《在 SASE 世界中优化和编排最终用户与公共云和私有云的连接.pdf》由会员分享,可在线阅读,更多相关《在 SASE 世界中优化和编排最终用户与公共云和私有云的连接.pdf(71页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveRyan Shoemaker-Technical Solutions ArchitectersatzshoeBRKENT-2006In a SASE WorldOptimizing and Orchestrating End-Users Connections to Public and Private Clouds 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App
2、 Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until Ju
3、ne 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-20063#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionSD-WAN Extension into Public Clouds SD-WAN to InternetRemote WorkforceConclusionBRKENT-20064Introduction t
4、o Secure Access Services Edge(SASE)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVPN MPLSHistoric traffic flowsLed to the age of perimeter-based security and networkingInternetTRAFFICInternal 80%Internet 20%TRAFFICInternal 80%Internet 20%Roaming/mobileBranch officesHQSec
5、urity stackNetwork:CentralizedSecurity:Single,on-premise security stackBRKENT-20066 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChanges in the types of traffic and destinationsHave inverted the traffic modelProblems:App performanceUser experienceSecurity efficacy#Tools
6、/vendorsIntegrationsVPN MPLSTRAFFICInternal 20%Internet 80%Roaming/mobileBranch officesHQTRAFFICInternal 20%Internet 80%Bottle neckSaaSIaaSPrivate cloudBrowsingInternetBRKENT-20067 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork transformationInternet/cloud is new“
7、center of universe”DC-centricInternetPerimeter security appliances to protect networkInternet/cloud-centricInternet/cloudVPN MPLSBRKENT-20068 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Digital Transformation ArchitectureInternetSaaSIaaSProviderMiddle MileSecurit
8、ySD-WANSecure Access Services EdgeWorker/LocationVisibilityVisibilityPrivate DCReduce costImprove OpEx with circuit consolidation and consolidation of UI touchpointsImprove user experienceBring services closer to user,and leveraging middle mile partnerships+password-less authentication to optimize c
9、onnectionsMinimize riskDecryption&inspection addressing data loss,leveraging a true Zero Trust approach across the IT diameterBRKENT-20069Branch User Connections to Workloads 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Edge Workflows From HereInternetSaaSIaaSPriv
10、ate DCBranchBranchData CenterBranch WorkerSD-WAN FabricCloud SecurityDNS/CBFW/SWG/DLP/CASB/RBICloud SecurityZBFWIPSAMPTLSProxyURLFilteringBRKENT-200611 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Edge Workflows To HereInternetSaaSIaaSPrivate DCBranchBranchData Ce
11、nterBranch WorkerSD-WAN FabricCloud SecurityCDFWIPSAMPSecure Web GWURLFilteringDNS SecurityBRKENT-200612 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Edge Workflows To HereInternetSaaSIaaSPrivate DCBranchBranchData CenterBranch WorkerSD-WAN FabricBRKENT-200613Clou
12、d SecurityCDFWIPSAMPSecure Web GWURLFilteringDNS SecurityIntegrating to the Public Cloud 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveImproving Public Cloud AccessInternetSaaSIaaSPrivate DCBranchBranchData CenterSD-WAN FabricBRKENT-200615Cloud SecurityCDFWIPSAMPSecure W
13、eb GWURLFilteringDNS SecurityBobAWSIaaSAzureIaaSGCP 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternetTraditional Cloud Service Provider AccessInternetIaaSBranchData CenterBranch WorkerSD-WANRegion 1CSP GatewayRegion 2CSP BackboneCSP GatewayBranchBRKENT-200616 2023 C
14、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVirtual Routers in CSPs extend SD-WANInternetIaaSBranchData CenterBranch WorkerSD-WANRegion 1SD-WAN vRouterRegion 2CSP BackboneInternetMPLSSD-WAN vRouterBenefits:-Simplified control plane integration-One Management plane to connect
15、 in CSP locationsChallenges:-How to instantiate vRouter?-Use Marketplace?-How to connect to SD-WAN mgmt plane?-How to connect virtual compute at CSP to vRouter?-How to define routing protocol?-How to extend segmentation strategy?BRKENT-200617 2023 Cisco and/or its affiliates.All rights reserved.Cisc
16、o Public#CiscoLiveOrchestrating SD-WAN into Public CloudsAutomateAutomate SD-WAN fabric into CSPsExtend policyExtend policy framework into cloudSimplify operationsSimplify operations with one management planeEnhance visibilityEnhance visibility for devices and circuitsCiscos ApproachBenefitsIntegrat
17、eIntegrate multiple cloud providersUnify control plane Unify control plane for dynamic routingBranchData CenterSD-WANInternetMPLSAWSAzureGCPBRKENT-200618 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCSP Connections with the Cloud GWInternetIaaSBranchData CenterSD-WANCGW
18、CGWTGWCSP Region 1VPCVPCA AVPCVPCB BVPCVPCC CTransit VPCTransit VPCInternetMPLSAutomating AWS Transit GW IntegrationCisco AutomationBRKENT-200619Bob 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCSP Connection Example Cloud GWInternetIaaSBranchData CenterSD-WANCGWCGWTGWT
19、GWVPC AttachmentsHost VPCsHost VPCs10.166.20.0/2410.166.20.0/24Transit VPCTransit VPCInternetMPLSDynamic Routing to Host VPCsBGPInfra Route Table10.166.10.0/2410.166.10.0/2410.166.30.0/2410.166.30.0/24BGPBRKENT-200620BobRoute Table:10.166.10.0/2410.166.20.0/2410.166.30.0/24 2023 Cisco and/or its aff
20、iliates.All rights reserved.Cisco Public#CiscoLiveTransit VPCTransit VPCCSP Connection Example Cloud GWInternetIaaSBranchData CenterSD-WANCGWCGWTGWRegion 1VPCVPCA AVPCVPCB BVPCVPCC CCGWCGWTGWRegion 2VPCVPCD DVPCVPCE EVPCVPCF FTransit GW PeeringTransit VPCTransit VPCInternetMPLSAWS Transit GW Integra
21、tionBRKENT-200621Bob 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTransit VPCTransit VPCCSP Connection Example Direct ConnectInternetIaaSBranchData CenterSD-WANCGWTGWRegion 1VPCVPCA AVPCVPCB BVPCVPCC CCGWTGWRegion 2VPCVPCD DVPCVPCE EVPCVPCF FTransit GW PeeringTransit VP
22、CTransit VPCDXGWMPLSVPN or Direct AttachmentVPN or Direct AttachmentAWS Transit GW IntegrationDirect ConnectDXGWDirect ConnectCGWCGWBRKENT-200622InternetBob 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomating Cloud Extensions in SD-WANCloud OnRamp for Multicloud1.Se
23、lect Cloud OnRamp for Multicloud2.Complete pre-deployment steps(per CSP)1.Associate cloud provider account2.Complete Cloud global settings3.Discover host private networks4.Deploy CGW staging template to Catalyst 8000v router(s)3.Create Cloud Gateway(creates transit hub/VPC,transit GW,and deploys clo
24、ud service routers)BRKENT-200623 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomating Cloud Extensions in SD-WANManaging Intent1.Select Cloud OnRamp for Multicloud2.Select Cloud ConnectivityCloud Connectivity3.Edit Intent to automatically map VPNs to VPCs/VNETsBRKENT
25、-200624Optimizing Private Workloads 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBuilding the Network CloudOn-demand Connectivity Reduce time from months to minutes for Multicloud connectivityConnections worldwideProgrammabilityDynamic/Automated High-Speed Cross-Connect
26、sController APIs for partner orchestrationCloud ManagementAutomate the connections through single pane of glassPerformance&Control Remove congestion risk by sending packets through a private backboneDynamic/Automated High-SpeedCross-ConnectRegion 1 SitesRegion 2Sites*Local AccessDirect PeeringDirect
27、 ConnectLocal AccessColoColo“The Middle Mile”Cisco WebexDirect Connect/Express RouteLocal AccessColoColoBRKENT-200626 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat are we enabling with Cloud Interconnect?Cisco SD-WAN service hosted at global colocation facilities.Me
