Cisco Solutions for AWS Cloud Modernization

If you missed my prior blog on app assurance check it out!

Forecasting cloud spend and assuring application performance

It’s challenging to know all the native cloud solutions available to use, it’s even more challenging to know which Cisco solutions are available for use with AWS. 

You will find that there are solutions that repeat or even overlap portions of the AWS Migration stages. For example, in the Discovery stage of cloud migration, the tool you’d likely use for Application Discovery / Infrastructure Discovery is Application Dynamics (AppD). 

It’s important to know that this is not an extensive list, nor should this be used in a silo; rather these are the most relevant products for a migration.

Below is a reference to the relevant Cisco solutions associated with the AWS Cloud Migration journey. Business outcomes will evolve as a customer matures in the cloud and so will the solutions to meet those outcomes. 

“A Process for Mass Migrations to the Cloud” Orban, Stephen, 2008. Retrieved September 6, 2022, from 


Cisco at AWS re:Invent 2021

Here is a summary of Cisco’s mentions and highlights at AWS re:Invent 2021!

Please note: each of these links require registering on the AWS re:Invent site.

Launches and Mentions

AWS GATEWAY LOAD BALANCER >> Now featuring Cisco Firewall as a Service (FWaaS)

Learn more by reading Cisco’s blog

AWS MARKETPLACE LAUNCH >> Cisco Snort 3 Anywhere

Snort 3 Anywhere is a containerized form factor of the well-known, industry defacto standard standard IPS engine. With this latest offering now available in AWS Marketplace you can easily deploy Snort 3 in your EKS or on-premises container environment. Learn more in Cisco’s blog

AWS MARKETPLACE LAUNCH >> Cisco Intersight Workload Optimizer SaaS

Cisco Intersight Workload Optimizer is a real-time decision engine that drives continuous health of applications across on-premises and public cloud environments to analyze workload consumption, costs, and policy constraints across the full stack. Learn more via the new listing in AWS Marketplace and Cisco’s blog.

NEW AWS QUICK START >> Featuring Cisco Meraki Virtual MX

Customers can secure SD-WAN traffic between branch offices to resources on AWS with this new AWS Quick Start. Click to view and deploy.


Cisco SDWAN and Umbrella Integration

Cisco SDWAN offers full-stack security capabilities like IPS/IDS, a stateful firewall, AMP integration, and the ability to leverage the full capabilities of Cisco Umbrella. I can’t emphasize how easy it is to bring Umbrella Security to your Cisco SDWAN deployment. Check out my short video to see how to make it happen.

Cisco SDWAN + Umbrella

Update: 9/1/2020 – This procedure has changed with the release Cisco IOS XE SD-WAN Release 16.10.x and Cisco SD-WAN Release 18.4.x – Umbrella auto-registration



SD-WAN – Cisco Viptela

As I mentioned in my previous post, SD-WAN is an emerging market. Many vendors are trying to become the front runners not only to capitalize on the market trend but to help standardize and define SD-WAN.

Want to secure your SD-WAN? Check out SIG and Integrating it into SDWAN

Several vendors are offering SD-WAN. Cisco has two SD-WAN offerings, Viptela SD-WAN and Meraki SD-WAN. We will discuss the Viptela solution and provide an overview of the architecture as well as how you can transition to SD-WAN.

The network is no longer a function of hardware. The network is a function of software.

Let’s take a step into what makes SD-WAN, SD-WAN. Software Defined-Wide Are Network is nothing more than a router with less responsibilities.

Now you may be asking, what are the responsibilities of a standard router? Well, a standard router has to maintain a Control plane, right?..OSPF, BGP, the RIB. Of course the Data Plane and Management.

Taking the responsibilities of a standard router and segmenting them or decoupling them so that they don’t have dependencies on each other, is what makes SD-WAN at its foundation. After all this is software defined networking…

Viptela SD-WAN Overview

vBond – vBond is the orchestrator for control plane connectivity. When a new device comes onto the fabric it needs to contact vBond. vBond will assist in authenticating and connecting the device to the vSmart controllers and discovering vManage. vBond is a virtual appliance.

vSmart – vSmart is the controller. vSmart controllers distribute data plane policies to the vEdge routers. OMP is used to communicate between the vSmart controllers and the vEdge routers. vSmart controller is a virtual appliance.

vEdge – vEdge is the router and establishes a TLS connection to the vSmart controllers over OMP. vEdge routers connect to vSmart controllers and receives data plane and control plane policies. vEdge routers support traditional IGP protocols and VRRP for the LAN. vEdge routers can be deployed physically or virtually.

vMange – Is the GUI for all of this. This is where you create/assign policies, provision, monitor and troubleshoot your SD-WAN network. vManage is a virtual appliance.

Screen Shot 2018-09-05 at 10.59.53 AM

I wanted to highlight these as foundational components of Viptela and by no means is it a complete architecture!

Let’s explore how to get from traditional WAN to a SD capable WAN. First, ask your self if you are faced with these issues.

  1. Poor user experience for cloud and Internet applications at branch
  2. Provide high-bandwidth connectivity at the branch and reduce WAN costs
  3. Simplify branch deployments
  4. Securing the branch

If you are affected by one or more of these issue then you should look into Cisco’s SD-WAN Viptela.

Then start with a phased approach. You can stand up Viptela in a brownfield deployment fashion so that when you are ready, you can cutover from your existing WAN to your SD-WAN.

Deploy vBond, vSmart, and vManage as a virtual appliance in the cloud.

Screen Shot 2018-09-05 at 11.38.37 AM

Then decide on a physical or virtual deployment for your branch vEdge routers. If you are using ISR1K/4K, or ASR1K at the branch, you already have vEdge capabilities! IOS-XE release 16.9.1 will get you the the SD-WAN capabilities.

Viptela has some of the best and easy to digest documentation. See Getting Started and Viptela – Bring Up Sequence of Events to get your SD-WAN fix!


Evolving Technologies

SD-WAN, SD-Access, and Intent Based Networking are emerging designs to serve a single purpose.

Application trends, traffic trends and user experience are changing. They are going to continue to change as the adoption of the “cloud” continues.

The idea of hosted applications has changed the way the network functions and delivers content. Applications like Cisco WebEx, Microsoft O365, and Amazon Web services are all examples of applications that have adopted the cloud model. Also better known as Software as a Service (SaaS).

These applications, different in function yet attempt to benefit from heterogenous networks. Where any user, at any location, with any network can access their application.

Any user, any location, and any network is of course subjective and has dependencies unrelated to this discussion however this is the idea behind SD-WAN, SD-ACCESS, and Intent Based Networking.

The benefits that come from these designs are reduced operational expenses/capital and simplifying the network.

However, the true benefit that these designs offer is user experience. User experience is the business of the today and the future.

Through a series of posts we will talk about SD-WAN and other related “evolving technologies” and buzz around the industry.