SDWAN Solution High Level Overview

SDWAN will provide the following:

  • Active/active links per SD-WAN site
  • Secure IPSec VPN tunnels from each site to the HUB concentrator routers, one over the Active1 medium, and the second over Active2 medium
  • Secure IPSec VPN tunnels will be established from each site over both DIA circuits for Software as a Service (SaaS) solutions such as Office365 and for secure Internet browsing to ensure secure connectivity
  • Bandwidth, routing, and security policies will be provisioned. Tunnels will be configured in an active-active mode with both WAN circuits utilised.
  • Application optimization – Layer 7 traffic shaping, and application prioritisation will be configured to prioritise traffic for mission-critical applications and a reliable user experience.
  • Intelligent path control – Dynamic policy and performance-based path selection will be configured – Business critical applications will be routed over the Primary VPN tunnel, and all other noncritical traffic over the Secondary tunnel.
  • Dynamic failover will be configured; – in the event of circuit failure critical traffic will dynamically re-route over the second DIA circuit tunnel.
  • As part of Cisco’s Multi-Domain architecture, will have the capability to process and pass policy information between domains.

SDWAN can be designed with a managed service to provide pro-active monitoring and detailed reporting capability along with staying ahead of operational issues, ensuring that maximum value is derived for the enterprise.

Managed Services:

Managed SD-WAN Service will provide an enterprise with a modern network that delivers significant benefits in performance, security, functionality, and visibility while achieving significant savings in bandwidth costs. A Managed SD-WAN Solution will consist of 3 components each with different sub-services:

  • SD-WAN Underlay 
    • Service Provider Lifecycle Management.
    • Research on Carrier Service Provider options per site
    • Sourcing management and aligning rates with industry benchmarks.
    • Aggressive Service Level Agreements that are outcomes based.
    • Ongoing operational Carrier Service Provider management and commercial governance services; a single point of contact for all Carrier Service Provider components in the SD-WAN.
  • SD-WAN Overlay
    • Provide a support and delivery model that leverages local network expertise, with remote access to network expertise nationally and internationally.
    • Continuous monitoring of the application aware routing policies
    • Continuous service improvement and account governance through the Client Delivery Manager.
    • Ongoing operational vendor management and commercial governance services; a single point of contact for all overlay components in the SD-WAN.
    • Visibility of bandwidth utilisation per application therefore providing insight into application performance.
    • 24x7x365 monitoring and alerting (including event validation)
    • Provision of Incident management based on the required Service Level Agreement
  • Operational Management
    • Dynamic service levels based on network performance, service modality, and application throughput required.
    • Validation of policies and fine tuning.
    • Basic Site internet breakout management with SASE.
    • Basic Hub internet breakout management with SASE
    • Change Management
    • Problem Management
    • Capacity Management
    • Moves, Adds, Changes and Deletes

A managed service partner can utilise Cisco vManage as the dashboard for the SD-WAN solution to provide the following capabilities:

  • Transport Independence: Supporting zero network downtime by automating application flexibility over multiple connections, such as the Internet (DIA), MPLS or wireless (LTE).
  • Network Services: Rich networking and security services can be delivered with a few clicks.  WAN optimisation, cloud security, firewalling, intrusion protection (IPS) and URL filtering can be deployed wherever needed across the SD-WAN fabric from a single location
  • Endpoint flexibility: Can simplify connectivity across branches, campuses, data centres, and cloud environments, extending the fabric wherever required.

The vManage console provides the ability not only to manage connectivity across the WAN from a single dashboard, but to connect to cloud platforms with greater speed, reliability, and efficiency. In the Cisco SD-WAN vManage console, you can easily automate virtual private gateway deployment in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments. Cisco SD-WAN OnRamp brings the applications closer to customers securely, adjusting the IPsec route as needed to help ensure service delivery and performance while monitoring the hosting infrastructure for anomalies.

Cisco SD-WAN OnRamp gives you enhanced, automated connectivity to IaaS and PaaS cloud environments without forcing you into existing multi tenant gateways or a time-consuming manual process. Cisco SD-WAN gives instant visibility into cloud traffic, control over deployment, and the convenience of automated management. In addition, Cisco SD-WAN OnRamp can optimize the SaaS applications that you and your stakeholders use in day-to-day operations.

Monitoring underlay performance via the vManage dashboard, Cisco SDWAN OnRamp automatically selects the fastest, most reliable path to SaaS applications for the users, engaging in real-time steering no matter where they are located. In the event of Layer 3 service interruptions beyond control, Cisco SD-WAN OnRamp will adjust as necessary, helping ensure continuous uptime.

With Cisco vManage, you gain the ability to manage certified trustworthy platforms while instantly deploying the right security in the right place, all from a single dashboard. With a few clicks in the Cisco vManage console, you can instantly harden your entire network, reducing risk while helping ensure business compliance, continuity, and success. The SD-WAN managed solution can transform Cisco routers into advanced, multi-layered security devices with an application-aware enterprise firewall, IPS, URL filtering, and continuous DNS monitoring.

The managed service partner will also utilise vAnalytics through the vManage dashboard to provide additional information and visibility such as:

  • End-to-end visibility into applications and infrastructure across the entire SD-WAN fabric
  •  Real-time information for failure correlation, cross-customer benchmarking, and application performance scores
  • “What-if” scenarios for performance forecasting
  • Assistance in planning application provisioning, bandwidth increases, and branch expansions
  • Intelligent recommendations based on existing policies, templates, and preferences
  • Application Quality-of-Service (QoS) categorization and policy changes for predictable performance