28、gaport and Equinix are the first to host our SD-WAN service.A cloud-delivered regional aggregation service with rich set of programmable cloud direct-connects.Hosted SD-WAN-as-a-Service:Cisco Router endpoint on Customer SD-WAN overlay.Site-to-Cloud access:vManage automated direct-connect to all majo
29、r cloud providers.On-demand connectivity,no long-term contracts.Automated,full-stack network deployment via Cisco vManage.Cloud consumption model.BRKENT-200627 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdding Cloud InterconnectsInternetSaaSIaaSPrivate DCBranchBranchD
30、ata CenterBranch WorkerSD-WAN FabricCloud SecurityMiddle Mile OptimizationsMegaportBRKENT-200628CDFWIPSAMPSecure Web GWURLFilteringDNS Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdding Cloud InterconnectsInternetSaaSIaaSPrivate DCBranchBranchData CenterBranch
31、 WorkerSD-WAN FabricCloud SecurityMiddle Mile OptimizationsBRKENT-200629MegaportCDFWIPSAMPSecure Web GWURLFilteringDNS Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOptimizing Connection to CSPInternetSaaSPrivate DCBranchBranchData CenterSD-WAN FabricCloud Secur
32、ityMiddle Mile OptimizationsBRKENT-200630MegaportCDFWIPSAMPSecure Web GWURLFilteringDNS SecurityBobAWS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Interconnect Connection ExampleInternetIaaSBranchData CenterBranch WorkerSD-WANICGWCGWCGWDXGWTGWRegion 1VPCVPCA AVPC
33、VPCB BVPCVPCC CICGWCGWCGWDXGWTGWRegion 2VPCVPCD DVPCVPCE EVPCVPCF FTransit VIFDirect ConnectBRKENT-200631 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomating Cloud Interconnects in SD-WANCloud OnRamp for Multicloud1.Select Cloud OnRamp for Multicloud2.Select Interco
34、nnect3.Complete pre-deployment steps1.Associate interconnect account2.Complete interconnect global settings3.Discover host private networks4.Deploy ICGW staging template to Catalyst 8000v router(s)4.Create Interconnect GatewayBRKENT-200632 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
35、ublic#CiscoLiveAutomating Cloud Interconnects in SD-WANInterconnect Connectivity1.Once ICGW finishes deployment,configure Interconnect ConnectivityInterconnect Connectivity2.Select Interconnect3.Complete interconnect deployment steps1.Choose ICGW to add connection2.Select to connect to CSP or other
36、ICGWs3.Choose method of connection(i.e.DirectConnect/ExpressRoute or shared)4.Select location and bandwidth5.Complete method specific settingsBRKENT-200633 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWant to Learn More?Additional Sessions:BRKENTBRKENT-26512651Migrating
37、 to multi-region fabric transform and simplify middle-mile based network designs for large scale,cloud,and Colo based SD-WAN NetworksBRKENTBRKENT-23122312Evolution of Cisco SD-WAN Security and Journey Toward SASEBRKENTBRKENT-23132313Making SD-WAN easy:operational simplification and user experienceBR
38、KSECBRKSEC-30223022Connecting Datacenters and branch offices to the Cisco SASE platformDeployment Video Demonstration:https:/youtu.be/4-dRwbfLBb4BRKENT-200634Optimizing and Securing Public Workloads 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOptimizing SaaS FlowsIaaSP
39、rivate DCBranchData CenterBranch WorkerSD-WAN FabricEnterprise Enterprise AppsAppsSLA Measurement of SaaS AppsEvolution of Cisco SD-WAN:-Historically leveraged to measure app performance for on-prem apps-Now measures app performance for Cloud SaaS apps-Multiple IPSec tunnels through Cloud security m
40、easure best path per appMeasure loss and latency for best pathBRKENT-200636ISP1ISP2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive*First Packet Classification can be enhanced through SD-AVC and is beyond the scope of this slidesDNS requests is duplicated across all avail
41、able Internet egress points or Gateway sitesDNS RequestDetection OptimizationSelectionSecureHTTP ping packets are sent to probe(loss/latency)Quality ProbingvQoE Scores are calculated based on the loss/latency for path selection vQoEScoresUserSaaSApplication DNSDNSHTTPISPISPScoreScore11028Cloud OnRam
42、p for SaaS37ISP1ISP2ISP1BRKENT-200637 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOptimizing SaaS FlowsIaaSBranchSD-WAN FabricMeasure loss and latency for best pathBRKENT-200638ISP1ISP2BobvQoE=10Measure loss and latency for best pathvQoE=8Router collects average loss a
43、nd latency of several 2 minute bucketsIf actual loss and latency are less than expected,app receives vQoE of 10If actual loss and latency are more than expected,then app receives score of percentage of baselineEnterprise Enterprise AppsApps 2023 Cisco and/or its affiliates.All rights reserved.Cisco
44、Public#CiscoLiveExtend Cloud OnRamp for SaaS support across all appsCloud OnRamp for Custom AppBring Your Own App to Cloud OnRamp for SaaSBENEFITS1500+NBAR Recognized Apps+Any Custom AppDynamically route SaaS traffic to the best pathFast,secure and reliable user experienceGain real-time and historic
45、al visibility into application performanceStandard supported appsAdd your own app39 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-2006 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic URL Categories+Microsoft 365 Informed RoutingE
46、nd to End Microsoft 365 User ExperienceEnd-to-End O365 Apps Performance VisibilityO365 TelemetryClient Status?*OptimizeAllowDefaultBranchColo/DC/HubService Status?SaaS Route ProbesvAnalyticsSD-WAN(Internet)Dynamic App/URL CategorizationSD-AVCWAN Link TelemetryBRKENT-200640Bob 2023 Cisco and/or its a
47、ffiliates.All rights reserved.Cisco Public#CiscoLiveCloud OnRamp for Webex Cisco vManage uses API integration to periodically fetch Webex region prefixes.SD-WAN edge routers supports First Packet Match for Webex and identifies the Webex user traffic going to various regions.SD-WAN edge routers sends
48、 HTTPS probes to dedicated Webex Responders across global Webex regions.Ensure Webex traffic goes via best performing path.Webex User traffic going to any Webex region is sent via the best performing path.RegionalData CenterBranchLoss/LatencyWebex ResponderBRKENT-200641ISP1ISP2!SD-WAN Fabric 2023 Ci
49、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud SecurityInternetSaaSIaaSPrivate DCBranchBranchData CenterBranch WorkerSD-WAN FabricBRKENT-200642Cloud SecuritySSO/MFACDFWIPSAMPSecure Web GWURLFilteringDNS Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
50、blic#CiscoLiveCisco Umbrella Secure Web Gateway(SWG)Firewall as a Service(FWaaS)Cloud Access Security Broker(CASB)DNS-layer securityCisco Talos Threat IntelligenceRemote Browser Isolation(RBI)App Discovery and ControlCloud Malware DetectionData Loss Prevention(DLP)Cloud Security with Cisco UmbrellaB
51、RKENT-200643 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella IntegrationSimple,effective integration with Umbrella DNSAuto-Deploy DNS integration with Umbrella APIsUmbrella APIsAnycastAnycast architecture for highly available integration directs client
52、s to not just closest DC but also includes awareness of load distributionMacro-segmentation extension through VPN/VRF aware identity sourcesDNScrypt support for enhanced securityLocal domain bypass Cloud SecurityMiami(Primary DC)Cloud SecurityDallas(Backup DC)Anycast IPBRKENT-200644 2023 Cisco and/o
53、r its affiliates.All rights reserved.Cisco Public#CiscoLiveIntegrating Viptela SD-WAN to Umbrella DNS1.Select Configuration-Security2.Choose Custom Options-Umbrella Registration3.Add Umbrella API KeysA.Created at Umbrella Dashboard:Admin-API KeysB.Use Umbrella Network Devices Network Devices API Key
54、(collect Key and secret)C.Organization ID is located in URL of Umbrella Dashboard1.2.3.BRKENT-200645 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella DNS(Cont.)4.Add Unified Security Policy5.Skip NG Firewall to move to DNS Security and Add DNS Security
