Business-critical applications are rapidly migrating from company data centers to the cloud, to make it easy for employees to access them from anywhere and on any device. In addition, the global pandemic is forcing people to work remotely from their homes or any location in the world. These trends are pushing the limits of traditional virtual private networks (VPNs) and wide area networks (WANs) to satisfy the needs of a modern workforce, to provide the same level of network security, performance and quality of service to employees and partners working from remote locations, as they would get working from on-premises (offices).
To address these challenges IT departments are turning to Software Defined Wide Area Networks (SD-WANs), which provide virtualization on top of their existing physical networks in order to increase bandwidth, ensure security and improve connectivity to multi-cloud applications. However, it has become challenging for network administrators to provide and integrated set of DDI services – DNS, DHCP and IP Address Management (IPAM) to gain centralized visibility and control, and reduce risks associated with rogue and unmanaged devices.
Infoblox Network Insight (NIOS 8.6.0) provides API-based integrations with Cisco Meraki and Viptela SD-WAN deployments with application-centric policy management, enhanced network visibility, and simplified security with detection of unauthorized networks using DNS threat analytics.
SD-WAN Is Gaining Momentum
Software Defined Networks (SDNs) make networking more flexible and easier to centrally manage by decoupling applications from infrastructure. SD-WANs make it possible to deploy a network virtualization layer on top of any enterprise’s existing WAN fabric, with centralized network management and provide consistent predictable performance for cloud-based applications.
By 2024, to enhance agility and support for cloud applications, 60% of enterprises will have implemented SD-WAN, compared with about 30% in 2020.
– Gartner MQ for WAN Edge, Sep. 2020
SD-WAN provides true separation of the control plane from the data plane making it easier to offer transport independent access paths. It enables network administrators to centrally manage policies that provide efficient use of available network paths by overlaying multiple connection types, such as – MPLS VPN, Direct Internet Access (DIA), or cellular/LTE access. For example, network administrators can centrally setup application specific policies for VoIP traffic from remote users and branch offices to be always routed through HQ data center, whereas all Email and SaaS application traffic to be routed via DIA, and cellular access overlay be used as a backup in both cases if the primary route fails.
Cisco SD-WAN Solutions
Cisco provides two types of SD-WAN solutions – 1) Cisco Meraki: out-of-the-box SD-WAN solution for small to mid-sized businesses (SMBs) solution for small and medium businesses; 2) Cisco Viptela: an enterprise scale SD-WAN solution for enterprises.
Cisco Meraki
Cisco Meraki provides out-of-the box SD-WAN connectivity for SMBs for dual WANs, with unified management of mobile devices, Macs, PCs, and the entire network from a centralized cloud-based management console. It enforces device security policies, deploy software and apps, and perform remote, live troubleshooting on thousands of managed devices. It automatically classifies bring your own devices (BYOD), letting you distinguish between iPads, iPhones, and Android devices by device operating system and manufacturer. It provides centralized management, activity monitoring and reporting with network access control.
Cisco Viptela
Cisco Viptela provides a more robust SD-WAN connectivity for enterprises for 3 or more WANs, with unified management of endpoints and servers from a centralized cloud-based or on-premises management console. It enforces application-based controls on multiple WAN topologies with TCP and SaaS optimization policies. Cisco Viptela constantly evaluates the fastest route to your applications (such as Office365) and re-routes traffic the appropriate WAN network – either via HQ data center or direct internet access from a branch location.
However, both Cisco SD-WAN solutions do not offer built-in IPAM visibility to really allow you to segment traffic based on IP address spaces by device type (mobile-device, laptop, or server) or by SaaS applications, and ultimately simplify development of TCP/SaaS optimization policies. They do not come with an integrated DHCP service to dynamically assign IP addresses, and DNS Security to dynamically detect and block data exfiltration and malware C&C communications via DNS.
Simplifying Cisco SD-WAN Deployment with Infoblox
Infoblox Network Insight (NIOS 8.6.0) integration with Cisco Meraki and Cisco Viptela, provide expanded coverage of deep network discovery, automation through robust APIs, threat analytics for SD-WAN deployments across branch offices and remote locations.
Infoblox Key Differentiators:
- Deep Discovery and Context: Infoblox delivers application-centric data in an easily consumable network centric context for traditional and hybrid deployments.
- Full IPAM Visibility: Infoblox provides an authoritative source IPAM data for provisioning networks and VLANs, improved reporting and usage.
- Robust APIs to Automate Integration: Infoblox NIOS 8.6.0 provides powerful APIs to automate and simplify integrations with Cisco SDN and SD-WAN solutions.
- Improved Threat Analytics: Infoblox provides access to historical network forensics data to perform threat analytics using user/client mobility in the network.
- Reduce Business Risk: Infoblox enables you to detect unauthorized access to SaaS services, block data exfiltration and malware C&C communications via DNS.
The Infoblox DDI platform along with Infoblox Network Insight (NI) and NI Advisor maximizes network visibility and aids in managing risk for your traditional network elements. NI also helps with new digital imperatives like SD-WAN, IoT, the cloud and mobility. It integrates with other security technologies such as Network Access Control, NG firewalls, and vulnerability scanners to provide invaluable data to security orchestration and automated response (SOAR) solutions. With contextual data, it allows you to quickly contain and remediate cyberthreats, optimize the performance of the entire security ecosystem and reduce the total cost of network infrastructure management.
Learn More about Infoblox Network Insight SDN and SD-WAN Discovery Solution: NIOS 8.6.0 Solution Note