Cisco IT—our future community – Cisco Blogs

What new calls for will networks face in 2025? On this weblog sequence the Cisco IT networking workforce will share our imaginative and prescient for the way forward for our community—and the investments we’re making to get there. 

Predicting future community calls for is trickier now than any time in my profession. Think about the final couple of years. Over just a few weeks in March and April 2020, COVID-19 despatched our complete workforce residence to work, making the enterprise fully reliant on distant entry. The 16 corporations we’ve acquired since 2020 needed to be securely joined to our community. Within the face of ongoing provide chain disruptions triggered by the pandemic and geo-political occasions, we’ve needed to shortly onboard new companions to our community and simply as shortly disconnect others. Expectations for knowledge privateness and knowledge sovereignty have grown.

What modifications will the following three years carry? Nobody can know, so agility is essential.

 

Why we’re re-architecting our community—enterprise drivers

Right here’s what we do know. From now by means of 2025, our community might want to adapt shortly to a shifting mixture of customers, gadgets, functions, and knowledge that maintain transferring round. Think about my workday. On a given Monday morning I could be working at residence, within the workplace, or in a coworking area. I’ll hook up with functions hosted in our knowledge middle, public clouds, and SaaS like Webex, Microsoft 365, and ThousandEyes.

Constructing a safe, agile community now will save us from having to scramble when the sudden occurs. We have to do it shortly, at scale, and whereas maintaining operational prices down.

 

Transitioning to a safe, agile community

To satisfy these challenges, we’re following the fashionable community rules proven in Determine 1:

• Centralized gadget administration. System-by-device administration utilizing a command line interface is a time sink. We’re transferring to centralized administration utilizing controllers.
• Automated operations. Guide operations, like updating firewall guidelines at any time when we add or retire servers or carry on new companions, aren’t sustainable for dynamic companies like ours. We’re working to automate modifications primarily based on insights from community conduct, in any other case often known as AIOps. Treating infrastructure as code (IaC) will assist to make our providers constant and standardized.
• Web transport. The web is ubiquitous. We’re leveraging it to attach staff, functions, and knowledge anyplace on this planet—together with staff’ houses, our personal knowledge facilities, colocation services, and public clouds. The open web is insecure, so we use an SD-WAN overlay to guard knowledge in movement.
• Identification-based safety. Entry insurance policies that rely on the situation of the particular person or gadget aren’t sensible with a distributed workforce. We’re shifting to identity-based safety, granting every particular person or gadget the identical privileges irrespective of the place or once they attempt to join.
• Community administration and safety within the cloud, “as a service.” Augmenting our on-premises community administration software program with cloud-based IT providers will scale back the prices of infrastructure, area, energy, and cooling.

Our strategic community investments—30,000-foot view

Determine 2 exhibits the applied sciences we’re investing in to construct a safe, agile community with the capabilities I simply listed. It’s a suggestions loop: Sense community exercise by amassing telemetry from infrastructure. Achieve insights (visitors patterns, safety threats, and so forth.) utilizing synthetic intelligence and machine studying (AI/ML). Then routinely re-program infrastructure primarily based on these insights. Repeat.

Right here’s a abstract of how we’re investing to make the imaginative and prescient in determine 2 a actuality. In future blogs we’ll drill down into every functionality.

 

Borrowing from fashionable utility improvement, community engineers are beginning to deal with infrastructure as code in order that they will automate modifications. We in Cisco IT are already automating sure duties in components of our community. However scattered pockets of automation are tough to help, so we’re evolving from automating particular person duties to automating end-to-end processes.

Our future structure will use AIOps, regularly updating infrastructure primarily based on insights gleaned from telemetry. Community controllers will make modifications routinely—initially utilizing  guidelines we offer, and later primarily based on machine studying. Already, our SD-WAN controllers regularly assess hyperlink efficiency to decide on the most effective path to satisfy the applying service stage settlement. Taking people out of the loop will enable us to make modifications sooner and with out the danger of typos.

When most functions and knowledge lived in our knowledge facilities, it made sense to route community requests from branches and staff’ residence places of work to the information middle. We constructed a platform for connectivity and safety that we deployed on-premises, referred to as CloudPort. However with a hybrid workforce and rising use of cloud providers, routing all requests by means of the information middle burdens the community and may negatively have an effect on the consumer expertise.

At this time we’re transferring community aggregation and safety to the cloud edge—nearer to cloud workloads and SaaS suppliers. We’re beginning to use providers like Safe Entry Service Edge (SASE) along with “as-a-service” suppliers for middle-mile connectivity. The cloud edge will assist us adapt to new visitors patterns and safety wants, whereas additionally decreasing our working prices by utilizing as-a-service consumption fashions.

A standard WAN can’t sustain with the brand new cloud edge. Our present method has two limitations. First, not all visitors must be secured with an on-premises firewall. As we proceed emigrate extra functions to the cloud, it doesn’t make sense to carry every thing over the personal WAN to the on-premises community. Second, our backup WAN hyperlinks are costly and sometimes underutilized.

SD-WAN know-how helps us use the web extra successfully, reducing total prices. A centralized controller makes clever coverage selections—for instance, when to route visitors over our MPLS community, and when to make use of the web path. Some SaaS functions will use the SD-WAN Cloud OnRamp straight from the web path, and cloud-hosted functions will use SASE (weblog right here). A centralized controller additionally simplifies community automation and retains coverage constant in all areas.

Our multicloud surroundings consists of our on-premises personal cloud and the third-party clouds we use for IaaS, PaaS, and SaaS. We would like enterprise groups to have the flexibleness to deploy functions in no matter cloud surroundings makes probably the most sense for his or her use case.

We’ve enabled software-defined networking (SDN) for our personal cloud utilizing Cisco Software Centric Infrastructure (ACI). By automation, functions in public clouds can hook up with databases or infrastructure providers in our personal cloud. Sooner or later, functions operating in our personal cloud will replicate routinely to the general public cloud once they want extra sources—for instance, at quarter finish.

Individuals and gadgets hook up with our community from around the globe. We wish to outline entry insurance policies as soon as, handle them centrally, and implement them in every single place. In our future community, we’ll regularly confirm id and gadget standing after a connection has been established. (Simply because we belief a consumer or gadget when it connects doesn’t imply we must always belief it during the connection.) We’ll additionally use microsegmentation to tightly management which customers and gadgets can hook up with which sources, limiting the unfold of any threats that handle to get previous our defenses. Together, continuous consumer and gadget authentication and microsegmentation are the premise of our zero-trust framework.

Think about a pair hundred places of work immediately increasing to hundreds of residence places of work. That is what our community workforce skilled within the quick aftermath of the pandemic. We additionally needed to grapple with the truth that Cisco staff’ residence networks had been additionally utilized by their members of the family and roommates.

To adapt to those modifications, we’re bringing the community nearer to our customers with enterprise-class residence networking. This consists of quick Wi-Fi 6 connectivity, SD-WAN primarily based transport, and cloud-based safety. We’re aiming to ship the identical nice expertise and extremely safe entry to folks working from residence, on any gadget, that they now have within the workplace. Workers will handle their residence networks themselves utilizing a cloud-based platform. That platform will carry in additional insights concerning the consumer expertise from one other cloud service, ThousandEyes.

 

That’s the Cliff Notes model of the long run community structure. Examine again for follow-up blogs that specify extra about every component described right here.

 

What would you prefer to see in a future community? Please sort within the remark field.

 

Observe Cisco IT on social!

Twitter
Fb
YouTube

Share: