Cisco Viptela SD WAN & SASE Cybersecurity Solutions

Cisco Viptela SD WAN and SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Cisco Viptela and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Cisco Viptela is Cisco System’s global enterprise offering. The solution can cope with large global deployments, sometimes spanning multiple underlays and service providers worldwide. However, Viptela’s highly capable offering is complex and, in some cases, challenging to manage, requiring a level of expertise to get the most out of the solution. The IT support from Viptela is quick to respond, and clients can receive onboarding training, to begin with - although some previous clients suggest that the process can be long-winded, with a separate course for each device.

Viptela is unsuitable for SMEs as the offering targets global deployments with many sites. Some previous customers reported a wide range of software options in the Viptela solution, making choosing a solution difficult and the training required more complex. Features such as Cisco ThousandEyes allow SaaS, Internet and cloud applications analysis at a granular level. Cisco Viptela is ideally suited for advanced routing and scenarios that require flexible deployments.

In all, Cisco Viptela is suitable for large global enterprise deployments with strong IT teams capable of handling a highly complex solution.

About Cisco Viptela

Viptela was founded in 2012 by CEO Ramesh Prabagaran and CTO Nehal Bhan. The company was acquired by Cisco Systems in 2017 for $610 million as their cloud-based SD WAN solution (with advanced routing, segmentation and security capabilities) for large enterprises. Cisco chose Viptela’s software-driven and cloud-first WAN architecture because it integrated well with Cisco’s Digital Network Architecture (DNA), building on automation, virtualization and analytical capabilities.

Viptela was named in Forrester’s Wave on Zero-trust as a leader for two consecutive years and currently deploys in 70% of the Fortune 100, with a significant presence in all major sectors. Cisco Viptela is an industry specialist with decades of experience.

What is the Cisco Viptela SD WAN Solution?

Cisco Viptela is a complex and high-level SD WAN offering multi-cloud capabilities. Clients can deploy Viptela’s solution in physical, virtual or cloud form. Cisco Viptela can fully manage the solution; however, it can also be co-managed indirectly via a Viptela service provider, integrator partner or as a DIY solution, leveraging pre-existing IT teams. SD WAN can be deployed as multi-tenant, on-premises or via the cloud using branch, cloud and colocation edge infrastructure. Cisco SD WAN can be deployed into cloud environments using the Cisco Catalyst 8000v edge software or Cloud Services Router 1000v. 

Configuration-Based Key Features:

• Cisco ThousandEyes: Improves understanding of application performance issues, using vAnalytics and quality of experience (QoE), which translate data into virtualized insights that provide visibility across the WAN, including the cloud, internet and SaaS. Cisco ThousandEyes integrates with Cisco Catalyst 8200 and 8500 Series Edge platforms and Cisco 4000 Series Integrated Service Routers.
• Cloud-scale Infrastructure: SD WAN supporting high availability and throughput, multi-gigabit port options, 5G cellular links and powerful encryption.
• Cisco Digital Network Architecture Software: Assures and automates services across the network via software delivery. Cisco DNA software is used for SD WAN and routing and is available in three-tier subscriptions: Essentials, Advantage and Premier. 

Security-Based Key Features:

• SASE: Viptela offers integrated SASE security (see, What is the Cisco Viptela SASE security solution?)
• On-Premises Security: Clients can choose between SASE or on-premises security, which provides secure WAN access using embedded SSL deception, enterprise firewall, intrusion prevention, URL filtering and malware sandboxing.
• Cisco Umbrella Cloud Security: Provides security and prevents the malicious activity from starting by utilizing internet infrastructure. As a cloud-based solution, there is no hardware to install, saving time and money. 

Performance-Based Key Features:

• Cloud OnRamp: Product designed to provide connectivity to the public cloud and simplify the workload for AWS, Azure and Google Cloud whilst automating on-demand connectivity to multiple sites and leading cloud provider networks using software-defined cloud interconnect (SDCI) providers such as Equinix and Megaport. It also offers some elements of application acceleration (see, Does Cisco Viptela offer WAN acceleration and optimization?).
• Voice and Collaboration: Unified communications integrate collaboration tools using APIs for more compelling user experiences accessible as on-premises software, as a service from cloud providers (UaaS), or as partner-hosted.
• Application Quality of Experience (AppQoE): The limitations of traditional WAN are a multidimensional problem. Cisco Viptela’s SD WAN solution features a range of tools and capabilities to ensure the peak performance of business-critical applications.

From 2022, Cisco has added SD-WAN traffic encryption across private backbone or public networks. Traffic encryption is enabled through partnerships with providers such as Megaport to support encrypted SD-WAN traffic as it crosses middle-mile networks as part of the SD-WAN overlay network. Cisco vAnalytics can monitor performance and control application traffic generated from attached Microsoft 365 clouds.

