328,000 students, with 864 partner organizations. Organizations like the NIIT Foundation are helping Cisco achieve its purpose of Powering an Inclusive Future for All.

Source: cisco.com

Sunday, 9 January 2022

Integrating Perimeter and Internal Defenses: 5 Facts That May or May Not Surprise

Cisco Certification, Cisco Learning, Cisco Career, Cisco Exam Prep, Cisco Guides, Cisco Skills, Cisco Jobs

IDC recently had the opportunity to talk to CISOs regarding the integration of Cisco Secure Workload and Secure Firewall. As analysts, we can articulate the technical benefits. The realized benefits can be different when real-life budget and time constraints are applied. Our conversations were quite illuminating. Below are 5 realities that may or may not surprise you when it comes to integrating perimeter and internal defenses:

1. Time is the currency of the day—Ransomware, cryptomining, and supply chain attacks are top of mind until we get into the office; business needs drive the fires to be fought during the day. The ever-present need to move quickly to stay ahead of cybercriminals require tools to “just work. ” According to the CISOs we spoke with, “if you’re limited on funds and don’t have a 20-person security team, you have to do a lot quickly…being able to get these overlapping protections…and they’re talking to each other really shines.”

2. Perimeter and internal defenses is not an “either-or” issue; it is an “and” issue—Firewalls have a prime vantage point, being able to observe all traffic traversing into and out of our infrastructure. But internal defenses are a bit more complicated. Digital transformation though does not wait for pristine security measures and policies to be put in place. Rather, digital transformation can force us to wrap devices or application like workloads and IoT devices in zero-trust policies elegantly or inelegantly; digital transformation does not care. According to the CISOs, “For organizations like hospitals that have IoT devices and new technologies, it’s going to be hard to wrap policies around all those devices. You’ve got some new scanner or a new handheld; how can you protect and lock them down? Maybe you can’t put an agent on some of them. So in a situation like that, with this [Secure Workload + Secure Firewall integration] you can wrap a zero trust policy around securing all those devices.”

3. Integration is real—Let’s acknowledge the elephant in the room; vaporware is a word for a reason. In this instance though, the integration of perimeter and internal defenses is actually happening already.  The integration is going beyond a single pane of glass management console and being driven by a real need to solve real problems. According to the CISOs, “You can get that data from the firewall and then you can use that data to wrap a Tetration [Cisco Secure Workload] workload protection policy around those, even without an agent on there.”

4. Integration enables automation—Time poverty is omnipresent. The holy grail of security is automation, which isn’t possible without deep integration. According to the CISOs, “I can have one block list in SecureX. When I right click on an IP address or SHA-256, I’ve got some automation set up and block it at the AMP level, the firewall level, and a number of places, Stealthwatch…everywhere.”

5. “One throat to choke”—Budget, time and management constraint are real and painful. The CISO of a top 10 bank may not serve these masters, but the CISOs with whom we spoke do. Deeper discounting, simplified buying process, and a “one throat to choke” are intangible, but invaluable benefits of integration. According to the CISOs, “With one company, it makes it a lot easier to get people to work together.”

Integration is a key aspect of digital transformation, and in the security realm can mean the difference between an intrusion attempt and a data breach. However, integration has to mean more than simple co-existence. True integration will improve workflows, productivity, and security outcomes. The level of integration between perimeter and internal defenses may well be the difference maker, as CISOs continue to navigate new and emerging threats, technologies, and business requirements.

Source: cisco.com

Saturday, 8 January 2022

Solving Multi-vendor Network Management Complexity with OpenConfig

Cisco Exam Prep, Cisco Exam Preparation, Cisco Learning, Cisco Career, Cisco Preparation, Cisco OpenConfig

As the industry moves towards controller managed networks, where the operator describes what and not how to manage, configuring and maintaining networks from a single vendor remains very complex. Add in the need to manage devices from multiple vendors, and the complexity is multiplied.  Yet network operators typically have devices from multiple vendors and must use their models to configure, integrate, test, and manage those devices.

A better way to manage multi-vendor networks is here: The use of models from OpenConfig, which is fully supported in Cisco IOS XE Software.

Why use OpenConfig?

OpenConfig is an effort by network operators in collaboration with vendors to build open, software-defined, vendor-neutral, and model-driven principles for network configuration and management. OpenConfig enables the use of:

◉ Data models for configuration and management using Yang 1.0 that are vendor neutral

◉ Streaming telemetry for monitoring and obtaining incremental updates (SNMP is passé), which enables a Pub/Sub interface that alerts the collector of changes almost as soon as they occur on the device

The OpenConfig participants include large corporations and service providers like Google, British Telecom, Microsoft, Facebook, Comcast, Verizon, and Level 3.

