What new calls for will networks face in 2025? On this weblog sequence the Cisco IT networking staff will share our imaginative and prescient for the way forward for our community—and the investments we’re making to get there.
Predicting future community calls for is trickier now than any time in my profession. Think about the final couple of years. Over a couple of weeks in March and April 2020, COVID-19 despatched our total workforce house to work, making the enterprise utterly reliant on distant entry. The 16 firms we’ve acquired since 2020 needed to be securely joined to our community. Within the face of ongoing provide chain disruptions triggered by the pandemic and geo-political occasions, we’ve needed to rapidly onboard new companions to our community and simply as rapidly disconnect others. Expectations for knowledge privateness and knowledge sovereignty have grown.
What adjustments will the subsequent three years convey? Nobody can know, so agility is vital.
Why we’re re-architecting our community—enterprise drivers
Right here’s what we do know. From now by way of 2025, our community might want to adapt rapidly to a shifting mixture of customers, gadgets, functions, and knowledge that maintain transferring round. Think about my workday. On a given Monday morning I is perhaps working at house, within the workplace, or in a coworking house. I’ll connect with functions hosted in our knowledge heart, public clouds, and SaaS like Webex, Microsoft 365, and ThousandEyes.
Constructing a safe, agile community now will save us from having to scramble when the surprising occurs. We have to do it rapidly, at scale, and whereas preserving operational prices down.
Transitioning to a safe, agile community
To satisfy these challenges, we’re following the trendy community ideas proven in Determine 1:
- Centralized system administration. System-by-device administration utilizing a command line interface is a time sink. We’re transferring to centralized administration utilizing controllers.
- Automated operations. Guide operations, like updating firewall guidelines each time we add or retire servers or convey on new companions, aren’t sustainable for dynamic companies like ours. We’re working to automate adjustments based mostly on insights from community habits, in any other case referred to as AIOps. Treating infrastructure as code (IaC) will assist to make our providers constant and standardized.
- Web transport. The web is ubiquitous. We’re leveraging it to attach employees, functions, and knowledge wherever on the earth—together with workers’ properties, our personal knowledge facilities, colocation amenities, and public clouds. The open web is insecure, so we use an SD-WAN overlay to guard knowledge in movement.
- Id-based safety. Entry insurance policies that depend upon the placement of the individual or system aren’t sensible with a distributed workforce. We’re shifting to identity-based safety, granting every individual or system the identical privileges regardless of the place or after they attempt to join.
- Community administration and safety within the cloud, “as a service.” Augmenting our on-premises community administration software program with cloud-based IT providers will cut back the prices of infrastructure, house, energy, and cooling.
Our strategic community investments—30,000-foot view
Determine 2 exhibits the applied sciences we’re investing in to construct a safe, agile community with the capabilities I simply listed. It’s a suggestions loop: Sense community exercise by amassing telemetry from infrastructure. Achieve insights (site visitors patterns, safety threats, and so forth.) utilizing synthetic intelligence and machine studying (AI/ML). Then mechanically re-program infrastructure based mostly on these insights. Repeat.
Right here’s a abstract of how we’re investing to make the imaginative and prescient in determine 2 a actuality. In future blogs we’ll drill down into every functionality.
Borrowing from fashionable utility growth, community engineers are beginning to deal with infrastructure as code in order that they’ll automate adjustments. We in Cisco IT are already automating sure duties in components of our community. However scattered pockets of automation are tough to help, so we’re evolving from automating particular person duties to automating end-to-end processes.
Our future structure will use AIOps, frequently updating infrastructure based mostly on insights gleaned from telemetry. Community controllers will make adjustments mechanically—initially utilizing guidelines we offer, and later based mostly on machine studying. Already, our SD-WAN controllers frequently assess hyperlink efficiency to decide on the very best path to fulfill the appliance service stage settlement. Taking people out of the loop will permit us to make adjustments quicker and with out the danger of typos.
When most functions and knowledge lived in our knowledge facilities, it made sense to route community requests from branches and workers’ house places of work to the info heart. We constructed a platform for connectivity and safety that we deployed on-premises, known as CloudPort. However with a hybrid workforce and rising use of cloud providers, routing all requests by way of the info heart burdens the community and might negatively have an effect on the consumer expertise.
At present we’re transferring community aggregation and safety to the cloud edge—nearer to cloud workloads and SaaS suppliers. We’re beginning to use providers like Safe Entry Service Edge (SASE) together with “as-a-service” suppliers for middle-mile connectivity. The cloud edge will assist us adapt to new site visitors patterns and safety wants, whereas additionally decreasing our working prices by utilizing as-a-service consumption fashions.
A conventional WAN can’t sustain with the brand new cloud edge. Our present strategy has two limitations. First, not all site visitors must be secured with an on-premises firewall. As we proceed emigrate extra functions to the cloud, it doesn’t make sense to convey every little thing over the non-public WAN to the on-premises community. Second, our backup WAN hyperlinks are costly and infrequently underutilized.
SD-WAN know-how helps us use the web extra successfully, decreasing total prices. A centralized controller makes clever coverage selections—for instance, when to route site visitors over our MPLS community, and when to make use of the web path. Some SaaS functions will use the SD-WAN Cloud OnRamp instantly from the web path, and cloud-hosted functions will use SASE (weblog right here). A centralized controller additionally simplifies community automation and retains coverage constant in all areas.
Our multicloud surroundings consists of our on-premises non-public cloud and the third-party clouds we use for IaaS, PaaS, and SaaS. We wish enterprise groups to have the flexibleness to deploy functions in no matter cloud surroundings makes probably the most sense for his or her use case.
We’ve enabled software-defined networking (SDN) for our non-public cloud utilizing Cisco Software Centric Infrastructure (ACI). By way of automation, functions in public clouds can connect with databases or infrastructure providers in our non-public cloud. Sooner or later, functions working in our non-public cloud will replicate mechanically to the general public cloud after they want extra sources—for instance, at quarter finish.
Folks and gadgets connect with our community from world wide. We need to outline entry insurance policies as soon as, handle them centrally, and implement them all over the place. In our future community, we’ll frequently confirm id and system standing after a connection has been established. (Simply because we belief a consumer or system when it connects doesn’t imply we must always belief it at some point of the connection.) We’ll additionally use microsegmentation to tightly management which customers and gadgets can connect with which sources, limiting the unfold of any threats that handle to get previous our defenses. Together, continuous consumer and system authentication and microsegmentation are the idea of our zero-trust framework.
Think about a pair hundred places of work immediately increasing to hundreds of house places of work. That is what our community staff skilled within the instant aftermath of the pandemic. We additionally needed to grapple with the truth that Cisco workers’ house networks have been additionally utilized by their members of the family and roommates.
To adapt to those adjustments, we’re bringing the community nearer to our customers with enterprise-class house networking. This consists of quick Wi-Fi 6 connectivity, SD-WAN based mostly transport, and cloud-based safety. We’re aiming to ship the identical nice expertise and extremely safe entry to folks working from house, on any system, that they now have within the workplace. Staff will handle their house networks themselves utilizing a cloud-based platform. That platform will convey in additional insights in regards to the consumer expertise from one other cloud service, ThousandEyes.
That’s the Cliff Notes model of the long run community structure. Verify again for follow-up blogs that specify extra about every aspect described right here.
What would you prefer to see in a future community? Please kind within the remark field.
Observe Cisco IT on social!
Share: