#TheGrubbCast Episode 2: Talking with Viptela’s Khalid Raza About Software Defined Wide Area Networking
Cisco’s Innovation Strategy
- Build refers to Cisco’s 19,000+ engineers and $6.3B investment in Research & Development – but of course no one company can invent everything. That brings us to…
- Buy – Cisco’s strategic acquisitions that help us leap forward in areas that we want to enhance the portfolio.
- We Partner with companies that are developing ancillary technology and hardware that can be optimized to work with Cisco solutions, and vice versa.
- Cisco also has a sizeable portfolio of investments in start-ups, which enable us to stay at the bleeding edge of innovation.
- Co-Development with customers has also proved a fruitful area for innovation, as we seek to help them to help us develop the solutions that will solve their business problems.
Cisco’s Acquisition of Viptela
I sat down with Khalid Raza, co-founder of the recent Cisco acquisition Viptela, who took us through how Viptela came to be, the business challenges they were trying to address, and how the acquisition integration is going.
The beginning of the journey toward SD-WAN was the need for hybrid WAN for bandwidth augmentation. Then came mobility and efficient access to SaaS applications, then infrastructure & platform services – dynamic & secure outwardly pointed connectivity.
Increasingly, networks are expected to address the requirements of complexity, agility, and responsiveness.
WAN has become much more critical as we’ve moved from data centers to centers of data. There is tremendous value in the data and the next step in this is to enable access to this data. We talked about Cisco’s recent investment in BlockChain as an example of this, and the possibility of trading platforms for data in the future.
Solving Business Problems with Software Defined Networking
Viptela solves the agility & responsiveness problem with automated, zero-touch provisioning and policy-based configuration. Khalid spent some time explaining how this feature set enables immense savings of money and skilled operations personnel that don’t have to be deployed long distances to perform mundane tasks.
And of course, everything comes back to security. When Khalid started Viptela, cloud adoption was picking up, SaaS was coming, PaaS was coming… security models in WANs were changing fast. Decoupling identity from IP was revolutionary in this space, making a user’s IP address irrelevant and making network access both easier and more secure.
The underlying infrastructure of the internet is very unpredictable. Carriers change IPs all the time, so decoupling IP from provisioning adds stability to an uncertain situation. This was one of the features of Viptela that customers really responded to, because it’s a simplistic solution to a very complex and potentially destructive security problem.
Massively scalable secure fabric was the next requirement, and this is where the concept of abstraction comes in – Viptela really shines here and this is where their integration with Cisco became key. Cisco is in one of the best positions in the world to understand scale. Viptela’s control plane architecture is sophisticated and elegant, and Cisco is the company to help get them to the next level of enterprise-scale and connectivity.
Viptela in a Brownfield Environment
Khalid made a great point about the Viptela solution being easily implemented in a brownfield environment. Viptela knew there would always be an MPLS network wherever they went, and that they’re always be working side by side with IWAN. Since Viptela essentially looks at Cisco as another routing technology, integration of Viptela into an existing network, even a huge single cloud with thousands of BGP routers, is often seamless.
The most interesting thing was hearing Khalid’s thoughts about the future of Viptela in the Cisco environment, and how it will integrate into development of cutting edge Cisco technologies. DNA Center will function as the single pane of glass, incorporating Viptela into the broader intent based networking solution.
Unique Industry Requirements
Retail, financial, healthcare, manufacturing industries – all have interesting & distinct requirements. Retail & financial industries need segmentation & scale, and the financial industry adds a level of complexity because of the need for features that support compliance. Manufacturing partners need segmentation and flexibility – six lines of business and traffic at the same site needs to be completely independent, plus security vulnerabilities of antiquated operating systems need to be addressed.
Healthcare has been using IOT for a long time on machines that were bought anywhere from 1980 to the present, so security is a major concern – in fact, micro-segmented white listed topologies are often a requirement in these cases because of the sensitivity of the data.
Focus Forward AND Backward for IOT Security
The focus on IOT is so often forward-looking. What gets lost in that view is the look backward, to devices that were deployed on networks before hacking became a billion dollar industry. The network is the only place that can provide the level of security that’s needed for current devices. Micro-segmentation through policy brings a new level of security without even deploying a security device.
New Role of Network Operations
Finally, we talked a little bit about the changing role of the network operator. The effect of operational simplicity and automation will allow more time to add a new level of business.
Jiwan Grewal demonstrated Cisco 4D SD-WAN (Viptela) v1, which has six scenarios:
- Scenario 1 – An overview of the SD-WAN vManage dashboard and discussion around Zero Touch Provisioning (ZTP) capability. Branch site routers, with design best practices, can easily be provisioned by leveraging automation through zero touch provisioning and centralized configuration. Centralized configuration utilizes the templates that can be pre-configured before device deployment
- Scenario 2 – Use the Hybrid WAN connectivity over multiple WAN transport connections. Show connectivity could be established over any kind of transport, application steering over any transport. Using IP as transport to create flexible data plane topologies from full-mesh to Hub-n-Spoke to any arbitrary topologies
- Scenario 3 – Demonstrate business defined insertion of services (FW, IPS, IDS, etc) utilizing centralized policies. Flexible architecture where services can be deployed in any of the site(s) irrespective of the physical topology. Simple policy activation can make selected applications and sites to go through the required service
- Scenario 4 – Show the simplicity of using application firewalling policies centrally. Various applications and/or flows would not be allowed between sites. Simple centralized policy activation would enforce such policies to any site on the overlay
- Scenario 5 – Use the Application aware routing along with arbitrary topology networking to show the business policy driven view of application classification, connectivity and QoS provisioning. Discuss Application Performance settings while highlighting the ability of the network to dynamically switch paths to preserve a consistent application experience
- Scenario 6 – Policy driven Data Center preferences for different branches. A subset of branches could prefer one Data Center over the other as a regional Internet exit