Cisco Viptela SD WAN & SASE Cybersecurity Solutions

Cisco Viptela SD WAN and SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Cisco Viptela and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Cisco Viptela is Cisco System's global enterprise offering. The solution has the capability to cope with very large global deployments, in some cases spanning multiple underlays and multiple service providers worldwide. 

However, Viptela's highly capable offering is complex and in some cases difficult to manage, requiring a level of expertise in order to get the most out of the solution. The IT support from Viptela is quick to respond and clients are offered onboarding training to begin with - although some previous clients suggest that the process can be long-winded, with a separate course for each different device. 

Viptela is not recommended for SMEs as the offering is aimed at global deployments with a large number of sites. Some previous customers report that there is a very wide range of software options in the Viptela solution, which makes choosing a solution difficult and the training required more complex. 

 Features such as Cisco ThousandEyes allow SaaS, Internet and cloud applications to be analyzed at a granular level. Cisco Viptela is ideally suited for advanced routing and scenarios that require flexible deployments. 

In all, Cisco Viptela is ideally suited to large global enterprise deployments with robust IT teams capable of handling a highly complex solution.

About Cisco Viptela

Viptela was founded in 2012 by CEO Ramesh Prabagaran and CTO Nehal Bhan. The company was acquired by Cisco Systems in 2017 for $610 million, as their cloud-based SD WAN solution (with advanced routing, segmentation and security capabilities) for large enterprises. Cisco chose Viptela’s software-driven and cloud-first WAN architecture because it integrated well with Cisco’s Digital Network Architecture (DNA), building on automation, virtualisation and analytical capabilities.

Viptela was named in Forrester’s Wave on Zero-trust as a leader for two consecutive years and currently deploy in 70% of the Fortune 100, with large a large presence in all major sectors. Cisco Viptela are industry specialists with decades of experience. 

What is the Cisco Viptela SD WAN Solution?

Cisco Viptela is a complex and high level SD WAN offering multi-cloud capabilities. Viptela’s solution can be deployed as physical, virtual or cloud form. The solution can be fully managed, however can also be co managed indirectly via a Viptela service provider, integrator partner as well as a DIY solution, leveraging pre-existing IT teams. SD WAN can be deployed as multi-tenant, on premises or via the cloud using branch, cloud and colocation edge infrastructure. Using the Cisco Catalyst 8000v edge software or Cloud Services Router 1000v Cisco SD WAN can be deployed into cloud environments. 

Configuration-Based Key Features:

• Cisco ThousandEyes: Improves understanding of application performance issues, using vAnalytics and quality of experience (QoE) which translate data into virtualised insights that provide visibility across the WAN, including the cloud, internet and SaaS. This integrates with Cisco Catalyst 8200 and 8500 Series Edge platforms and Cisco 4000 Series Integrated Service Routers.
• Cloud-scale Infrastructure: High availability and throughput, multi gigabit port options, 5G cellular links and powerful encryption are supported by SD WAN.
• Cisco Digital Network Architecture Software: Assures and automates services across the network via software delivery. Cisco DNA software is used for SD WAN and routing and is available in three tier subscriptions: Essentials, Advantage and Premier. 

Security-Based Key Features:

• SASE: Viptela offers integrated SASE security (see, What is the Cisco Viptela SASE security solution?)
• On-Premises Security: Clients can choose between SASE or on-premises security which provides secure WAN access by using embedded SSL deception, enterprise firewall, intrusion prevention, URL filtering and malware sandboxing.
• Cisco Umbrella Cloud Security: Utilizes internet infrastructure to provide security and prevent malicious activity from starting. As a cloud-based solution, there is no hardware to install saving time and money. 

Performance-Based Key Features:

• Cloud OnRamp: Product designed to provide connectivity to the public cloud and simplify workload for AWS, Azure and Google Cloud, whilst automating on-demand connectivity to multiple sites and leading cloud provider networks using software-defined cloud interconnect (SDCI) providers such as Equinix and Megaport. Also offers some elements of application acceleration (See, Does Cisco Viptela offer WAN acceleration and optimization?).
• Voice and Collaboration: Unified communications provides integration for collaboration tools using APIs for more effective user experiences that can be accessed as on premises software, as a service from cloud providers (UaaS) or partner hosted.
• Application Quality of Experience (AppQoE): The limitations of traditional WAN are a multidimensional problem. Cisco Viptela’s SD WAN solution features a range of tools and capabilities to ensure peak performance of business critical applications.

From 2022, Cisco has added SD-WAN traffic encryption across private backbone or public networks. Traffic encryption is enabled through partnerships with providers such as Megaport to support encrypted SD-WAN traffic as it crosses middle-mile networks as part of the SD-WAN overlay network. Cisco vAnalytics now can monitor performance and control application traffic generated from attached Microsoft 365 clouds.

