Introduction to Multidomain
A common trend that is arising in the IT industry is to generate and store data in many areas of the network. Traditionally, a majority of the data for a business was stored in a centralized data center. With the influx of guest access, mobile devices, BYOD, and IoT, data is now being generated remotely in a distributed manner. In response, the industry is shifting from data centers to multiple centers of data. That being said, simple, secure, and highly available connectivity is a must to allow for enhanced user and application experience. The other big piece to multidomain is having a seamless policy that can go across these multiple centers of data. An example of this is policy that extends from the campus environment across the WAN and into the data center and back down to the campus. This provides consistency and deterministic behavior across the multiple domains. Figure 1-11 illustrates a high-level example of sharing policy between a campus branch location and a data center running Cisco Application Centric Infrastructure (ACI).
)
Figure 1-11 High-level Multidomain Example
In future evolutions of multidomain, the common policy will extend from the campus across the Cisco Software-Defined WAN (SD-WAN) environment to Cisco ACI running in the data center and back down to the campus, providing end-to-end policy and management across all three domains. This will provide the capability to leverage things like application service-level agreements (SLAs) from the data center to the WAN and back, ensuring that the applications are performing to the best of their ability across the entire network. It will also relieve strain on the WAN and provide a better user experience when using the applications. Figure 1-12 shows a high-level example of what this could look like from an overall topology perspective.
)
Figure 1-12 High-level Multidomain with ACI and SD-WAN Example
Multidomain offers the capability to have the network operate as a holistic system, as mentioned previously in this chapter. This takes intent-based networks to the next level by taking policy across all domains for a seamless application experience. This also implements security everywhere and provides complete granularity in terms of control and operations. Looking at multidomain from another aspect, the Cisco Software-Defined Access solution can share policy with the Cisco SD-WAN solution as well. This is powerful because the policies that control security, segmentation, and application performance can be enforced across the entire network environment. This means that the user and application experience is congruent across the campus LAN and WAN. Tying both domains together is what delivers the capabilities to protect the applications and ensure that the business outcomes organizations are striving for are being met. Figure 1-13 illustrates a high-level multidomain design with Cisco DNA Center, Cisco vManage, Cisco SD-Access, and Cisco SD-WAN.
)
Figure 1-13 High-level Multidomain with Cisco SD-Access and SD-WAN Example
Cloud Trends and Adoption
Cloud adoption has been taking the industry by storm. Over the years, the reliance on cloud computing has grown significantly, starting with music, movies, and storage and moving into SaaS and IaaS. Today, there are many aspects of organizations that run in the cloud, such as application development, quality assurance, and production. To make things even more complicated, companies are relying on multiple cloud vendors to operate their business, resulting in unique sets of polices, storage capacity requirements, and overall operations skills on a per-vendor basis. Companies are struggling with things such as shadow IT and backdoor applications in their environment. Shadow IT is when lines of business (LoB) are going to cloud providers on their own, without any knowledge or guidance from the IT departments, and spinning up applications on demand in the cloud. This causes major concerns from a security and privacy perspective. In addition, the potential loss of confidential information or intellectual property could damage the brand and reputation of the business. The risks are significant.
Furthermore, the applications in the cloud, whether legitimate production applications or applications that are currently in development, still require certain levels of priority and treatment to ensure the applications are being delivered properly to the users who consume them. This is where some of the capabilities of the next-generation campus network can help to ensure that the applications are being treated appropriately and the experience for the users is adequate. Figure 1-14 illustrates the demand on the campus LAN and WAN and how cloud applications are becoming critical to the operations of the business. The campus network has the shared responsibility of ensuring that the applications perform to the best of their ability and provide an exceptional user experience. The campus network also has to share the security burden to make sure that the appropriate users are accessing the applications and sharing information in the first place. This is where having a good segmentation and security policy is paramount.
)
Figure 1-14 Demand on LAN and WAN for Internet-based Applications
The majority of the bandwidth that applications consume affects the WAN environment more than the campus LAN. This is due to the WAN links having a more finite amount of bandwidth versus the high-speed bandwidth links seen within a campus environment. Having direct Internet access in a branch can assist with alleviating some of this pressure. By being able to detect application performance through one or more direct Internet access circuits, the branch routers are able to choose the best-performing path based on the application-specific parameters. This helps offset the low-bandwidth WAN transport. If one of the links to the cloud application fails or has degradation in performance, the application can automatically fail over to another direct Internet link. This process is fully automated and requires no interaction from the network operations staff. Figure 1-15 shows this scenario with multiple direct Internet access links.
)
Figure 1-15 Multiple Direct Internet Access Links to Cloud Applications