viernes, diciembre 9, 2022
InicioHealthThe SASE Story Pt III: SASE as an answer for distant staff

The SASE Story Pt III: SASE as an answer for distant staff


In collaboration with Jon Heaton and Roel Bernaerts

Within the final SASE weblog, we outlined our aspiration emigrate to “Unified SASE” for many of our community. This unified strategy gives excellent integrations between SD-WAN, cloud safety, end-point safety and 0 belief — all out there by way of a unified providers portal.

For our third weblog in this sequence, we’re specializing in how SASE is enabling Cisco IT to enhance the productiveness and work-life steadiness for our workers who’re working from residence.

Earlier than the pandemic, near 25% of Cisco’s workforce was working from residence for half of their week. A more moderen worker survey steered that workers anticipate this to extend to over 75% post-pandemic. Though Cisco IT’s Zero Belief technique permits an growing variety of workers to do their job with out utilizing VPN, most job profiles proceed to require VPN entry into the company community in some unspecified time in the future, and a few roles nonetheless closely depend on VPN.

SASE For Remote Work Model

This enhance in distant staff, each on and off VPN, induced challenges. For example, we wished to have the ability to cut up off-tunnel visitors on to the web for customers of all functions — together with a whole bunch of legacy and proprietary functions that aren’t Zero Belief enabled. Nevertheless, now we have safety insurance policies that solely enable trusted and well-known functions to be offloaded on to the web.

To deal with this problem, we made enhancements to our community, together with upgrading our VPN infrastructure and including community capability to ensure resiliency in case of outages.

That is the place SASE enters the image as a long-term resolution for distant workers utilizing our community. We’re planning to deploy a SASE resolution that may be consumed “as a Service” earlier than we’re required to improve our present {hardware} based mostly on-prem VPN and safety infrastructure. This permits us to scale up when wanted and cut back down as we allow extra Zero Belief entry.

SASE For Remote Work Model

Bringing customers nearer to functions and vice-versa

The brand new teleworker resolution is concentrated on bringing customers nearer to functions and information they devour. We make the most of the Cisco AnyConnect endpoint shopper that integrates seamlessly with Cisco Umbrella to steer visitors away from the VPN whereas retaining Cisco safe.

As a primary measure, Umbrella gives DNS Safety. Even when a person is off VPN, it blocks DNS requests for data which were recognized as malicious or high-risk.

Secondly, now we have choices to ship information by way of essentially the most optimum path relying on efficiency and safety necessities. Functions which have handed Cisco safety evaluation — i.e. Zero Belief-enabled functions by way of the Duo Community Gateway: Office365, Field, and many others. — are split-tunneled on to the web utilizing IP- or domain-based coverage. All public internet visitors is redirected to the closest Umbrella’s Safe Net Gateway (SWG). This assures a shorter, but extremely safe path. Remaining visitors is forwarded by way of the VPN to our {hardware} and colocation based mostly Cisco Safe Firewall.

SASE For Remote Work Model

Changing our on-prem VPN with cloud delivered SFCN

We’re exploring alternatives to interchange our {hardware} based mostly, on-prem VPN infrastructure with Cisco Safe Firewall Cloud Native (SFCN). This may assist us keep away from the big capital investments that will be required to improve our present VPN {hardware} infrastructure, together with having to over-provision assets to cowl unexpected circumstances and potential future development.

With SFCN, Cisco Distant Entry VPN capabilities may very well be ordered immediately from the AWS market and scaled up or down when wanted with just some mouse clicks. The SFCN will combine with AWS Transit Gateways, and permit us higher flexibility to ship visitors the place it must go — both to different VPCs or to on-prem assets by way of MultiCloud.

ThousandEyes ties all of it collectively

Within the previous mannequin, the visitors movement was very deterministic and a lot of the community path was owned and managed by Cisco IT. Nevertheless, within the new mannequin, visitors strikes to many various places by way of totally different paths. This makes it rather more tough to isolate and troubleshoot points. To deal with this, we should have the ability to monitor the person expertise for important enterprise functions. That is the place ThousandEyes enters the equation: with Cisco ThousandEyes, we’re capable of acquire insights into potential points and to assist isolate the place precisely points are. By integrating with Webex Groups customers are actually capable of troubleshoot any potential points themselves by way of interactions with a Groups bot.

ThousandEyes Bot

With this new SASE mannequin, customers are capable of safely and effectively work at home or, actually, from anyplace, with out realizing any main offset in efficiency.

In our subsequent weblog on this sequence, we’ll discover how now we have utilized related logic to our department workplaces and the way we use Cisco SD-WAN to ship value efficient Center-Mile and Hybrid Cloud connectivity.



Observe Cisco IT on social!






Por favor ingrese su comentario!
Por favor ingrese su nombre aquí