55、Policy6.Complete Data for PolicyA.Note:Umbrella Registration Status will display green flag if registered correctlyB.Choose match all VPNs or subsetC.Create a domain bypass list for local domainsD.Under Advanced,ensure DNSCrypt is enabled to convey source VPN info to UmbrellaE.Save DNS Policy6.4.5.B
56、RKENT-200646 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella DNS(cont.)7.Name and save security policy8.Assign policy to templateA.either traditional templateB.or UX2.07.8a.8b.BRKENT-200647 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub
57、lic#CiscoLiveViptela and Umbrella DNS(cont.)9.In Umbrella dashboard,VPNs from branches appear automatically in:Core Identities Core Identities-Network Devices Network Devices10.Assign VPNs as Identities for DNS Policies in:Policies Policies-DNS Policies DNS Policies-Specific Policy Specific Policy-E
58、dit Identity Edit IdentityBRKENT-200648 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUmbrella DNS in ActionUser attempting to access malicious sites(malware,phishing,CCC)is automatically blocked from access.Umbrella default DNS policy can block critical offensive catego
59、riesBRKENT-200649 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella IntegrationAuto-provision and Auto-deploy highly available tunnels with a few clicksActive-Active and Active-Standby designSupport for auto or manual DC selectionECMP or weighted load-ba
60、lancingLayer on Full Umbrella SIGBRKENT-200650 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella IntegrationAuto-provision and Auto-deploy highly available tunnels with a few clicksActive-Active and Active/Standby designSupport for auto or manual DC sele
61、ctionECMP or weighted load-balancingThroughput capacity to 1 GbpsLayer 7 health checks to Umbrella to monitor the health of the tunnelSaaS traffic optimization for Critical Apps with Layer7 health checkPolicy-based routing to Cisco UmbrellaLayer on Full Umbrella SIGCloud SecurityMiami(Primary DC)Clo
62、ud SecurityDallas(Backup DC)Enterprise Enterprise AppsAppsBRKENT-200651AnyCast IP 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntegrate SD-WAN with Umbrella SIGCreate Umbrella API Key1.Add Umbrella Global Credentials by Selecting Administration Administration-Settings
63、Settings-SIG SIG CredentialsCredentials2.Add Umbrella API KeysA.Created at Umbrella Dashboard:Admin-API KeysB.Use Umbrella Management Umbrella Management API Key(collect Key and secret)C.Organization ID is located in URL of Umbrella Dashboard1.2.BRKENT-200652 2023 Cisco and/or its affiliates.All rig
64、hts reserved.Cisco Public#CiscoLiveIntegrate SD-WAN with Umbrella SIG3.SIG integration in device template:A.SIG feature template added to VPN0B.For multiple active tunnels,need multiple source interfaces(can by physical or loopback)4.Verify Cisco SIG Credentials under Additional Templates has automa
65、tically selected“CiscoCisco-UmbrellaUmbrella-GlobalGlobal-CredentialsCredentials”5.SIG feature template:A.Create number of IPSec TunnelsB.Identify A/A or A/S configurationC.Allow auto selection of SIG DCs or select manuallyA.B.A.B.C.3.5.BRKENT-200653 2023 Cisco and/or its affiliates.All rights reser
66、ved.Cisco Public#CiscoLiveViptela and Umbrella SIG6.In Umbrella Dashboard,Tunnels appear automatically in:Core Identities Core Identities-Network TunnelsNetwork Tunnels7.Assign Tunnels as Identities for FW and Web Policies in:Policies Policies-(Firewall or (Firewall or Web)Web)-Ruleset Ruleset Ident
67、ities Identities-Edit Edit6.7.BRKENT-200654 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveViptela and Umbrella SIG8.Select the Number next to“Tunnels”to get a list of all Network Tunnels and then check the applicable tunnels8.BRKENT-200655 2023 Cisco and/or its affiliate
