Cisco IWAN – Reducing Costs & Mitigating Risk

Cisco IWAN

In this week’s edition of Next Generation Tech-Talks, Chad Chaffee, Practice Director of NextNet Partners’ Core Practice joins Phil Calzadilla, CEO and Founder, NextNet Partners, to discuss Cisco IWAN.

Listen to “Cisco IWAN – Reducing Costs & Mitigating Risk” on Spreaker.

NextNet Partners’ Core Networking & Converged Infrastructure

Chad Chaffee is the leader of our Core Networking and Converged Infrastructure practices at NextNet Partners. He provides leadership and mentorship to engineers in the practice, creating career/training paths for technical & business knowledge advancement. Chad also works closely with customers to identify needs in order to develop new solution offerings.

What the heck is Cisco IWAN?

“IWAN is a Cisco architecture that allows customers to be able to save money across all of their remote sites and to simplify the management and deployment of those remote sites, as well as enable new business initiatives and business models.”

Let’s back up, what exactly does it do?

“IWAN is is an overlaying architecture that combines a lot of technologies that Cisco has had over the last several years, but has improved around DMVPN, performance-based routing and some application visibility and control, that allow you to save money; in the fact that DMVPN enables you to run over commodity circuits versus dedicated T1s. Which, for customers that have multiple remote sites, that’s a large cost and expense for them. Customers can save money up to 10 times the amount because circuits could cost anywhere from $600 plus a month, where with commodity internet, you could be around the $60 range. When you multiply that by the number of sites, that can be a lot of savings for customers annually.”

Cisco’s IWANs magically localizes and creates a private pipe for me?

“So for the corporate traffic that you’re running across back to your data center, it’s inside a tunnel. You’re still sharing the bandwidth, potentially, depending on what kind of circuit you have with maybe your neighbors in the same building, but the speeds are getting so high now. I mean if you’re going from 1.5 to even 10 or 20, up to 100, you’re only going to be using maybe 10% to 1% of that bandwidth anyway, or what you’re used to. So you’re gonna see a performance increase in that standpoint. But in addition, a lot of times what customers are doing now since they now have a direct internet access (or DIA at my location) instead of having all of their users shove their internet traffic back to the corporate data center — and then out the main internet pipe — they offload that on the local internet that’s there locally, and the only thing that’s critical coming back to their data center is in that tunnel, and everything else is pushed off straight out to the internet.”

So, talk to me about how do we secure that to make sure that someone isn’t on the internet hacking into us, doing all that stuff that hackers do.

“So as I said, the corporate traffic that’s coming across the pipe, that’s encrypted via I-Psec tunnels. That data can’t be sniffed on the outside. But really, what we care about is, all my users bringing in their iPads and going on Netflix, or surfing websites. You can integrate in your router, it integrates in with Cloud web security from Cisco. So that gives you the ability to kind of enforce web use policies across your environment, even if they’re not coming all the way back to your data center, which traditionally you would have a proxy at your data center, and control what types of traffic that users could browse to. Now with Cloud web security, you can actually do that out of the branches, still from a centralized controller management in the Cloud. And no matter which branch they’re at, they’re following those same policies. And then on top of that, we can also look at leveraging things like Advanced Malware Protection, or AMP, either at the end point or from a network perspective, to do that malware detection and malware protection for all of your clients.”

You mentioned simplification. Talk to me about how does this simplify things from a network perspective for maybe a small-medium sized business that doesn’t have a lot of resources and things like that?

“So around some of the new product lines, APIC Enterprise Manager, or APIC-EM, can allow customers to deploy their routers in kind of a zero touch deployment standpoint, where I can put some baseline configuration on it, deploy it out at the site, and then utilize the APIC-EM to push the rest of the information out, to establish the VPN tunnel to create a lot of the PFR configurations. And that’s kind of the IWAN plugin that allows you to push that out almost seamlessly, and zero touch. So, a lot easier to deploy your remote sites from that standpoint.”

So, just for the non-technical folks, APIC-EM, what is that?

“So technically it stands for Application Policy Infrastructure Controller Enterprise Module. So there are two types of APIC’s. For IWAN it’s APIC-EM, and that’s essentially a controller that allows you to manage and control your routers and switches in your environment.”

Let’s say you have 30 offices, and you’re trying to make a change to the routing of those 30 offices, you can go to the APIC-EM, make your changes, decide what you wanna be and have it roll out?

“Some of that functionality is still coming in APIC-EM, but that is the vision, that’s where they’re going is. Everything will be controlled from APIC-EM, and allow you to deploy policies, allow you to deploy new devices and control QS settings. A multitude of features and technologies.”

How will this enable new business models?

“Well, a lot of customers today are trying to reduce a lot of the infrastructure that they have on premise. So, getting rid of Exchange, and going into Office 365, or Google applications, or various Software as a Service type applications. Through the historical dedicated circuit, MPLS, I’m still bringing all that traffic back into my core, and out the internet. But now that I have that DIA at each branch location. Now, instead of that traffic coming in through my corporate data center, now again, it’s going out to the internet. And it’s getting straight to the Cloud instead of having to go through some additional latency of frame relay circuit. And that just enables that to be more effective for all your users.”

What is the difference between Cisco SD-WAN and Cisco IWAN?

“Correct, yes. So, IWAN is an SD-WAN architecture. Really, the difference from a Cisco perspective is a lot of the integrations, like I said, around things like cloud web security, you have the power of Cisco behind you, you have predominantly I think 85% or more have Cisco switches and routers existing, firewall protection, everything along those lines from Cisco, so it’s kind of all integrated. It’s what the majority of engineers are used to running every day. So really, where Cisco’s strong points is is just you’ve got the power of Cisco, the giant gorilla that really enjoys doing networking for enterprise customers. They’re gonna keep developing and pushing the button and making new features and that research and development behind.”

For a full transcript of today’s show on CISCO IWAN click here.