Cisco executive Ritesh Doshi on the value of SD-WAN for the cloud workforce

Until some years ago, the Wide-area Network (WAN) architecture was a natural choice for companies to keep their networks and remote branches connected with data centres over long distances. However, as the number of locations grew, there were physical limits in time and distance. There was also the problem for enterprises hiring multiple service providers to cover employees in different nations. Some of the problems with traditional WAN include service outages, network congestion and packet delay variations, among others.

With Software Defined WAN technology, vendors like Cisco, Fortinet, Citrix and VMWare are able to prioritise critical business traffic and take advantage of internet broadband connections—once used for backup and redundancy—to connect directly to multi-cloud resources.

This has proven to be critical with the onset of the global pandemic, which has made remote working the new normal. Applications for streaming services, virtualisation, video-conferencing and VoIP calling have come to the fore, which are by default low latency applications. In an interview with TechCircle, Ritesh Doshi, director of enterprise networking at India & SAARC, Cisco, explains the evolution of SD-WAN, and its significance in a post-Covid world.

Edited excerpts

What’s the genesis of Software Defined WAN?

Fundamentally, WAN was designed to connect the local area networks (LAN) for various networks, and then , it evolved into something called MPLS (multi-protocol label switching). 

The idea behind this kind of a protocol was to create a common service layer over the IP transport for all kinds of traffic such as voice, video and data. The incremental idea was also to make sure this is a shared service, thereby bringing down cost and increasing uptime and reliability.

It was serving a purpose until the advent of the cloud. With increased use of cloud computing platforms, there was a need to have direct internet access to securely write from the branch level, or from the user point of view correctly. That's where the software defined(SD) part came into existence.

Any service which is getting delivered from the cloud in a secure way needs to have a centralised policy control, centralised management and centralised security. This is where it became difficult to rely on traditional technologies like WAN or MPLS. SD always existed in the data centre and many other spaces, but SD-WAN came into existence with the increased adoption of cloud.

What are the advantages of SD-WAN over traditional WAN?

With the current Covid-19 scenario, organisations expect employees to work from home, coffee shops, and hotels or from anywhere else. As the number of sites grows, it becomes incrementally difficult for companies to manage this overall infrastructure from security and data protection standpoints, given that it  is decentralised. 

In the case of WAN, these things need to be managed individually. SD-WAN allows for a centralised point of control, a centralised quality of service deployed as to which particular application needs what kind of treatment and, in case of any kind of issues, how it needs to be treated further.

Is SD-WAN more important now than ever for a post-covid business environment?

During Covid, many organisations have switched to hybrid work models, which is triggering a lot of cloud adoption within enterprises. Organisations have two primary reservations when it comes to enabling remote work. One is the safety and security of the data and, secondly, how they provide a secure tele-worker kind of a solution for remote working. 

It is also important for organisations to manage a consistent policy framework, which is built in such a way that all employees feel they are working in office. Another factor to keep in mind is the flexibility to connect through various kinds of mediums because the employee will not get a similar kind of a connection everywhere.

The flexibility of the medium is important, whether it is a cable connection, or a fibre to home. SD-WAN solutions can be configured to prioritise business critical applications, and bring down the overall latency and packet loss that helps in improving the overall network performance.

Over the past few months, we also found that companies who had already implemented SD-WAN were able to offer WFH options much faster. Enterprises who have adopted SD-WAN have to simply roll out the tele-worker kits, which get integrated into the overall SDN (software-defined networking) fabric and the overall transition to SD-WAN happens. It has enabled organisations to have a faster rollout post-Covid, and achieve bigger uptimes.

Are there any unique challenges in the Indian geography when it comes to SD-WAN deployment?

The overall expectation out of the SD-WAN setup is different. The moment we survey a sample of enterprises, we find that everybody is thinking about SDN differently. Being one of the pioneers in SD-WAN technology, the biggest issue is the lack of understanding in the market.

What the market misunderstands is that SD-WAN is a basic functionality being influenced by vendors. People think it is about link-load balancing, and that it works by providing a centralised management. 

We think of SD-WAN as one solution, which should put security at the centre of the overall solution, which should be able to deliver the application experience, and be able to scale at the enterprise level. As we go deep into each of these three areas, an overall SD-WAN fabric for an organisation should consist of basic things such as link virtualisation, centralised management, standardisation and operational efficiencies, among others.

Customers also see the deployment of SD-WAN as complex in nature and it will have issues in compatibility with legacy WAN and other issues. But if it is planned carefully, it can be done right in the first try. Specifically in the Indian geography, we have transitioned our customers from legacy WAN to SD-WAN successfully. In short, we have the required expertise to change the engines of a plane in flight.

What are the expected growth numbers for SD-WAN in India? What type of growth is Cisco betting on for SD-WAN?

We are very bullish about growth. Undoubtedly, the market is growing and demand is growing right. And it is not growing because Cisco wants it to or maybe some OEM or vendor wants it to. It is growing because it is the need of the hour.

Could you give an example of how an enterprise increased efficiency post adoption of SD-WAN?

Let’s talk about a bank that has between 10,000 and 12,000 branches running on legacy infrastructure with a mix of at least four or five service providers with MPLS, point-to-point links in most of the cases and in some with last mile RF connectivity to connect some of the remotest branches. When this bank thought of WAN transformation, their 12,000 branches had no standardisation in terms of policy and centralised control.

The second objective they wanted was a good amount of segmentation in terms of the traffic that is originating from branches. For example, they had a core banking system, and modules such as bancassurance, AI/ML modules, anti-money laundering modules and others. All these modules were going through a common pipe that was secured.

But as new-age applications came into play, there is an increased need of having direct internet access through the branch, which we worked on through an engagement period of six months.

How did this add value to the bank’s operations? 

One incremental value addition was a need for deep packet inspection at the edge, at the branch levels. If we have a doubt about malicious activity originating from a single bank, we should be able to segmentise and cut out the malicious traffic at the branch before it can move to the data centre. We were able to draw the blueprint, transition plan, and 2,000-odd branches have so far gone live on Cisco SD-WAN.

How can a Bank's CIO or head of IT strategise an optimum network security protocol? Is the security from SD-WAN sufficient? 

One of the crucial applications of SD-WAN is definitely the growing need of cyber security at the edge level because no one wants to get the dirty traffic all the way to the data centre, and then try to eliminate it because it can compromise the entire data centre.

Whether the traffic originates from the data centre, internet site or any other application hosted on the cloud, the organisation should be capable of monitoring it. The crucial point is that SD-WAN can protect application traffic from threats within the enterprise and also from outside by leveraging a full stack of security solutions integrated completely into it.

It also provides a micro segmentation that is segmenting traffic based on application characteristics, performance requirements and the security policies for that particular type of traffic. This needs to be done with the right SD-WAN solution, which can deploy a final grained segmentation approach that can be extended right to the access layer within the branch. It is also sometimes beyond the segmentation policies and beyond the WAN edge.

The solution should also be able to give greater visibility with being able to centrally manage and monitor the latencies, jitters, performance issues, or losses that may arise either because of malicious traffic or because of link related issues. Our solution is designed natively to take care of all the security requirements.

When we talk to CIOs, our approach is to make sure they understand the advantages at the branch level, so that they are comfortable that it is not just a centrally-managed solution but a fabric that extends security right from the branch.

---