Cisco tool makes it easier to meld SD-WAN, security domains

Cisco has upgraded two of its core software programs to make it easier for enterprise customers to secure data-center and WAN-connected resources.

Cisco has introduced what it calls Integrated Domain, which combines the domain controllers of Cisco DNA Center and Cisco SD-WAN vManage to tie together network connectivity between the two domains as well as ensuring security-policy consistency end-to-end, according to Justin Buchanan, Cisco director of product management, security policy and access.

It also allows the consolidation of functions within the Cisco SD-Access domain to coexist with that of the Cisco SD-WAN domain on a single device, further consolidating and simplifying the operation, Buchanan said.

DNA Center and SD-WAN vManage control and manage data center communications and SD-WAN connectivity, respectively. DNA Center includes support for automation, virtualization, analytics and assurance, security, and Internet of Things connectivity.  SD-WAN vManage collects data including network telemetry from Cisco vEdge devices, event alerts, and performance data from SD-WAN-connected resources.

In a blog about the new features, Buchanan stated that the hand-off between the two domains is typically the LAN/WAN boundary.

“The Integrated Domain approach consolidates the SDA [Software Defined Access] border and control-plane functions on to the Cisco SD-WAN edge router, Buchanan wrote. “Cisco DNA-Center integrates with vManage to exchange information about Virtual Private Networks in SD-WAN, and seamlessly map them to SD-Access Virtual Networks on the LAN. Cisco DNA Center also configures the SD-Access portion of the configuration that is pushed on to the Cisco SD-WAN edge routers by vManage.”

SD-Access automatically configures network devices via DNA Center.

The most significant piece of the integration is that it automates connectivity between DNA Center and the vManage operators, Buchanan said. Customers could do that in the past but it required a lot of manual work, and a lot of customers didn’t do it because of the complexity, Buchanan said.

The Integrated Domain uses a Scalable Group Tag (SGT), which defines common network-security policies and specifies end-point privileges across the virtual network to automatically ensure group-based policy consistency and enforcement, Buchanan said.

Use cases for Integrated Domain include secure branch-office connectivity and the ability to segment support for remote IoT devices.

Customers with lots of hybrid workers will find it useful as well because policies can be set centrally to ensure access to the right cloud or data-center resources, Buchanan said.

Integrated Domain support can be enabled through the most recent release of DNA Center software, version 2.2.3 and SD-WAN vManage 17.6, which are available now.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.