Cisco Viptela SD WAN & SASE Cybersecurity Solutions

Cisco Viptela SD WAN and SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Cisco Viptela and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

A powerful but complex solution ideal for large global enterprises. Requires IT team expertise to deploy and manage effectively. Features such as Cisco ThousandEyes allow SaaS, Internet and cloud applications to be analyzed at a granular level. Cisco Viptela is ideally suited for advanced routing and scenarios that require flexible deployments. 

About Cisco Viptela

Viptela was a privately held company based in San Jose, California which delivered a cloud-first SD WAN solution. The company was acquired by Cisco in 2017, because Viptela’s software-driven and cloud-first WAN architecture integrated well with Cisco’s Digital Network Architecture (DNA), building on automation, virtualisation and analytical capabilities. Viptela was named in Forrester’s Wave on Zero-trust as a leader for two consecutive years and currently deploy in 70% of the Fortune 100, with large a large presence in all major sectors. Cisco Viptela are industry specialists with decades of experience. 

What is the Cisco Viptela SD WAN Solution?

Cisco Viptela is a complex and high level SD WAN offering multi-cloud capabilities. Viptela’s solution can be deployed as physical, virtual or cloud form. The solution can be fully managed, however can also be co managed indirectly via a Viptela service provider, integrator partner as well as a DIY solution, leveraging pre-existing IT teams. SD WAN can be deployed as multi-tenant, on premises or via the cloud using branch, cloud and colocation edge infrastructure. Using the Cisco Catalyst 8000v edge software or Cloud Services Router 1000v Cisco SD WAN can be deployed into cloud environments. 

Configuration-Based Key Features:

• Cisco ThousandEyes: Improves understanding of application performance issues, using vAnalytics and quality of experience (QoE) which translate data into virtualised insights that provide visibility across the WAN, including the cloud, internet and SaaS. This integrates with Cisco Catalyst 8200 and 8500 Series Edge platforms and Cisco 4000 Series Integrated Service Routers.
• Cloud-scale Infrastructure: High availability and throughput, multi gigabit port options, 5G cellular links and powerful encryption are supported by SD WAN.
• Cisco Digital Network Architecture Software: Assures and automates services across the network via software delivery. Cisco DNA software is used for SD WAN and routing and is available in three tier subscriptions: Essentials, Advantage and Premier. 

Security-Based Key Features:

• SASE: Viptela offers integrated SASE security (see, What is the Cisco Viptela SASE security solution?)
• On-Premises Security: Clients can choose between SASE or on-premises security which provides secure WAN access by using embedded SSL deception, enterprise firewall, intrusion prevention, URL filtering and malware sandboxing.
• Cisco Umbrella Cloud Security: Utilizes internet infrastructure to provide security and prevent malicious activity from starting. As a cloud-based solution, there is no hardware to install saving time and money. 

Performance-Based Key Features:

• Cloud OnRamp: Product designed to provide connectivity to the public cloud and simplify workload for AWS, Azure and Google Cloud, whilst automating on-demand connectivity to multiple sites and leading cloud provider networks using software-defined cloud interconnect (SDCI) providers such as Equinix and Megaport. Also offers some elements of application acceleration (See, Does Cisco Viptela offer WAN acceleration and optimization?).
• Voice and Collaboration: Unified communications provides integration for collaboration tools using APIs for more effective user experiences that can be accessed as on premises software, as a service from cloud providers (UaaS) or partner hosted.
• Application Quality of Experience (AppQoE): The limitations of traditional WAN are a multidimensional problem. Cisco Viptela’s SD WAN solution features a range of tools and capabilities to ensure peak performance of business critical applications.

What is the Cisco Viptela SASE security solution?

Cisco Viptela employs an integrated SASE security solution that unifies network and security under one cloud-delivered service. The SASE solution can be deployed on-site or with Cisco Umbrella Cloud Security, providing network protection against web based attacks. Segmentation allows for mission critical assets to be isolated and protected from anywhere across the network. 