OpenConfig also allows vendors like Cisco to add their own tweaks via extensions to the models.

Figure 1 shows the OpenConfig models, which are published on GitHub.

Cisco Exam Prep, Cisco Exam Preparation, Cisco Learning, Cisco Career, Cisco Preparation, Cisco OpenConfig
Figure 1. OpenConfig Models

Cisco’s Embrace of OpenConfig


Many customers with Massively Scalable Data Centers (MSDCs), such as Microsoft, are very interested in OpenConfig as they run huge data centers with devices from multiple vendors. Various other networking vendors such as Juniper and Arista also support OpenConfig models.

The Cisco IOS XE architecture in Figure 2 lends itself to implementation of OpenConfig models with little effort because Cisco IOS XE already supports the OpenConfig enabler:  streaming telemetry.

Cisco Exam Prep, Cisco Exam Preparation, Cisco Learning, Cisco Career, Cisco Preparation, Cisco OpenConfig
Figure 2: Cisco IOS XE – Functional Architecture

Cisco developers have tested and implemented many native models for most of the Cisco IOS XE features. Native models are specific to Cisco devices and platforms. We can implement the OpenConfig models so there is no duplication of effort. The request for an OpenConfig data element is converted to the corresponding native data element because Cisco models are typically a superset of what OpenConfig offers.

The architecture diagram in Figure 2 shows how the configuration and operational databases are common for native and OpenConfig models. We only need a way to translate between the native and the OpenConfig model elements.

Typically, we request a configuration or operational data elements, like those listed in Figure 3, and a corresponding native data element associated with it. Cisco IOS XE provides infrastructure to translate the OpenConfig data element to the corresponding native data element. So, the process of supporting OpenConfig models is typically not very hard if the native models for the corresponding OpenConfig models exist.

Cisco Exam Prep, Cisco Exam Preparation, Cisco Learning, Cisco Career, Cisco Preparation, Cisco OpenConfig
Figure 3. OpenConfig and Native Interfaces

Implementing Operational Telemetry with Cisco IOS XE


Cisco IOS XE provides two ways to implement operational telemetry, depending on whether the elements have performance implications, such as the number of interfaces and statistics on all the interfaces. These can be large numbers, since Cisco supports modular switching platforms with multiple line cards. Cisco IOS XE provides a way to get the data from the database using FastPath. For environments with fewer interfaces, the mapping infrastructure can be used to get the data from the corresponding native element.

Over the last few months, Cisco IOS XE developers have been actively involved in developing the OpenConfig models in multiple areas on Catalyst 9000 Series switch platforms for a customer in order to fulfill very interesting use cases which involve migration from SNMP. This entailed testing with the use of the customer’s network data platform and optimizing the implementation for scale and performance. The implementation catered to various telemetry types including on-change and periodic notification.

We engaged the customer in a co-development model where we provided an image with the new model implementation and the customer tested it in the network and gave us feedback. This ensured a quick turnaround time for any issues found at the customer site and completion of the use cases with verification in an actual deployment. The development cycle was completed once we completely automated the testing. We used Genie for operations and telemetry and an in-house tool for configuration models. This model of development eliminated the need for tradition DevTest and resulted in quicker delivery to the customer.

We have occasionally run into issues when a certain data element couldn’t be supported, due to the lack of functionality on the device. We have also encountered scenarios when the representation of a data element was inaccurate. Aside from working with the customer on that issue, Cisco is also raising the problem with the OpenConfig taskforce to make changes to the models.

Cisco continues to develop more OpenConfig models and will also upgrade the revision of the current models to the newer versions published in the upcoming releases of Cisco IOS XE. If you’re a network operator struggling with configuring and managing a multi-vendor network, struggle no more—OpenConfig is the way forward.

Source: cisco.com

Thursday, 6 January 2022

Securely connecting the hybrid workforce and network edge: SD-WAN’s role in a SASE architecture

Over the last 20 years of enterprise computing, we’ve seen big changes in work environments and IT setups.

Read More: Cisco Certifications

At the turn of the millennium, most employees worked at headquarters or in a branch office, and most software ran from on-site servers. Networks were designed with centralized architecture, with all traffic being routed through the corporate data center over MPLS or VPN. As a result, the entire security stack could be deployed on-premises in a single place.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Career, Cisco Learning, Cisco Preparation, Cisco Skills, Cisco Jobs

Remote work has been around for decades (the term “telecommuting” was coined in 1973 by a NASA engineer), but it gathered momentum in the 2000s as laptops and Wi-Fi became commonplace while startup culture gained traction. Employers started recognizing the need for remote-work guidelines and digital nomads evangelized the lifestyle of “working from anywhere.”