68、s.All rights reserved.Cisco Public#CiscoLiveUmbrella SIG in ActionBRKENT-200657User attempting to access Firewall prohibited applications like Torrent and blocked.Web policy can allow,warn,block,or isolate content categories or specific websites.2023 Cisco and/or its affiliates.All rights reserved.C
69、isco Public#CiscoLiveWant to Learn More?Additional Sessions:LABSECLABSEC-20092009Cisco Umbrella Hybrid environments with IPSec Tunnel ResiliencyBRKSECBRKSEC-10261026Strengthening the First Line of Defense using Cisco Secure Firewall and Cisco UmbrellaPSOMERPSOMER-20062006Simplify your operations;uni
70、fy your SASE architecturesBRKSECBRKSEC-21432143Do you know where your data is?A deep dive on Cisco Umbrella CASB and DLP and how to protect your locations,data and usersBRKENT-200658Remote Worker Connecting to Workloads 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExten
71、d Protection to Remote WorkersInternetSaaSIaaSPrivate DCBranchBranchData CenterSD-WAN FabricCloud SecuritySSO/MFACDFWIPSAMPSecure Web GWURLFilteringDNS SecurityRemote WorkerBRKENT-200660BobBob 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure ClientSuite of secu
72、rity service enablement modulesAnyConnect VPN(Core)Network Access Manager(NAM)ISE PostureHostScan(aka:ASA posture)(No UI)Secure Endpoint(AMP)Umbrella ModuleCloud Management Module(No UI)Network Visibility Module(NVM)(No UI)Diagnostics and Reporting Tool(DART)BRKENT-200661 2023 Cisco and/or its affil
73、iates.All rights reserved.Cisco Public#CiscoLive62Connecting Remote Workers to Internal WorkloadsBRKENT-2006InternetSaaSIaaSPrivate DCRegional HubData CenterSD-WAN FabricCloud SecuritySSO/MFACDFWIPSAMPSecure Web GWURLFilteringDNS SecurityVPN Service(SDWAN RA)BobRemote Worker 2023 Cisco and/or its af
74、filiates.All rights reserved.Cisco Public#CiscoLive63Connecting Remote Workers to Internal WorkloadsBRKENT-2006InternetSaaSIaaSPrivate DCRegional HubData CenterSD-WAN FabricCloud SecuritySSO/MFACDFWIPSAMPSecure Web GWURLFilteringDNS SecurityVPN Service(SDWAN RA)BobRemote Worker 2023 Cisco and/or its
75、 affiliates.All rights reserved.Cisco Public#CiscoLiveEnabling a Distributed Remote AccessBenefits64BRKENT-2006Extends SD-WAN benefits to RA usersApplication visibility,AAR,AppQoEIntegrated into SD-WAN segmentationLeverages FlexVPN RA solutionUse IKEv2/IPSec and SSL RA VPNsIntegration with AAA/RADIU
76、S for identity-based policyIntegration with Cisco IOS PKI for automated certificate lifecycle mgmt.Split tunneling capabilityhttps:/ to Learn More?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive65Optimizing Remote Workers to Internal WorkloadsBRKENT-2006InternetSaaSPrivat
77、e DCRegional HubData CenterCloud SecuritySSO/MFACDFWIPSAMPSecure Web GWURLFilteringDNS SecurityRemote WorkerVPN Service(SDWAN RA)SD-WAN FabricMiddle Mile OptimizationsIaaSMegaportBobConclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOptimizing and Protecting All Wo
78、rkflowsSecure Edge workloads can be easily extended to CSPs through SD-WAN built in automationPartnerships with Co-Los provide enhanced connections to both CSPs and other sitesRich integrations between SD-WAN and Umbrella allow on-prem workers to be secured easilyInspection of SaaS performance from
79、SD-WAN fabric provides an optimized path for inside to outside workloadsRemote Access VPN capabilities integrated into SD-WAN fabric provide a distributed,optimized path for outside to inside workloadsBRKENT-200668 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out y
80、our session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points
81、 in the Cisco Live Challenge for every survey completed.BRKENT-200669 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture th
82、e Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive72Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123472 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-2006#CiscoLive