Cisco SD-WAN -- for Telecommuters!
May 26, 2020
Cisco SD-WAN -- for Telecommuters!
Score 10 out of 10
Overall Satisfaction with Cisco SD-WAN
We are currently using SD-WAN in way that it likely wasn't originally intended. While the main purpose of SD-WAN is to provide reliability over multiple data paths/mediums, we've largely been using it as a DMVPN for telecommuters. But unlike traditional VPNs or DMVPNs, this always-on method includes added layers of security, higher throughput, and the added benefit of QoS. (Yes, QoS doesn't do anything over the internet, but with this we can limit throughput and still give outbound priority to things like Voice so they're out first and less likely to be dropped.) Especially in the current environment of COVID-19 where so many are staying at home and working from home and streaming entertainment from the internet, there is a lot of congestion going on out there and every benefit is worth it.
- Management - Centrally managed, it is easy to monitor, configure, and deploy.
- Security - Centrally-controlled, but locally run Firewall, IPS, URL-filtering, and more.
- SLAs - When using multiple circuits (or simply allowing cloud-based apps to be accessed directly to the internet instead of tunneled back) the ability to create SLAs for type of traffic, application-specific, or things even more granular than that
- Ease of initial configuration - I'm not actually sure how to make it easier without losing granularity and control, but it can be very difficult and confusing when first setting up. Afterwards, it's just point and click.
- Model upload - It would be nice if a given hardware model could be "uploaded" to provide a basic configuration to start with.
- Logs - I'd prefer more options for filtering logs and having certain ones not be alarms of any kind.
- Very fast ROI - Primarily by switching existing circuits to direct internet (or reducing circuits and adding direct internet).
- While saving money on circuits, the SD-WAN licensing is now another line item on operating expenses to keep track of.
- SD-WAN licensing is a minimum 3-year contract. So not for short-term. However, licenses can be moved around between the hardware and purchased fairly quickly, so it's not like you will have a lot floating around on overhead.
- Aruba Software Defined WAN (SD-WAN) and Cisco Meraki SD-WAN
We compared Cisco WD-WAN with several other vendors, including service providers. We are already a Cisco shop, so that gave Cisco and Meraki a leg up. With our hope to expand this beyond Telecommuters to actual sites, we wanted to maintain an in-house solution rather than a managed which crossed out a number of the competition. The final pushes towards Cisco is that most (if not all) of the other companies are software-based, so we would still need to purchase hardware to run the SD-WAN software offerings. Cisco makes their own hardware (and to very high specs and capabilities). After that, the reason to go with Cisco instead of Cisco Meraki was that most of our existing routers could run SD-WAN firmware, thereby saving us the cost of replacing hardware.
Initial setup of any SD-WAN is complicated and difficult because there is so much to do and it is so very granular. Because of this, Cisco has a number of free onboarding help setups. I worked one-on-one with a couple of engineers during our POC, and those relationships continued afterwards into the Pilot. And that's not even counting the Cisco TAC experience or the number of How-To videos and documents they have uploaded on their sites.
Do you think Cisco SD-WAN delivers good value for the price?
Are you happy with Cisco SD-WAN's feature set?
Did Cisco SD-WAN live up to sales and marketing promises?
Did implementation of Cisco SD-WAN go as expected?
Would you buy Cisco SD-WAN again?
Currently our main use of Cisco SD-WAN is for telecommuters. We're not supporting WiFi or POE, so the very cheap v100b works. Without that model, I fear it would be a rather expensive option for telecommuters.
The main uses for SD-WAN are for when you have multiple circuits to connect a site (internet, MPLS, Metro-E, 4G/5G, etc.) and want survivability, reliability, and cost-savings. Internet is cheaper, but less on SLAs. But so long as it is up and a secure tunnel can be established over it. It's just fine for a lot of data transfer, not to mention easy offloading for any cloud-based applications.