Co-authored by Muninder Singh Sambi, Vice President Product Management - Enterprise Routing Switching, Cisco
Why do companies want programmability?
Programmability is all about automation. Programmability allows you to do things more quickly with greater accuracy using fewer resources.
Historically, network devices were relatively difficult to configure. They had to be programmed one by one using a command line interface that required certified technical resources and significant time. In today’s digital world, the idea of it taking weeks to make changes to networking infrastructure is simply unacceptable.
Cisco is automating and simplifying the tasks necessary to drive business results, while reducing costs and saving time. For example, companies using massively scalable data centers have experienced the power of programmability at scale by using automation tools like Puppet, Ansible, and Chef that make it easy to rapidly deploy and configure large numbers of devices.
As a result, organizations can deploy new applications faster, easily turn on new network services, and reduce the time needed to fix day-to-day issues. This trend is now extending to their campus and branch infrastructure.
How can companies make end-to-end infrastructure programmable?
Enterprises are looking to extend programmability across all their IT domains making everything that connects the user to the application programmable. This includes data centers, private and public clouds, colocation facilities – and every part of the network from wired and wireless LAN, through the WAN, to the data center network, including all security controls in between.
One of the keys to achieving automation across multiple IT domains is APIs. So enterprises should be giving extra attention to equipment vendors who provide robust APIs and to systems integrators and managed service partners with deep integration capabilities.
What are the benefits of programmable wide area networks?
In today’s multicloud world, organizations want to use the public internet for corporate WAN traffic to and from the cloud to deliver:
- consistent application performance, since traffic isn’t backhauled to a private data center before heading to the cloud
- increased network availability, as you now have several circuits that can serve as backups for each other in case of outage
- lower costs, because using internet connectivity is much less expensive than MPLS
While it is possible do this with traditional WAN routers, it requires highly skilled technical staff to design, implement and maintain traditional WAN architectures. Cisco Software-Defined WAN (SD-WAN) was purpose built for this multicloud connectivity use case, making it easy to set up policies and implement configurations from a centralized, cloud-based platform.
Cisco SD-WAN provides GUI-based programmatic workflows through a cloud-based controller and management platform, Cisco vManage. This enables zero-touch provisioning of branch networks, even by non-technical personnel, using configuration templates based on pre-defined business intent.
Does SD-WAN improve enterprise security?
Traditional WAN architectures were designed with security centralized in the data center. Moving to SD-WAN means using direct internet access for a growing portion of your corporate WAN traffic, which increases the attack surface – so any transformation to SD-WAN must include a review and possible re-architecting of key security controls.
One of the basic features of SD-WAN solutions is the pervasive use of encryption for the overlay connectivity. Because of this, SD-WAN solutions are inherently more secure than traditional WAN MPLS connectivity, which isn’t encrypted by default.
On top of this, Cisco’s advanced SD-WAN security stack solves edge security challenges and provides IT with effective and scalable security for SD-WAN, enabling businesses to use cloud services with confidence.
The Cisco SD-WAN security stack is embedded in the branch router with capabilities such as application-aware firewall, intrusion prevention and URL-filtering. Cisco SD-WAN security is also tightly integrated with Cisco cloud security services, such as Umbrella and Threat Grid, to provide a complete shield at the cloud edge.
What are the challenges companies face migrating to SD-WAN?
Firstly, the business case for moving to SD-WAN is often based on potential telco savings. But ROI calculations should also include the benefits of having a more agile, efficient, and better-performing network – and the benefits of enabling a successful cloud strategy and improved application performance.
Once you’ve established the business case, you can define a new WAN architecture that leverages SD-WAN technology. In order to make maximum use of SD-WAN technology, an organization needs to have a good understanding of its current and future application traffic. You need to do this analysis before you can design a new SD-WAN that uses multiple types of connectivity.
Finally, once the new architecture is drawn up, you’re ready for deployment. Transforming a WAN gets harder the more devices it has on it and the more geographically dispersed it is. Shipping the devices, clearing them through customs and paying the duties, ordering circuits from local carriers, configuring, installing and testing equipment all take a great deal of coordination. The zero-touch provisioning of Cisco SD-WAN certainly eases much of this, but a transformation project still needs plenty of project management.
Can managed services help realize the value of programmable infrastructure?
Many organizations are trying to reduce their capital expenditure and move to more operational expenses. They’re looking to managed service providers to operate their WAN infrastructure and allow them to consume it on an opex or as-a-service basis.
Managed service providers can simplify and expedite your transition. They can provide the traffic flow analysis, security advisory, network design, and re-architecting services necessary to get the most out of your migration. Cisco SD-WAN provides best-of-class multitenancy, controller-APIs, and role-based access control to allow enterprises to use it though a managed service provider.
Once migrated, the new infrastructure has to be managed in a completely different way to the legacy WAN. While the new SD-WAN offers significant advantages over legacy WANs, it is also more complex to manage, especially if you don’t have the skills and automation platform to do so.
Ultimately, SD-WAN is part of a bigger picture – of achieving the goal of an intent-based network that is fully programmable. Organizations generally want the help of a transformative managed service partner to take accountability for user experience end to end.
They need that broad offering of consulting services, professional services, and access to an automated managed service platform to deliver the outcome they’re looking for – end-to-end programmable infrastructure that acts as a platform for their digital business.