Around the same time, cloud computing took shape with the reinvention of virtual machines and the emergence of application service providers and multi-tenant SaaS providers in the late 1990s. Public cloud services and productivity apps emerged in the 2000s and exploded in the 2010s, driven by cost savings and flexibility.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Career, Cisco Learning, Cisco Preparation, Cisco Skills, Cisco Jobs

As workers have moved out of the office and computing has moved into the cloud, there’s been a steep rise in internet traffic, and more work is being done off-network. Backhauling this traffic through MPLS lines and VPNs is more expensive and leads to performance problems. But direct internet access is risky because it bypasses the central security stack.

In the wake of this transformation in work and IT environments, your organization is likely running into challenges in two specific areas: securing your remote workers and securing your network edge. Today’s answer to these challenges is a redesigned network architecture. Secure access service edge (SASE) incorporates a software-defined WAN, bringing networking and security together in the cloud where computing is happening.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Career, Cisco Learning, Cisco Preparation, Cisco Skills, Cisco Jobs

You can get a thorough overview of SASE architecture by reading the e-book, The House That SASE Built.

Let’s delve into the specifics of these two use cases and the SASE and SD-WAN benefits for each.

Use case 1: Secure remote workers


Protecting employees, customers, and other users from cyber threats while providing seamless connectivity is challenging on several fronts:

◉ Enforcing safe access: Provisioning remote workers and connecting branches at scale creates a lot of complexity across IT, security, and networking teams. The demand for broader access also intensifies security threat vectors. Since employees need secure access everywhere, security services must be everywhere too. But it’s difficult to verify users’ identities and the health of their devices, and security policies aren’t consistently applied across environments. In addition, users are left unprotected when they decide to bypass the VPN and on-prem security stack.

◉ Keeping up with evolving threats: Gaps in protection are hard to pinpoint and fix consistently. Responses take more time when stronger integrations across the security stack are lacking.

◉ Maintaining performance: When remote environments and connectivity aren’t under organizational control, it can be hard to pinpoint the source of performance problems and get them resolved with providers.

According to the three Cs, an integrated approach for SASE, here’s how SD-WAN helps address these challenges, delivering secure consistent access to apps and data from anywhere:

Connect

◉ Internet traffic moves directly and securely from the user to the web and SaaS apps.
◉ Users can access frequently used internal apps without logging in to the VPN.
◉ SD-WAN “overlay” networks can seamlessly connect users, machines, and applications across clouds and data centers. An SD-WAN solution that is fully aware of SaaS applications can provide an optimal path to them by programming the network with the best path selection and adjusting it according to application and network telemetry.

Control

◉ Network administrators can enforce security and access policies consistently across remote locations.
◉ User identity and device health are verified before connecting to apps.

Converge

◉ Combining networking and security provides observability across the environment, including the network, internet, and cloud. Administrators get actionable insights from every user and app over any network.
◉ Investigations and threat response are streamlined because of integrated security.

Use case 2: Secure edge


Multicloud environments, which use cloud services from more than one public cloud provider, are driving the need to secure the cloud and access edge.

Organizations adopt multicloud strategies in order to hit their business objectives and take advantage of cost savings and innovation while reducing risk. With distributed users needing to access applications in multiple clouds from anywhere, at any time, organizations must provide security closer to the user and edge to minimize network latency and stay agile.

Finding an optimal balance between protection and performance is challenging in cloud environments:

◉ Managing complexity: Multi-vendor cloud deployments bolted onto a traditional network architecture often lead to inconsistent performance and poor user experience.
◉ Resolving performance issues: Without visibility, it’s difficult to identify performance problems for end-users. Without insights, it’s difficult to know what action to take to solve them.
◉ Applying consistent security: Policies need to protect users, devices, and applications from the latest cyberattacks while being scalable for access from anywhere. Authentication needs to be seamless.

Again, SASE and SD-WAN solve these problems, safeguarding the network edge.

Connect

◉ Multicloud access is optimized for secure, consistent application performance.
◉ Cloud-delivered WAN architecture connects users to apps through a single fabric with zero-touch provisioning, intelligent path selection, and automated cloud connectivity.

Control

◉ Access to the internet is secure, fast, and reliable.
◉ Users access all applications through a zero-trust framework, whether they’re on-premises or in the cloud.

Converge

◉ Consumption is simplified and deployment is faster thanks to the integration of networking and security.
◉ Observability supplies actionable insights to resolve issues.
◉ A common cloud-delivered security policy is enforced consistently, everywhere.

Source: cisco.com