Additionally, Cisco SD-WAN software can now create multiple regions within overlay networks, with inter-regional traffic managed by Cisco SD-WAN’s vManage service for controlling, configuring, and monitoring Cisco devices in the overlays. Cisco has also integrated its vManage and Identity Services Engine (ISE), enabling the configuration of Zero Trust Network Access (ZTNA) policies and identity-based user and device policies.

Furthermore, Cisco now offers Catalyst Wireless Gateway hardware for remote branches or home/hybrid workers. The gateway can be managed via the Cisco SD-WAN dashboard and features LTE failover and Wi-Fi 6 support.

What is the Cisco Viptela SASE security solution?

Cisco Viptela employs an integrated SASE security solution that unifies network and security under one cloud-delivered service. The SASE solution is deployable on-site or with Cisco Umbrella Cloud Security, providing network protection against web-based attacks. Segmentation allows mission-critical assets to be isolated and protected across the network. 

• Cisco Secure Access by Duo: Implements Zero-Trust policies for all users and protects applications with custom security policies. Centralizes security that can be rapidly deployed and provides the following features: Adaptive policies, Device visibility, Remote access with or without VPN, Multi-factor authentication (MFA) and Single Sign On (SSO) for all applications. 
• Cisco Umbrella Secure Internet Gateway: Unifies the DNS-layer security, cloud access security broker, firewall and secure web gateway into a single cloud service. 
• Cisco Talos: Cisco’s threat intelligence group identifies and analyzes threats to enterprise networks.

How does Cisco Viptela access cloud vendors?

Viptela SD WAN cloud interconnect facilitates site-to-site or multi-cloud services via a cloud-agnostic backbone. The SD WAN cloud interconnect allows Viptela to access cloud vendors and IaaS environments such as Microsoft Azure, Google Cloud and AWS.

Cisco is an AWS QuickStarts partner for security and compliance. It leverages a virtual private cloud with an AWS Transit Gateway route table, which extends connectivity to on-premises resources that use either an AWS site-to-site VPN or AWS DirectConnect gateway. They also feature on Azure’s marketplace offering Cisco Cloud vWAN application for Azure virtual WAN.

Cisco’s joint solution with Google Cloud leverages the Cisco SD WAN cloud hub and Google Cloud Network Connectivity Center to connect branch sites and on-premises data centers to the cloud.

Does Cisco Viptela offer WAN acceleration and optimization?

Viptela offers WAN acceleration and optimization using Cisco Cloud OnRamp, maintaining high SLAs and performance for critical applications. Automated dynamic path selection automatically steers critical traffic around network problems, and issues are mitigated in real-time, ensuring optimal performance for cloud applications such as Microsoft 365 and Salesforce. Cisco Cloud OnRamp also enables fast infrastructure migration to all major public clouds, such as AWS, Azure and Google Cloud, with colocation facilities providing policy enforcement independent from cloud providers.

Direct internet access (DIA) optimizes branch workloads without compromising security. Acceleration to SASE architecture is available using the Cisco Umbrella Platform, a cloud-based product that protects against security blind spots and cyber threats. Clients can prioritize network traffic such as cloud applications, unified communications and guest access.

How does Cisco Viptela support remote users?

Remote users are connected to the internet or enterprise network using the Cisco AnyConnect security endpoint agent. Viptela’s solution provides remote users with secure access from any device, anywhere in the world, whilst protecting corporate network security’s integrity. AnyConnect utilizes posture enforcement, roaming protection and web security features to provide secure access to applications, the internet or internal resources. Viptela provides a simple single client for endpoint, cloud security, and functionality control. Viptela AnyConnect is cross-platform and supports multiple devices.

What is the Cisco Viptela managed, co-managed and DIY services solution? 

Viptela does not offer its own managed services. Instead, service providers such as Verizon offer managed services for Viptela solutions. Cisco Viptela offers DIY SD WAN solutions that enterprises with strong IT teams with high levels of expertise should consider. However, they provide both co-managed and fully managed SD WAN via third-party service providers. Viptela services are purchasable via an accredited reseller.

What Reporting and Management is available via the Cisco Viptela Portal?

vManage is Viptela’s reporting and management dashboard, designed to simplify network operations. The dashboard allows users to connect all company data centres, branches, core and campus locations, colocation facilities, cloud infrastructure and remote workers (see, How does Cisco Viptela support remote users?). The dashboard provides one area for centralized configuration management and operations monitoring across the SD WAN. It also includes Cisco Umbrella for accelerated access to SASE. Cisco SD WAN delivers this by applying the Overlay Management Protocol (OMP) to the entire WAN.

What is the Cisco Viptela SLA?

Cisco Viptela does not have a Service Level Agreement as they do not provide managed services or offer underlay connectivity. Customers can set their own SLAs, however, using Cisco products.