Cisco Cloud OnRamp for Multicloud

Cisco Cloud OnRamp for Multicloud 

The key differentiator for Cloud OnRamp for Multicloud is automation. The whole solution is automated—The end user must simply enter public cloud credentials in the related vManage section, discover virtual networks and workloads, and define two routers for interconnection. vManage automatically do the whole deployment of the transit VPC, the bring-up procedure of virtual routers, and interconnection.

Cisco OnRamp for Multicloud provides the following benefits:

• Automate the Cisco SD-WAN extension to the cloud from enterprise sites through the internet, interconnect, or colocation environments.
• Use a cloud-delivered Secure Access Service Edge (SASE) architecture to consolidate networking and security functions and to extend a consistent policy to users and applications on-premises and in the cloud.
• Deploy applications and services on demand by using a consistent user interface for a unified experience across all clouds and on-premises locations.
• Optimize user experience for customers and employees by using granular insights into application performance.

AWS Cloud Architecture

Cloud OnRamp for Multicloud with AWS can orchestrate the Transit Gateway, attach host VPCs to Transit Gateway to facilitate the transfer of data between the branch and AWS cloud. Integration with Transit Gateway Network Manager is also supported. The Cisco vManage controller talks to Transit Gateway Network Manager through application programming interfaces (APIs) and shares the branch site router information with Transit Gateway Network Manager. This enhanced visibility into the branch and cloud connectivity from Transit Gateway Network Manager helps in monitoring the site to cloud WAN links.

In Cisco SD-WAN 17.5, the choice of using IPsec or GRE tunnel is done at a global level, meaning that you can only use one protocol for all the regions. Future releases bring some flexibility, meaning in AWS region A, you can use GRE tunnel in AWS region B and in IPsec.

Another option for integrating your Cisco SD-WAN fabric with AWS is called Branch Connect. This feature enables you to build an IPsec tunnel from the branch router directly into Transit Gateway without going through the Cisco SD-WAN virtual router. For some of the small-scale remote sites, this could be a cost-saving solution. You can also do the creation of this IPsec by using the Cloud OnRamp workflow.

Azure Cloud Architecture

Cloud OnRamp for Multicloud with Microsoft Azure provides the same automation and deployment services as with AWS. The workflow deploys the Cisco SD-WAN Cloud Edge routers within the Microsoft Azure Virtual WAN (vWAN) or a Transit VNet and connects to the Microsoft Azure Host VNets. Cisco vManage fully automates the deployment of the Cisco SD-WAN Cloud Edge routers and the connection to the host VNets.

The vWAN architecture is a hub and spoke architecture with scale and performance built-in for branches (VPN/Cisco SD-WAN devices), users (Microsoft Azure VPN/OpenVPN/IKEv2 clients), ExpressRoute circuits, and virtual networks. It enables a global transit network architecture, where the cloud-hosted network (hub) enables transitive connectivity between endpoints that may distribute across different types of spokes.