What new calls for will networks face in 2025? On this weblog collection the Cisco IT networking workforce will share our imaginative and prescient for the way forward for our community—and the investments we’re making to get there.
Predicting future community calls for is trickier now than any time in my profession. Take into account the final couple of years. Over just a few weeks in March and April 2020, COVID-19 despatched our whole workforce residence to work, making the enterprise utterly reliant on distant entry. The 16 firms we’ve acquired since 2020 needed to be securely joined to our community. Within the face of ongoing provide chain disruptions triggered by the pandemic and geo-political occasions, we’ve needed to rapidly onboard new companions to our community and simply as rapidly disconnect others. Expectations for knowledge privateness and knowledge sovereignty have grown.
What modifications will the following three years carry? Nobody can know, so agility is essential.
Why we’re re-architecting our community—enterprise drivers
Right here’s what we do know. From now by means of 2025, our community might want to adapt rapidly to a shifting mixture of customers, units, functions, and knowledge that hold shifting round. Take into account my workday. On a given Monday morning I is perhaps working at residence, within the workplace, or in a coworking area. I’ll hook up with functions hosted in our knowledge middle, public clouds, and SaaS like Webex, Microsoft 365, and ThousandEyes.
Constructing a safe, agile community now will save us from having to scramble when the surprising occurs. We have to do it rapidly, at scale, and whereas holding operational prices down.
Transitioning to a safe, agile community
To satisfy these challenges, we’re following the fashionable community rules proven in Determine 1:
- Centralized machine administration. Gadget-by-device administration utilizing a command line interface is a time sink. We’re shifting to centralized administration utilizing controllers.
- Automated operations. Guide operations, like updating firewall guidelines each time we add or retire servers or carry on new companions, aren’t sustainable for dynamic companies like ours. We’re working to automate modifications primarily based on insights from community conduct, in any other case often called AIOps. Treating infrastructure as code (IaC) will assist to make our providers constant and standardized.
- Web transport. The web is ubiquitous. We’re leveraging it to attach staff, functions, and knowledge wherever on this planet—together with staff’ houses, our personal knowledge facilities, colocation services, and public clouds. The open web is insecure, so we use an SD-WAN overlay to guard knowledge in movement.
- Identification-based safety. Entry insurance policies that depend upon the situation of the particular person or machine aren’t sensible with a distributed workforce. We’re shifting to identity-based safety, granting every particular person or machine the identical privileges regardless of the place or once they attempt to join.
- Community administration and safety within the cloud, “as a service.” Augmenting our on-premises community administration software program with cloud-based IT providers will scale back the prices of infrastructure, area, energy, and cooling.
Our strategic community investments—30,000-foot view
Determine 2 reveals the applied sciences we’re investing in to construct a safe, agile community with the capabilities I simply listed. It’s a suggestions loop: Sense community exercise by accumulating telemetry from infrastructure. Achieve insights (site visitors patterns, safety threats, and so on.) utilizing synthetic intelligence and machine studying (AI/ML). Then routinely re-program infrastructure primarily based on these insights. Repeat.
Right here’s a abstract of how we’re investing to make the imaginative and prescient in determine 2 a actuality. In future blogs we’ll drill down into every functionality.
Borrowing from fashionable utility improvement, community engineers are beginning to deal with infrastructure as code in order that they’ll automate modifications. We in Cisco IT are already automating sure duties in components of our community. However scattered pockets of automation are tough to assist, so we’re evolving from automating particular person duties to automating end-to-end processes.
Our future structure will use AIOps, frequently updating infrastructure primarily based on insights gleaned from telemetry. Community controllers will make modifications routinely—initially utilizing guidelines we offer, and later primarily based on machine studying. Already, our SD-WAN controllers frequently assess hyperlink efficiency to decide on the very best path to satisfy the appliance service stage settlement. Taking people out of the loop will enable us to make modifications quicker and with out the danger of typos.
When most functions and knowledge lived in our knowledge facilities, it made sense to route community requests from branches and staff’ residence places of work to the information middle. We constructed a platform for connectivity and safety that we deployed on-premises, known as CloudPort. However with a hybrid workforce and rising use of cloud providers, routing all requests by means of the information middle burdens the community and might negatively have an effect on the consumer expertise.
In the present day we’re shifting community aggregation and safety to the cloud edge—nearer to cloud workloads and SaaS suppliers. We’re beginning to use providers like Safe Entry Service Edge (SASE) along with “as-a-service” suppliers for middle-mile connectivity. The cloud edge will assist us adapt to new site visitors patterns and safety wants, whereas additionally decreasing our working prices by utilizing as-a-service consumption fashions.
A standard WAN can’t sustain with the brand new cloud edge. Our present method has two limitations. First, not all site visitors must be secured with an on-premises firewall. As we proceed emigrate extra functions to the cloud, it doesn’t make sense to carry all the things over the non-public WAN to the on-premises community. Second, our backup WAN hyperlinks are costly and infrequently underutilized.
SD-WAN expertise helps us use the web extra successfully, decreasing general prices. A centralized controller makes clever coverage choices—for instance, when to route site visitors over our MPLS community, and when to make use of the web path. Some SaaS functions will use the SD-WAN Cloud OnRamp instantly from the web path, and cloud-hosted functions will use SASE (weblog right here). A centralized controller additionally simplifies community automation and retains coverage constant in all areas.
Our multicloud surroundings consists of our on-premises non-public cloud and the third-party clouds we use for IaaS, PaaS, and SaaS. We would like enterprise groups to have the flexibleness to deploy functions in no matter cloud surroundings makes probably the most sense for his or her use case.
We’ve enabled software-defined networking (SDN) for our non-public cloud utilizing Cisco Utility Centric Infrastructure (ACI). By means of automation, functions in public clouds can hook up with databases or infrastructure providers in our non-public cloud. Sooner or later, functions operating in our non-public cloud will replicate routinely to the general public cloud once they want extra sources—for instance, at quarter finish.
Folks and units hook up with our community from all over the world. We need to outline entry insurance policies as soon as, handle them centrally, and implement them in every single place. In our future community, we’ll frequently confirm identification and machine standing after a connection has been established. (Simply because we belief a consumer or machine when it connects doesn’t imply we should always belief it all through the connection.) We’ll additionally use microsegmentation to tightly management which customers and units can hook up with which sources, limiting the unfold of any threats that handle to get previous our defenses. Together, continuous consumer and machine authentication and microsegmentation are the premise of our zero-trust framework.
Think about a pair hundred places of work out of the blue increasing to hundreds of residence places of work. That is what our community workforce skilled within the quick aftermath of the pandemic. We additionally needed to grapple with the truth that Cisco staff’ residence networks have been additionally utilized by their relations and roommates.
To adapt to those modifications, we’re bringing the community nearer to our customers with enterprise-class residence networking. This consists of quick Wi-Fi 6 connectivity, SD-WAN primarily based transport, and cloud-based safety. We’re aiming to ship the identical nice expertise and extremely safe entry to individuals working from residence, on any machine, that they now have within the workplace. Staff will handle their residence networks themselves utilizing a cloud-based platform. That platform will carry in additional insights in regards to the consumer expertise from one other cloud service, ThousandEyes.
That’s the Cliff Notes model of the long run community structure. Examine again for follow-up blogs that designate extra about every component described right here.
What would you wish to see in a future community? Please sort within the remark field.
Comply with Cisco IT on social!
Share:
