Dalelorenzo's GDI Blog
17Apr/210

Five ways we’re improving telework with SD-WAN and telemetry

Bad dream for an IT operator? Try this: an administration operating from dwelling gets booted off an all-hands video fulfilling. Then it happens again. And again.

That happened to me a couple of months ago. Fortunately, when I received the call, I could see immediately that the problem lies within the executive’s ISP , not our network. As a decision, my team immediately resolved the problem and saved hours of troubleshooting season. And I slept better.

Better visibility is one of several ways our Customer Zero team is improving the telework experience at Cisco. As Customer Zero, we try out brand-new Cisco technologies in a real-world name if we are to be able share our experiences with patrons. Now are five methods we’re improving telework.

We’ve always had a robust telework curriculum. Most people who work remotely use Cisco AnyConnect Secure Mobility Client on laptops and portable devices and some teleworkers use the Cisco Virtual Office( CVO ), which includes a hardware-based VPN service. AnyConnect and CVO are both what’s known as “full tunnel” answers. All traffic from the laptop goes through a VPN tunnel to a Cisco data center. From there, shadow transaction takes another hop to its final destination.

But if I want to work on an Excel file, it doesn’t make a lot of feel for my request to go through the Cisco data center on its way to the Office 365 mas. The detour adds latency and unnecessarily expends data center network bandwidth. It’s smarter to “split” the tunnel, rendering separate superhighways for data center traffic and massed traffic.

We’ve split the passage use our Cisco remote worker SD-WAN solution. On the Cisco vManage console, we’ve made a rule that mails traffic destined for nominated relied SaaS providers( Webex, Cisco TV, Office 365, and Box, etc .) instantly to the cloud.

Our InfoSec team is strict about what they consider a trusted vapour. Other mas commerce, like iCloud, too bypasses our data center. But rather than heading instantly to its destination, it proceeds firstly to Cisco Umbrella, which blocks malicious regions and shadowed applications.

The fastest road to a shadow service provider might be different at 8: 30 a.m. than it is at 8: 32 a.m ., depending on network conditions. To deliver a frequently good event with Office 365, we’re using an SD-WAN feature called Cloud On-Ramp for SaaS. It probes the various paths to the cloud to identify the best quality of experience at the moment and then routes the traffic over that path.

Many of us share a home internet connection. If your three boys are all in Zoom school, your Webex video might freeze. On the Customer Zero team, we’re using the QoS feature on our home ISR 1100 routers to prioritize Webex and other latency-sensitive works. Whenever accessible home internet bandwidth troughs below a certain threshold, the bandwidth allocated for Webex and other high-priority employments are automatically adjusted.

I’ve noticed that if an application is slow or the connection droops, a teleworker’s first inclination shall be responsible the paraphernalium. I can’t count the times I’ve spent hours troubleshooting a action only to discover the source was an ISP issue. One of our favorite management tools is ThousandEyes, a software agent lay on the Customer Zero team’s laptops. ThousandEyes forever musters consumer experience data--for example, the time it takes for a page to laden, internet service provider concerns, peculiarities squandered, laptop CPU utilization, runtime problems, etc. If a user opens a event but the issue disappears before we can look at it, we can go back in time to find the compel. Precisely last week someone reported a Webex issue, and ThousandEyes showed that at the time of the issue, laptop CPU utilization was 100%. That visibility saved us a fruitless investigation. We just explained to the user how to use a bot on Cisco Webex Teams if the question ever happened again.

Next up

Cisco is moving toward a zero-trust model. The basic opinion is that regardless of where a consumer is( Cisco office, main office, common ), we’ll verify the user’s identity and design certificate before conceding access to an employment. We’re starting to move particular applications off the VPN. Teleworkers will retrieve them immediately over the internet through Cisco Duo Network Gateway.

I welcome your questions or observes about impelling telework better with SD-WAN.

Learn more about our pilgrimage to an advanced network architecture by tick through our interactive journey map

Follow Cisco IT on social!

Twitter Facebook YouTube

Read more: blogs.cisco.com