AWS Public Sector Blog

Accelerate Your Journey to AWS with a Cisco Cloud-Ready Network

A guest post by Bilal Raja and Grimt Habtemariam, Cisco

Many organizations have developed a cloud-migration strategy and are looking at how to accelerate cloud adoption. As organizations increasingly embrace IaaS, PaaS, and SaaS consumption models, many select Amazon Web Services (AWS) as their cloud provider.

While pre-application migration planning and application readiness is a key focus area, many organizations realized that network readiness is critical for a successful cloud adoption journey. Legacy network architectures lack the simplicity, adaptability, automation, and application awareness needed to deliver the best user experience. A cloud-ready network should enable secure and optimized connectivity to cloud services from remote locations.

Cisco next-gen SD-WAN is one of the pillars of the cloud-ready network that can accelerate an organization’s cloud adoption.

Cloud Ready WAN

For an optimal end-user experience, an organization requires seamless connectivity between branch office locations, applications, and cloud workloads. Many WAN solutions are ill-equipped for this task because they are generally rigid, complex, and expensive. Internet of Things (IoT) adoption, an increase in the number of network devices, and the sophistication of security threats further compound this challenge.

Cisco SD-WAN on AWS is an overlay WAN architecture designed to address heterogeneous WAN connectivity and distributed users by building a scalable WAN infrastructure that reduces data transport costs and operational expenses. Cisco SDWAN for AWS helps with the following two major use cases:

Cloud Onramp for SaaS – Improving SaaS performance with SD-WAN on AWS

Enterprises with legacy WAN architecture can find it challenging to provide a quality end-user experience with their SaaS adoption. Often, a suboptimal path with increased latency is chosen to connect a user to the SaaS application in the cloud, resulting in a degraded end-user experience. A cloud-ready network via SD-WAN solves this challenge by creating multiple Internet exit points and dynamically steering around bandwidth and latency issues in real-time. This results in an optimal SaaS user experience at remote locations.

To achieve this, the SD-WAN fabric continuously measures the performance of designated SaaS applications through permissible paths from a branch, including direct Internet access. For each path, the fabric computes a quality-of-experience (vQoE) score that gives network administrators visibility into application performance. The fabric makes real-time decisions to choose the best-performing path per application per VPN between the end users at a remote location and the cloud SaaS application. It also automatically fails over in case of performance degradation.

Cloud Onramp for IaaS – Fast and secure connectivity to the AWS Cloud

Traditional hub-and-spoke network architectures were designed to support consolidated applications and services hosted at centralized “demilitarized zones” (DMZs) and datacenters. This layout forces the backhaul of Internet traffic through the DMZ, creating inefficient traffic routes that increase the distance between end-user and application. As an alternative, many organizations opt to implement private circuits or MPLS to create mesh connectivity and satisfy any-to-any traffic requirements. This approach can work, but it can be costly and adds operational complexity. There is also a need to handle dynamic traffic patterns driven by seasonality, bursting, or external events.

Cisco SD-WAN Cloud onramp for IaaS extends the visibility, reliability, and management of the SD-WAN network from branches, remote sites, and campuses to AWS. It allows for a transport-independent, any-to-any connectivity and end-to-end VPN segmentation. Tight integration with Amazon Virtual Private Cloud (VPC) enables organizations to automate network configurations with a consistent policy across branch, datacenter, and AWS, so they can more quickly deploy and scale workloads on AWS. Cisco vEdge routers are deployed in a gateway VPC to connect remote locations and application VPCs. This enables administrators to easily scale up the VPC environment by reducing the number of point-to-point tunnels between an organization’s remote locations to host VPCs, resulting in a simplified WAN management, lower transport costs, and faster time to deployment. The gateway VPC also supports workload segmentation, especially when an organization deploys application VPCs across multiple AWS Regions. The vManage component of the Cisco SDWAN solution orchestrates the WAN sites and Amazon VPCs to automate connectivity and provide full lifecycle management and network visibility into the entire SDWAN environment.


A cloud-ready network delivers the benefits of cloud and maintains availability, scalability, and flexibility, while eliminating operational complexities. The result is an optimal end-user experience, improved connectivity to mission-critical applications, and accelerated migration to the AWS Cloud. Is your network cloud ready?

To learn more about Cisco SDWAN, visit:

AWS Public Sector Blog Team

AWS Public Sector Blog Team

Headquartered in Arlington, Virginia, the AWS Public Sector blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (, or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).