Public Cloud, Private Cloud, Hybrid Cloud: the Clouds are all around us, helping to accelerate application delivery. With Infrastructure-as-Code (IaC), network infrastructure deployments become as fast and automated as DevOps has achieved for application deployments. With the IaC paradigm expanding across organizations, the need to unify NetOps, DevOps, and CloudOps teams is crucial. Cisco’s mission is to provide consistent automation, Day-2 Operations, and secure transport to the Clouds, within Clouds, and among Clouds.

Different Domains, Different Tools, Different Skills

The agility of CloudOps to achieve fast application deployment is a high priority for many organizations to support digital transformation projects. Public Cloud is the go-to strategy to achieve these goals. While enabling efficient and fast application deployment, the NetOps and SecOps teams might only be involved when the Public Cloud Application has additional connectivity or access permission requirements. For example, making cloud applications available to branch sites via secure network access or providing the Public Cloud application with access to resources in an on-prem data center. At that point, the NetOps and SecOps teams adjust their roles and responsibilities so that while the CloudOps teams still owns the application, the NetOps team can focus on the network changes and the SecOps team the considerations for security to support the cloud application requirements.

Need for Connectivity and Consistent Operations

The NetOps team is traditionally responsible for domains within the On-Prem Data Center, the Data Center Interconnects (DCI), and the WAN from the Branch to the Data Centers. Now, with the addition of Public Cloud applications, a new domain has been added to their responsibilities, requiring new skillsets and new tools for managing connectivity for:

  • Branches to the Public Cloud
  • DCI between Public-to-Public Cloud (Multi-Cloud)
  • Public to Private Cloud (Hybrid Cloud)
  • Within Public Clouds

Similarly, SecOps has to consider the new security controls and access policies required for applications in Public and Hybrid Cloud deployments.

With the new cloud responsibilities, the traditional NetOps and SecOps teams need control over two different domains with very little in common. As a result, the speed gained from the CloudOps team using clouds for application deployment is throttled by separate tooling required for secure branch connectivity and diverse security policy domains.

Software-Defined Networking for the Multi-Cloud Era

As working with several domains is now a given, the main challenge that organizations face is to find ways to adapt operations across Public Clouds and On-Prem Data Centers—the Multi-Cloud. There are two key networking solutions to enable the Ops teams to work in unison: Cisco Cloud ACI and Secure SD-WAN/SASE.

Cloud ACI: Consistent Policy and Connectivity Across All Clouds

Cisco Multi-Site Orchestrator (MSO) provides the ability to manage Multi-Cloud environments from a single pane of glass, through a Graphical User-Interface (GUI) or via Application Programming Interfaces (API). This abstraction, paired with Cisco’s Cloud Application Infrastructure Policy Controller (Cloud APIC), provides the common tooling and network policy model for Cisco-powered Data Centers of any kind.

NetOps in the Cloud
Cisco Multi-Site Orchestrator (MSO) and Cloud ACI normalizes the functionality between multiple Public Cloud offerings and the On-Prem Data Center, halting the explosion of diverse operational models.

CloudOps, DevOps and NetOps can build on this common infrastructure to make the two very different operating domains—Public Cloud and on-Prem Data Center—appear similar from a management perspective. NetOps is immediately empowered with additional controls for managing policies and provisioning in a Multi-Cloud environment. The CloudOps and DevOps teams can leverage the unified infrastructure versus learning and managing all the different native cloud models in use, thus restoring the speed and agility they need for continuous development and deployment.

Cisco SD-WAN Provides NetOps with Secure Connectivity to any Cloud

An important part of the Multi-Cloud application experience is how the workforce connects to the Public Cloud or On-Prem Data Center. Depending on the classification of an application—is it open to all via the Internet or controlled through an Extranet or Intranet—different requirements need to be considered for connectivity and security.

Multi-Cloud Network
The tight integration of Cisco’s Secure SD-WAN and Multi-Domain normalizes the needs for Branch to on-Prem Data Center, Branch to Public Cloud, and between Multi-Clouds.

With Cisco Secure SD-WAN, Multi-Domain integration with the Public Cloud and On-Prem Data Center ensures end-to-end intent from the worker in the branch accessing applications in any Cloud. Secure SD-WAN enables NetOps to define specific Service Level Agreements (SLA) depending on application requirements and available transports. With the integration from Branch to the Public Cloud, the Branch to the On-Prem Data Center and even between, the NetOps team benefits from common tooling. A common policy model also accelerates application deployments by the CloudOps Team.

Expanding the capability of SD-WAN connectivity with Umbrella Cloud Security secures Edge resources. Cisco’s SASE (Secure Access Service Edge) paired with Secure SD-WAN goes beyond just transporting packets from Branches to Multi-Cloud. SASE gives NetOps control over secure segmentation across the entire network stack, with a full edge security from branch to cloud and colocations.

Enabling NetOps Evolution to Multi-Cloud

The tight integration of Cisco’s tooling with Terraform and Ansible IaC platforms enables CloudOps and DevOps to hand-off the care for networking to its rightful owner, NetOps, and focus on accelerating application deployment. Using IaC to automate both infrastructure deployment and application deployment makes it easier to practice a CI/CD pipeline to increase business agility. Ensuring that NetOps evolves to keep up with common IaC tooling across different domains is a primary goal. Cisco provides the tools to unify NetOps for Private, Public, and Hybrid Cloud deployments, reflecting how the workforce needs to access any applications in any Cloud in a secure way.

More Resources:


Yousuf Khan

Vice President of Technical Marketing

Intent Based Networking Group