Dalelorenzo's GDI Blog

Five ways we’re improving telework with SD-WAN and telemetry

Bad dream for an IT operator? Try this: an administration operating from dwelling gets booted off an all-hands video fulfilling. Then it happens again. And again.

That happened to me a couple of months ago. Fortunately, when I received the call, I could see immediately that the problem lies within the executive’s ISP , not our network. As a decision, my team immediately resolved the problem and saved hours of troubleshooting season. And I slept better.

Better visibility is one of several ways our Customer Zero team is improving the telework experience at Cisco. As Customer Zero, we try out brand-new Cisco technologies in a real-world name if we are to be able share our experiences with patrons. Now are five methods we’re improving telework.

We’ve always had a robust telework curriculum. Most people who work remotely use Cisco AnyConnect Secure Mobility Client on laptops and portable devices and some teleworkers use the Cisco Virtual Office( CVO ), which includes a hardware-based VPN service. AnyConnect and CVO are both what’s known as “full tunnel” answers. All traffic from the laptop goes through a VPN tunnel to a Cisco data center. From there, shadow transaction takes another hop to its final destination.

But if I want to work on an Excel file, it doesn’t make a lot of feel for my request to go through the Cisco data center on its way to the Office 365 mas. The detour adds latency and unnecessarily expends data center network bandwidth. It’s smarter to “split” the tunnel, rendering separate superhighways for data center traffic and massed traffic.

We’ve split the passage use our Cisco remote worker SD-WAN solution. On the Cisco vManage console, we’ve made a rule that mails traffic destined for nominated relied SaaS providers( Webex, Cisco TV, Office 365, and Box, etc .) instantly to the cloud.

Our InfoSec team is strict about what they consider a trusted vapour. Other mas commerce, like iCloud, too bypasses our data center. But rather than heading instantly to its destination, it proceeds firstly to Cisco Umbrella, which blocks malicious regions and shadowed applications.

The fastest road to a shadow service provider might be different at 8: 30 a.m. than it is at 8: 32 a.m ., depending on network conditions. To deliver a frequently good event with Office 365, we’re using an SD-WAN feature called Cloud On-Ramp for SaaS. It probes the various paths to the cloud to identify the best quality of experience at the moment and then routes the traffic over that path.

Many of us share a home internet connection. If your three boys are all in Zoom school, your Webex video might freeze. On the Customer Zero team, we’re using the QoS feature on our home ISR 1100 routers to prioritize Webex and other latency-sensitive works. Whenever accessible home internet bandwidth troughs below a certain threshold, the bandwidth allocated for Webex and other high-priority employments are automatically adjusted.

I’ve noticed that if an application is slow or the connection droops, a teleworker’s first inclination shall be responsible the paraphernalium. I can’t count the times I’ve spent hours troubleshooting a action only to discover the source was an ISP issue. One of our favorite management tools is ThousandEyes, a software agent lay on the Customer Zero team’s laptops. ThousandEyes forever musters consumer experience data--for example, the time it takes for a page to laden, internet service provider concerns, peculiarities squandered, laptop CPU utilization, runtime problems, etc. If a user opens a event but the issue disappears before we can look at it, we can go back in time to find the compel. Precisely last week someone reported a Webex issue, and ThousandEyes showed that at the time of the issue, laptop CPU utilization was 100%. That visibility saved us a fruitless investigation. We just explained to the user how to use a bot on Cisco Webex Teams if the question ever happened again.

Next up

Cisco is moving toward a zero-trust model. The basic opinion is that regardless of where a consumer is( Cisco office, main office, common ), we’ll verify the user’s identity and design certificate before conceding access to an employment. We’re starting to move particular applications off the VPN. Teleworkers will retrieve them immediately over the internet through Cisco Duo Network Gateway.

I welcome your questions or observes about impelling telework better with SD-WAN.

Learn more about our pilgrimage to an advanced network architecture by tick through our interactive journey map

Follow Cisco IT on social!

Twitter Facebook YouTube

Read more: blogs.cisco.com


Avoiding Shut-Down Disaster: How Woodforest National Bank Navigated COVID- 19 with Cisco SD-WAN

When the see came from management to shut down operations and transition all employees to remote work, IT staff at Woodforest National Bank( r) had a plan.

“Our existing architecture wasn’t designed to support the massive increase in remote office workers.” Said James Heck, AVP of Network Work. “Suddenly, everyone in the main offices was told to go home. The is essential for remote connectivity exploded--quadrupling overnight.”

It wasn’t easy. Woodforest National Bank is celebrating 40 years as one of the strongest community banks in the nation, proudly offering outstanding customer service since 1980 with more than 750 spots and 1.5 million retail accounts. The bank’s success is due to a sincere focus on building relationships, discovering opportunities to better serve its communities and understanding the financial needs of every customer. Protecting that honour was paramount.

