Part 2 of 3: Enabling a secure and desirable user experience.
Enabling Multicloud Access
In part one of this 3-part series, I shared some thoughts about how you can simplify your network for consistently deploying, managing and securing workloads across a multicloud environment. This time around I would like to look at how users and devices access these distributed applications and workloads with the security and performance they need.
For good reason, IDC analysts forecast that 2021 will be the year organizations’ multicloud deployments will take off.  And while some of that has to do with resilience requirements made evident by the current pandemic – it reaffirms a broader need for business agility to support digital transformation initiatives.
So, like most IT professionals, you are probably asking yourselves questions like:
- How well does my WAN network meet the emerging needs of a hybrid and multicloud architecture?
- How can I ensure users get the best SaaS and IaaS application experience?
- How can I deliver a model that consistently protects my users and applications wherever they are located?
- How can I make sure I have visibility into any performance issues that may crop up – and have a system that knows how to deal with them?
- How can I be ready for any event that forces sudden changes in the location of my users and/or applications?
Traditional WANs and VPC connections can’t keep up
We’ve been deploying WAN networks for decades, primarily to connect branches to corporate data centers and campus networks. However, they weren’t built to deal with the variety and distributed nature of cloud. Nor were they built to rapidly and easily provide secure access to new applications hosted in a new IaaS or SaaS environment, or to respond immediately to an unexpected disruption.
From a cloud connectivity perspective, traditional options and services used for connecting to multiple virtual private clouds (VPC) provided by cloud service providers leave enterprise networking teams with limited control in a multicloud scenario.
SD-WAN to the rescue
The main reason SD-WAN has been gaining a lot of momentum is because it uses a centralized controller to optimize the multicloud application experience and greatly simplify WAN operations. Nearly 75% of respondents in IDC’s SD-WAN survey stated that SaaS/cloud services are important (or very important) to current WAN technology choices. 
And IT teams are quickly getting on board. According to Cisco’s Global Networking Trends Survey, in their journey to an intent-based WAN, over 58% of organizations globally have already deployed SD-WAN in some form, and over 94% of respondents believe they will deploy some form of basic or more advanced SD-WAN implementation within the next two years.
WAN Readiness Model
Cisco SD-WAN for Multicloud Access
Cisco SD-WAN was designed to answer all these challenges. Cisco provides a flexible architecture to extend SD-WAN to any private or public cloud environment. It has the ability to automatically find the best path to the various applications for the best user experience. And it is able to use any transport method (broadband, MPLS, 5G/LTE, satellite) from any location (core, edge, cloud) for any network service (security, application Quality of Experience [QoE], voice and video).
Optimization for Multicloud Networks
Cisco’s architecture provides centralized management, automation and security for connecting branches directly to cloud resources. Direct Internet Access (DIA) and Cloud OnRamp provide an improved user experience by connecting the branch directly to the leading cloud and SaaS providers for a better and faster user experience, while offloading traffic from expensive back-haul connections.
Cloud OnRamp for IaaS
This allows you to extend your WAN to the public cloud with a single SD-WAN fabric, so that you can apply consistent policy to cloud workloads across multiple clouds. Monitoring network performance via the dashboard, cloud OnRamp automatically selects the fastest, most reliable path to the cloud, no matter where your end users are located. In the event of network service disruptions, cloud OnRamp will adjust paths as necessary, helping ensure continuous uptime and predictable performance.
OnRamp for SaaS
This makes connecting to and securing SaaS environments simple. Partnering with several SaaS providers, cloud OnRamp automatically selects the fastest, most reliable path to SaaS applications to deliver the best user experience no matter where users are located or what disruptions might occur.
OnRamp for Colocations
Cisco SD-WAN refines distributed architectures so that colocations can serve as regional hubs for branches with both MPLS and DIA. Colocation hubs streamline multicloud access by reducing the number of egress points to the cloud, regionalizing security to reduce the attack surface, and encouraging network efficiency through easier enforcement of end-user application policy.
Visibility into the multicloud network
The increased complexity of multicloud networks makes it really important to have visibility inside the WAN so you can monitor, measure, and adjust the parameters affecting performance. With Cisco SD-WAN you have a cloud-based tool for monitoring and analyzing performance of the complete multicloud network through a well-tooled portal. It enables the NetOps team to readily monitor bandwidth usage, application performance, and quickly and accurately detect anomalies based on baseline application usage.
Security at the Edge
When discussing optimizing access using onRamp, you probably thought: great, but that significantly widens the attack vector and bypasses existing centralized security. To counter these threats, with Cisco Umbrella, we’ve added a cloud-delivered security stack to provide a combination of embedded security features consisting of application-aware firewall, intrusion detection and prevention, and a DNS cloud security layer. In part three of the series we’ll dive deeper into how we can best protect your users and multicloud applications with cloud-based security at the edge.
Here are a few options for you:
And of course, do let me know if this blog was helpful or if you have any questions.