What new calls for will networks face in 2025? On this weblog collection the Cisco IT networking staff will share our imaginative and prescient for the way forward for our community—and the investments we’re making to get there.
Predicting future community calls for is trickier now than any time in my profession. Think about the final couple of years. Over just a few weeks in March and April 2020, COVID-19 despatched our complete workforce house to work, making the enterprise utterly reliant on distant entry. The 16 firms we’ve acquired since 2020 needed to be securely joined to our community. Within the face of ongoing provide chain disruptions triggered by the pandemic and geo-political occasions, we’ve needed to shortly onboard new companions to our community and simply as shortly disconnect others. Expectations for information privateness and information sovereignty have grown.
What modifications will the subsequent three years convey? Nobody can know, so agility is vital.
Why we’re re-architecting our community—enterprise drivers
Right here’s what we do know. From now by way of 2025, our community might want to adapt shortly to a shifting mixture of customers, gadgets, purposes, and information that hold shifting round. Think about my workday. On a given Monday morning I may be working at house, within the workplace, or in a coworking house. I’ll connect with purposes hosted in our information heart, public clouds, and SaaS like Webex, Microsoft 365, and ThousandEyes.
Constructing a safe, agile community now will save us from having to scramble when the surprising occurs. We have to do it shortly, at scale, and whereas maintaining operational prices down.
Transitioning to a safe, agile community
To fulfill these challenges, we’re following the fashionable community rules proven in Determine 1:
- Centralized machine administration. System-by-device administration utilizing a command line interface is a time sink. We’re shifting to centralized administration utilizing controllers.
- Automated operations. Handbook operations, like updating firewall guidelines at any time when we add or retire servers or convey on new companions, aren’t sustainable for dynamic companies like ours. We’re working to automate modifications based mostly on insights from community habits, in any other case generally known as AIOps. Treating infrastructure as code (IaC) will assist to make our providers constant and standardized.
- Web transport. The web is ubiquitous. We’re leveraging it to attach staff, purposes, and information wherever on this planet—together with workers’ properties, our personal information facilities, colocation services, and public clouds. The open web is insecure, so we use an SD-WAN overlay to guard information in movement.
- Id-based safety. Entry insurance policies that depend upon the placement of the particular person or machine aren’t sensible with a distributed workforce. We’re shifting to identity-based safety, granting every particular person or machine the identical privileges irrespective of the place or after they attempt to join.
- Community administration and safety within the cloud, “as a service.” Augmenting our on-premises community administration software program with cloud-based IT providers will cut back the prices of infrastructure, house, energy, and cooling.
Our strategic community investments—30,000-foot view
Determine 2 exhibits the applied sciences we’re investing in to construct a safe, agile community with the capabilities I simply listed. It’s a suggestions loop: Sense community exercise by amassing telemetry from infrastructure. Achieve insights (visitors patterns, safety threats, and so on.) utilizing synthetic intelligence and machine studying (AI/ML). Then robotically re-program infrastructure based mostly on these insights. Repeat.
Right here’s a abstract of how we’re investing to make the imaginative and prescient in determine 2 a actuality. In future blogs we’ll drill down into every functionality.
Borrowing from trendy software growth, community engineers are beginning to deal with infrastructure as code in order that they will automate modifications. We in Cisco IT are already automating sure duties in elements of our community. However scattered pockets of automation are troublesome to help, so we’re evolving from automating particular person duties to automating end-to-end processes.
Our future structure will use AIOps, frequently updating infrastructure based mostly on insights gleaned from telemetry. Community controllers will make modifications robotically—initially utilizing guidelines we offer, and later based mostly on machine studying. Already, our SD-WAN controllers frequently assess hyperlink efficiency to decide on one of the best path to fulfill the applying service stage settlement. Taking people out of the loop will enable us to make modifications sooner and with out the danger of typos.
When most purposes and information lived in our information facilities, it made sense to route community requests from branches and workers’ house workplaces to the info heart. We constructed a platform for connectivity and safety that we deployed on-premises, known as CloudPort. However with a hybrid workforce and rising use of cloud providers, routing all requests by way of the info heart burdens the community and might negatively have an effect on the consumer expertise.
At this time we’re shifting community aggregation and safety to the cloud edge—nearer to cloud workloads and SaaS suppliers. We’re beginning to use providers like Safe Entry Service Edge (SASE) along side “as-a-service” suppliers for middle-mile connectivity. The cloud edge will assist us adapt to new visitors patterns and safety wants, whereas additionally decreasing our working prices by utilizing as-a-service consumption fashions.
A conventional WAN can’t sustain with the brand new cloud edge. Our present strategy has two limitations. First, not all visitors must be secured with an on-premises firewall. As we proceed emigrate extra purposes to the cloud, it doesn’t make sense to convey all the things over the personal WAN to the on-premises community. Second, our backup WAN hyperlinks are costly and infrequently underutilized.
SD-WAN know-how helps us use the web extra successfully, reducing total prices. A centralized controller makes clever coverage selections—for instance, when to route visitors over our MPLS community, and when to make use of the web path. Some SaaS purposes will use the SD-WAN Cloud OnRamp instantly from the web path, and cloud-hosted purposes will use SASE (weblog right here). A centralized controller additionally simplifies community automation and retains coverage constant in all places.
Our multicloud setting contains our on-premises personal cloud and the third-party clouds we use for IaaS, PaaS, and SaaS. We wish enterprise groups to have the flexibleness to deploy purposes in no matter cloud setting makes probably the most sense for his or her use case.
We’ve enabled software-defined networking (SDN) for our personal cloud utilizing Cisco Utility Centric Infrastructure (ACI). By way of automation, purposes in public clouds can connect with databases or infrastructure providers in our personal cloud. Sooner or later, purposes working in our personal cloud will replicate robotically to the general public cloud after they want extra sources—for instance, at quarter finish.
Folks and gadgets connect with our community from world wide. We need to outline entry insurance policies as soon as, handle them centrally, and implement them in all places. In our future community, we’ll frequently confirm identification and machine standing after a connection has been established. (Simply because we belief a consumer or machine when it connects doesn’t imply we must always belief it at some point of the connection.) We’ll additionally use microsegmentation to tightly management which customers and gadgets can connect with which sources, limiting the unfold of any threats that handle to get previous our defenses. Together, continuous consumer and machine authentication and microsegmentation are the idea of our zero-trust framework.
Think about a pair hundred workplaces out of the blue increasing to 1000’s of house workplaces. That is what our community staff skilled within the fast aftermath of the pandemic. We additionally needed to grapple with the truth that Cisco workers’ house networks had been additionally utilized by their members of the family and roommates.
To adapt to those modifications, we’re bringing the community nearer to our customers with enterprise-class house networking. This contains quick Wi-Fi 6 connectivity, SD-WAN based mostly transport, and cloud-based safety. We’re aiming to ship the identical nice expertise and extremely safe entry to folks working from house, on any machine, that they now have within the workplace. Staff will handle their house networks themselves utilizing a cloud-based platform. That platform will convey in additional insights in regards to the consumer expertise from one other cloud service, ThousandEyes.
That’s the Cliff Notes model of the longer term community structure. Verify again for follow-up blogs that designate extra about every factor described right here.
What would you wish to see in a future community? Please kind within the remark field.
Observe Cisco IT on social!