Additionally, Cisco SD-WAN software can now create multiple regions within overlay networks, with inter-regional traffic managed by Cisco SD-WAN’s vManage service for controlling, configuring, and monitoring Cisco devices in the overlays. Cisco has also integrated its vManage and Identity Services Engine (ISE), enabling the configuration of Zero Trust Network Access (ZTNA) policies as well as identity-based user and device policies.

Furthermore, Cisco now offers Catalyst Wireless Gateway hardware for remote branches or home/hybrid workers. The gateway can be managed via the Cisco SD-WAN dashboard and features LTE failover and Wi-Fi 6 support.

What is the Cisco Viptela SASE security solution?

Cisco Viptela employs an integrated SASE security solution that unifies network and security under one cloud-delivered service. The SASE solution can be deployed on-site or with Cisco Umbrella Cloud Security, providing network protection against web based attacks. Segmentation allows for mission critical assets to be isolated and protected from anywhere across the network. 

• Cisco Secure Access by Duo: Implements Zero-Trust policies for all users and protects applications with custom security policies. Centralizes security that can be rapidly deployed and provides the following features: Adaptive policies, Device visibility, Remote access with or without VPN, Multi-factor authentication (MFA) and Single Sign On (SSO) for all applications. 
• Cisco Umbrella Secure Internet Gateway: Unifies the DNS-layer security, cloud access security broker, firewall and secure web gateway into a single cloud service. 
• Cisco Talos: Cisco’s threat intelligence group, identifies and analyzes threats to enterprise networks.

How does Cisco Viptela access cloud vendors?

Viptela SD WAN cloud interconnect, connects site to site or multi-cloud services via a cloud agnostic backbone. This allows Viptela to access cloud vendors and IaaS environments such as Microsoft Azure, Google Cloud and AWS. 

Cisco is an AWS QuickStarts partner for security and compliance. It leverages a virtual private cloud with an AWS Transit Gateway route table, which extends connectivity to on-premises resources that use either an AWS site-to-site VPN or AWS DirectConnect gateway. They also feature on Azure’s marketplace offering Cisco Cloud vWAN application for Azure virtual WAN. 

Cisco’s joint solution with Google Cloud leverages Cisco SD WAN cloud hub and Google Cloud Network Connectivity Center to connect branch sites and on-premises data centers to the cloud.

Does Cisco Viptela offer WAN acceleration and optimization?

Viptela offer WAN acceleration and optimization using Cisco Cloud OnRamp, which ensures that high SLAs and performance are maintained for critical applications. Automated dynamic path selection automatically steers critical traffic around network problems and issues are mitigated in real-time, ensuring optimal performance for cloud-applications such as Microsoft 365 and Salesforce. This also enables fast infrastructure migration to all major public clouds such as AWS, Azure and Google Cloud, with colocation facilities providing policy enforcement independent from cloud providers. 

Direct internet access (DIA) is also provided to optimize branch workloads without compromising security. Acceleration to SASE architecture is available using Cisco Umbrella Platform, a cloud-based product that protects against security blind spots and cyber threats. Clients can choose to prioritize network traffic such as cloud applications, unified communications and guest access.

How does Cisco Viptela support remote users?

Remote users are connected to the internet or enterprise network using the Cisco AnyConnect security end point agent. Viptela’s solution provides remote users with secure access from any device, anywhere in the world whilst also protecting the integrity of corporate network security. This utilizes posture enforcement, roaming protection and web security features to provision secure access to applications, internet or internal resources. Viptela provides a simple single client for endpoint and cloud security and functionality control. Viptela AnyConnect is cross-platform and supports multiple devices.

What is the Cisco Viptela managed, co-managed and DIY services solution? 

Viptela does not offer their own managed services, instead service providers such as Verizon offer managed services for Viptela solutions. Cisco Viptela offer DIY SD WAN solutions that should be considered for enterprises with robust IT teams that possess high levels of expertise. However they offer both co-managed and fully managed SD WAN via third party service providers. Viptela services are best purchased via an accredited reseller.

What Reporting and Management is available via the Cisco Viptela Portal?

vManage is Viptela’s reporting and management dashboard, designed to simplify network operations. The dashboard allows users to connect all company data centers, branches, core and campus locations, colocation facilities, cloud infrastructure and remote workers (See, How does Cisco Viptela support remote users?). This provides one area for centralized configuration management and operations to be monitored across the entire SD WAN. It also includes Cisco Umbrella for accelerated access to SASE. This is enabled by Cisco SD WAN applying the Overlay Management Protocol (OMP) to the entire WAN.

What is the Cisco Viptela SLA?

Cisco Viptela do not have a Service Level Agreement as they do not provide managed services themselves or offer underlay connectivity. Customers are able to set their own SLAs however using Cisco products.