With Cisco SD-WAN, Woodforest National Bank stopped COVID-1 9 from interrupting business and tarnishing their honour. The plan to move to SD-WAN for shadow connectivity was in the works, but the pandemic made immediacy. The generous proposals Cisco provided during the initial periods of the pandemic helped.

Woodforest National Bank was strong enough to survive the pandemic shutdown thanks in part of Cisco SD-WAN Aging Infrastructure: An Unpredictable Backing

Like many system squads who faced dislocation from the 2020 pandemic, James and his IT crew considered themselves lucky to have implemented SD-WAN before the shutdown. The automation and ability to remotely control a world, dispersed structure working Cisco SD-WAN was invaluable when Woodforest Nation Bank was forced to shift activities in March.

“Our network infrastructure was old-time and needed an update.” Heck said. “Our fleet of Cisco ISR 2900 s[ also known as the ISR G2 ], was coming to its End of Life.”

The Cisco ISR G2 routers rolling a bequest WAN offered less flexible to respond to the changes that were required when the pandemic hit. As business-critical works like Office3 65 moved to the cloud, that bequest routing material necessary private MPLS directions to gloom employments ought to have been skyrocketed costs.

“We had to think of something. It wasn’t simply a structure refresh. It was more than that. We needed SD-WAN.” Heck said. Even though Woodforest National Bank was an existing Cisco customer, the Woodforest IT team did their due diligence, assessing all SD-WAN options before deciding on Cisco SD-WAN rolling on the ISR 1000 with IOS-XE software. “We looked at bandwidth, rackspace, peculiarities, and throughput. Cisco SD-WAN on ISR 1000 was the right choice. We needed best-in-breed.

The Cisco SD-WAN Difference Woodforest National Bank continued its reputation for customer success through shutdown

Cisco SD-WAN afforded the opennes, scalability and rapidity that James and his team needed to ensure continuous runnings in the face of a world-wide pandemic. Leveraging dynamic path collection; automated templates, policies and branch activation; multicloud onramp and integrated security; Woodforest National Bank was able to provide a consistent and secure shadow application know no matter where their employees were located.

Woodforest set the process in motion. For every limb, they superseded the router, switch, access spot and moved from a traditional WAN to Cisco SD-WAN. This all had to be done before the field came online in the morning--and numerous sprigs shortcoming IT Staff trained to perform the operation. The entire process, including a software upgrade over wireless LTE, took less than 45 hours, from rack-and-stack to online connectivity. That wasn’t all.

“We have bawl hubs in Jamaica.” Heck said. “Those were shutdown by their government. Our services queues piled up overnight so that our bankers had to assume the role the summon centers frisked working the Unified Communication and Collaboration( UC& C) mixture and LTE as a backup. Thanks to Cisco SD-WAN and its seamless UC integration, we were able to route service calls to workers with the brand-new WAN edge architecture. We did this all from the Cisco vManage dashboard.”

Woodforest National Bank makes cybersecurity severely, protect children clients with multilayered defence down to the firmware Firmware Security, a Critical Component in Financial SD-WAN

Cisco SD-WAN affords fast, protected and reliable multi-protocol associates, with advanced route, mas networking and multilayered certificate capabilities. But it was the advanced Trust Anchor in the Cisco ISR 1000 that brought Woodforest IT true peace of mind in their transition to SD-WAN. The Cisco Trust Anchor is a secure, embedded core that protects device purity, the boot process, maneuver firmware and their public key infrastructure( PKI) from advanced continue threats( APTs )-- a critical capability for monetary the organisations that transact billions of dollars.

“We bought the ISR 1000 because of its firmware security.” Heck said. “It ensures our Plug N’ Play portal as we initiate SD-WAN designs from half-way across the world employing serial numbers. We have our stock room squads receiving and onboarding the invention. They are efficient workers but are not drilled system architects. The Cisco Trust Anchor provides that extra layer of defence when activating and operating our SD-WAN.”

Now, James and the rest of the Woodforest National Bank IT team are ready to face the next challenge. Whether Woodforest National Bank returns to the power or shifts their building to a permanent remote example, their IT faculty can provide secure network connectivity and reliable lotion access with a few cases clinks in the Cisco vManage dashboard. “It cannot be overstated.” Heck said. “This was the most successful project of 2020. Actually, it may be the most successful project we’ve ever had. And we did it all during a world pandemic.”


Company: Woodforest National Bank Region: AMER Industry: Financial Challenge: Shift to remote working in collaboration with full, multicloud access Solution: Cisco SD-WAN( software) Challenge: Secure design and lotion business down to firmware Solution: Cisco ISR 1000( hardware) Challenge: Consume networking and security services in a simple, flexible mode Solution: Cisco DNA for SD-WAN& Routing, Essentials Tier( permission)


Read more about Cisco SD-WAN

Find out about the most recent Cisco SD-WAN invention, the Catalyst 8000 Edge Platforms Family

Check out our Intent-Based Networking video channel .

Subscribe to the Networking blog

Read more: blogs.cisco.com