Avatar

Part 2 of 2

In part one of this extended post, I explained some of the ways in which next-gen networks based on Cisco IOS XE transform digital experiences, how controller-first delivers consistent policies and security across multiple domains, and the ability to move applications closer to edge to improve responsiveness and decrease traffic. In this second installment, we look at improving connections to SaaS applications, providing pervasive security services, and some future capabilities of IOS XE.

Expediting Digital Transformation with Cloud OnRamps

Building and deploying new digital business processes, whether on public or private clouds, is the first step to providing ubiquitous access to the workforce—on campus or in distributed branches. But the usefulness of the new applications and data sources depends on the quality of service the network provides. A slow app frustrates workers and ultimately affects customers’ experience. That’s the reason Cisco builds intelligence into the network to choose the best routes to cloud applications, taking into consideration the traffic, latency, jitter and other parameters to ensure the most responsive pathway.

Cisco Cloud OnRamps for IaaS, SaaS, and Colocation, as well as specifically for Microsoft Office Cloud, intelligently monitor and adjust the connections between workers at branches and campus to the appropriate cloud offerings, using the channels that best meet the SLAs defined in network policies. Monitoring and automatically changing network connections to achieve the best SLAs for business-critical applications makes digital transformation projects productive and successful.

Protecting Digitized Processes with Security Everywhere

Digital transformation projects usually involve sensitive corporate intellectual property, financial, and personal information that must be protected from exposure to unauthorized personnel—internally and externally. When all data and applications are contained within a tightly-controlled data center, it is easier to secure access with multiple defenses—firewalls, advanced malware protection, intrusion detection and prevention, and DNS monitoring.

Since moving applications and data to one or more public clouds is typically a primary objective of many digital transformation projects, building-in security at every network access level is critical.

  • Cisco IOS XE starts with a built-in trusted and secure boot process that ensures that the software being loaded onto Cisco routers, switches, and controllers is genuine and unmodified.
  • Identifying and cataloging devices as they connect to the network is key to providing the correct access policies and isolating unknown end points that may harbor security threats.
  • With a controller-first approach, security and access policies are consistently applied across the network to ensure that segmentation applies to every device connecting to the network.
  • Accessing cloud applications from branch locations with direct internet connections improves application performance and protects data with full stack security to guard outbound and inbound traffic.

Security designed and built into the network, not just bolted on, provides consistent protection as mobile, cloud, and SaaS applications access and manipulate sensitive data. Imagine trying to design a new set of applications for handling patient healthcare data and having to design security for each one from scratch. With always-on network security services, applications can rely on the network’s guardianship of all traffic that passes from device app to cloud to data center to edge. Digital transformation projects can rely on ingrained network security and segmentation to expedite development and assist with meeting privacy regulations. 

Upcoming Innovations for Cloud and Distributed Compute

To aid enterprises in the continuing shift to using cloud services for digitization projects, Cisco is designing new capabilities into future versions of IOS XE.

Containers are fast becoming a preferred method to develop and distribute cloud applications. Containerization, such as Docker and Kubernetes, assists with the development and deployment of cloud applications and micro-services. Cisco is applying this paradigm to IOS XE to bring cloud-based networking capabilities to digital transformation projects. As more services are channeled through cloud platforms, it will be synergistic to have the network controllers running in the same space to help manage distributed workloads.

Containerized IOS XE micro-services will enable IT to match network loads more closely with application activity, so that when demand increases, new virtual IOS XE micro-services can spin up quickly to keep up with demand and then spun down as loads decrease. On-demand sizing of network services help keep up with changing application loads and, because they are virtual, save on cloud compute charges when demand normalizes.

As network traffic continues to grow—encompassing campus to branch, cloud to edge—the amount of telemetry generated by access points, switches, routers, and edge devices could overwhelm controllers’ ability to generate useful analytics. IOS XE will support clustering of devices such that an array of access points and switches—hundreds or more—connected to an aggregation switch, will appear as one device to the network controllers. With clusters, the vast amount of generated telemetry will be easier for controllers to consume, process, and share with Cisco DNA Center, Cisco AI Network Analytics and security services such as Stealthwatch and Threat Grid.

These are just two examples of enhancements to IOS XE that will make digitization projects successful with flexible, scalable, and simpler to manage networks. Networks really are a form of digital magic, supporting new applications and connecting people with the necessary computing resources anywhere in the world.

 



Authors

Anand Oswal

No Longer with Cisco