What new calls for will networks face in 2025? On this weblog sequence the Cisco IT networking group will share our imaginative and prescient for the way forward for our community—and the investments we’re making to get there.
Predicting future community calls for is trickier now than any time in my profession. Think about the final couple of years. Over just a few weeks in March and April 2020, COVID-19 despatched our total workforce residence to work, making the enterprise fully reliant on distant entry. The 16 firms we’ve acquired since 2020 needed to be securely joined to our community. Within the face of ongoing provide chain disruptions triggered by the pandemic and geo-political occasions, we’ve needed to rapidly onboard new companions to our community and simply as rapidly disconnect others. Expectations for information privateness and information sovereignty have grown.
What adjustments will the following three years deliver? Nobody can know, so agility is vital.
Why we’re re-architecting our community—enterprise drivers
Right here’s what we do know. From now via 2025, our community might want to adapt rapidly to a shifting mixture of customers, gadgets, functions, and information that hold transferring round. Think about my workday. On a given Monday morning I may be working at residence, within the workplace, or in a coworking house. I’ll connect with functions hosted in our information heart, public clouds, and SaaS like Webex, Microsoft 365, and ThousandEyes.
Constructing a safe, agile community now will save us from having to scramble when the sudden occurs. We have to do it rapidly, at scale, and whereas retaining operational prices down.
Transitioning to a safe, agile community
To satisfy these challenges, we’re following the fashionable community rules proven in Determine 1:
- Centralized system administration. Machine-by-device administration utilizing a command line interface is a time sink. We’re transferring to centralized administration utilizing controllers.
- Automated operations. Handbook operations, like updating firewall guidelines each time we add or retire servers or deliver on new companions, aren’t sustainable for dynamic companies like ours. We’re working to automate adjustments primarily based on insights from community habits, in any other case generally known as AIOps. Treating infrastructure as code (IaC) will assist to make our companies constant and standardized.
- Web transport. The web is ubiquitous. We’re leveraging it to attach employees, functions, and information wherever on the earth—together with workers’ properties, our personal information facilities, colocation services, and public clouds. The open web is insecure, so we use an SD-WAN overlay to guard information in movement.
- Id-based safety. Entry insurance policies that rely on the situation of the individual or system aren’t sensible with a distributed workforce. We’re shifting to identity-based safety, granting every individual or system the identical privileges regardless of the place or once they attempt to join.
- Community administration and safety within the cloud, “as a service.” Augmenting our on-premises community administration software program with cloud-based IT companies will scale back the prices of infrastructure, house, energy, and cooling.
Our strategic community investments—30,000-foot view
Determine 2 exhibits the applied sciences we’re investing in to construct a safe, agile community with the capabilities I simply listed. It’s a suggestions loop: Sense community exercise by accumulating telemetry from infrastructure. Acquire insights (site visitors patterns, safety threats, and many others.) utilizing synthetic intelligence and machine studying (AI/ML). Then robotically re-program infrastructure primarily based on these insights. Repeat.
Right here’s a abstract of how we’re investing to make the imaginative and prescient in determine 2 a actuality. In future blogs we’ll drill down into every functionality.
Borrowing from fashionable utility improvement, community engineers are beginning to deal with infrastructure as code in order that they’ll automate adjustments. We in Cisco IT are already automating sure duties in elements of our community. However scattered pockets of automation are troublesome to assist, so we’re evolving from automating particular person duties to automating end-to-end processes.
Our future structure will use AIOps, regularly updating infrastructure primarily based on insights gleaned from telemetry. Community controllers will make adjustments robotically—initially utilizing guidelines we offer, and later primarily based on machine studying. Already, our SD-WAN controllers regularly assess hyperlink efficiency to decide on the very best path to satisfy the appliance service stage settlement. Taking people out of the loop will permit us to make adjustments sooner and with out the danger of typos.
When most functions and information lived in our information facilities, it made sense to route community requests from branches and workers’ residence places of work to the info heart. We constructed a platform for connectivity and safety that we deployed on-premises, referred to as CloudPort. However with a hybrid workforce and rising use of cloud companies, routing all requests via the info heart burdens the community and might negatively have an effect on the person expertise.
At present we’re transferring community aggregation and safety to the cloud edge—nearer to cloud workloads and SaaS suppliers. We’re beginning to use companies like Safe Entry Service Edge (SASE) along side “as-a-service” suppliers for middle-mile connectivity. The cloud edge will assist us adapt to new site visitors patterns and safety wants, whereas additionally decreasing our working prices through the use of as-a-service consumption fashions.
A standard WAN can’t sustain with the brand new cloud edge. Our present method has two limitations. First, not all site visitors must be secured with an on-premises firewall. As we proceed emigrate extra functions to the cloud, it doesn’t make sense to deliver every little thing over the personal WAN to the on-premises community. Second, our backup WAN hyperlinks are costly and infrequently underutilized.
SD-WAN expertise helps us use the web extra successfully, decreasing general prices. A centralized controller makes clever coverage choices—for instance, when to route site visitors over our MPLS community, and when to make use of the web path. Some SaaS functions will use the SD-WAN Cloud OnRamp instantly from the web path, and cloud-hosted functions will use SASE (weblog right here). A centralized controller additionally simplifies community automation and retains coverage constant in all places.
Our multicloud atmosphere consists of our on-premises personal cloud and the third-party clouds we use for IaaS, PaaS, and SaaS. We would like enterprise groups to have the flexibleness to deploy functions in no matter cloud atmosphere makes essentially the most sense for his or her use case.
We’ve enabled software-defined networking (SDN) for our personal cloud utilizing Cisco Software Centric Infrastructure (ACI). By automation, functions in public clouds can connect with databases or infrastructure companies in our personal cloud. Sooner or later, functions operating in our personal cloud will replicate robotically to the general public cloud once they want extra sources—for instance, at quarter finish.
Individuals and gadgets connect with our community from all over the world. We need to outline entry insurance policies as soon as, handle them centrally, and implement them in every single place. In our future community, we’ll regularly confirm identification and system standing after a connection has been established. (Simply because we belief a person or system when it connects doesn’t imply we must always belief it during the connection.) We’ll additionally use microsegmentation to tightly management which customers and gadgets can connect with which sources, limiting the unfold of any threats that handle to get previous our defenses. Together, continuous person and system authentication and microsegmentation are the premise of our zero-trust framework.
Think about a pair hundred places of work all of a sudden increasing to 1000’s of residence places of work. That is what our community group skilled within the speedy aftermath of the pandemic. We additionally needed to grapple with the truth that Cisco workers’ residence networks had been additionally utilized by their relations and roommates.
To adapt to those adjustments, we’re bringing the community nearer to our customers with enterprise-class residence networking. This consists of quick Wi-Fi 6 connectivity, SD-WAN primarily based transport, and cloud-based safety. We’re aiming to ship the identical nice expertise and extremely safe entry to folks working from residence, on any system, that they now have within the workplace. Staff will handle their residence networks themselves utilizing a cloud-based platform. That platform will deliver in additional insights in regards to the person expertise from one other cloud service, ThousandEyes.
That’s the Cliff Notes model of the long run community structure. Examine again for follow-up blogs that specify extra about every factor described right here.
What would you prefer to see in a future community? Please sort within the remark field.
Comply with Cisco IT on social!