• Cisco Secure Access by Duo: Implements Zero-Trust policies for all users and protects applications with custom security policies. Centralizes security that can be rapidly deployed and provides the following features: Adaptive policies, Device visibility, Remote access with or without VPN, Multi-factor authentication (MFA) and Single Sign On (SSO) for all applications. 
• Cisco Umbrella Secure Internet Gateway: Unifies the DNS-layer security, cloud access security broker, firewall and secure web gateway into a single cloud service. 
• Cisco Talos: Cisco’s threat intelligence group, identifies and analyzes threats to enterprise networks.

How does Cisco Viptela access cloud vendors?

Viptela SD WAN cloud interconnect, connects site to site or multi-cloud services via a cloud agnostic backbone. This allows Viptela to access cloud vendors and IaaS environments such as Microsoft Azure, Google Cloud and AWS. 

Cisco is an AWS QuickStarts partner for security and compliance. It leverages a virtual private cloud with an AWS Transit Gateway route table, which extends connectivity to on-premises resources that use either an AWS site-to-site VPN or AWS DirectConnect gateway. They also feature on Azure’s marketplace offering Cisco Cloud vWAN application for Azure virtual WAN. 

Cisco’s joint solution with Google Cloud leverages Cisco SD WAN cloud hub and Google Cloud Network Connectivity Center to connect branch sites and on-premises data centers to the cloud.

Does Cisco Viptela offer WAN acceleration and optimization?

Viptela offer WAN acceleration and optimization using Cisco Cloud OnRamp, which ensures that high SLAs and performance are maintained for critical applications. Automated dynamic path selection automatically steers critical traffic around network problems and issues are mitigated in real-time, ensuring optimal performance for cloud-applications such as Microsoft 365 and Salesforce. This also enables fast infrastructure migration to all major public clouds such as AWS, Azure and Google Cloud, with colocation facilities providing policy enforcement independent from cloud providers. 

Direct internet access (DIA) is also provided to optimize branch workloads without compromising security. Acceleration to SASE architecture is available using Cisco Umbrella Platform, a cloud-based product that protects against security blind spots and cyber threats. Clients can choose to prioritize network traffic such as cloud applications, unified communications and guest access.

How does Cisco Viptela support remote users?

Remote users are connected to the internet or enterprise network using the Cisco AnyConnect security end point agent. Viptela’s solution provides remote users with secure access from any device, anywhere in the world whilst also protecting the integrity of corporate network security. This utilizes posture enforcement, roaming protection and web security features to provision secure access to applications, internet or internal resources. Viptela provides a simple single client for endpoint and cloud security and functionality control. Viptela AnyConnect is cross-platform and supports multiple devices.

What is the Cisco Viptela managed, co-managed and DIY services solution? 

Viptela does not offer their own managed services, instead service providers such as Verizon offer managed services for Viptela solutions. Cisco Viptela offer DIY SD WAN solutions that should be considered for enterprises with robust IT teams that possess high levels of expertise. However they offer both co-managed and fully managed SD WAN via third party service providers. Viptela services are best purchased via an accredited reseller.

What Reporting and Management is available via the Cisco Viptela Portal?

vManage is Viptela’s reporting and management dashboard, designed to simplify network operations. The dashboard allows users to connect all company data centers, branches, core and campus locations, colocation facilities, cloud infrastructure and remote workers (See, How does Cisco Viptela support remote users?). This provides one area for centralized configuration management and operations to be monitored across the entire SD WAN. It also includes Cisco Umbrella for accelerated access to SASE. This is enabled by Cisco SD WAN applying the Overlay Management Protocol (OMP) to the entire WAN.

What is the Cisco Viptela SLA?

Cisco Viptela do not have a Service Level Agreement as they do not provide managed services themselves or offer underlay connectivity. Customers are able to set their own SLAs however using Cisco products.