What needs improvement with Cisco SD-WAN?

It is expensive.

The solution should be more user-friendly.

Customers collaborate with ISPs and currently work with three ISPs, using options like LSM VPN and MPLS VPN to reduce line costs. They are considering moving from their current setup to an MPLS VPN and might also consider using a DIA line for internet access. However, due to government regulations and audits of internet access, they are cautious about using an internet line. They are still deciding which bank should be the first to implement this change. If I want to improve the SD-WAN in the future, they might consider integrating it with technologies like SignalR and SRv6 into the SD-WAN control plane. This would enhance functionality, such as SRv6 video capabilities. They can simply use an SD-WAN solution based on SRv6.

The solution could be cheaper.

Cisco should develop a clear roadmap, ensuring seamless integration between Meraki and Viptela. Simplifying the definition and implementation could add significant value, as it can be complex due to multiple product integrations and customization requirements.

The product's application delivery feature needs improvement. Its ability to provide efficient reliability during multiple WAN link failures could be improved. The second consideration revolves around the port reliability of the link. Moving to the third point, while Cisco's advanced solutions excel in high-compute environments typical of software-based companies, they may fall short in addressing the needs of organizations with high-compute and high-storage infrastructures, especially those preferring hybrid or on-premises setups. Silver Peak outperforms Cisco in this area due to its WAN optimization techniques. To bridge this gap and accelerate product adoption, they could integrate WAN optimization solutions into their SD-WAN portfolio through strategic decisions such as acquiring robust WAN optimization solutions like Riverbed Steelhead or integrating its legacy product, with modern SD-WAN capabilities.

As the majority of our applications now reside in the cloud, there's a growing need for solutions that revolve around cloud-centric policies. Currently, the convergence between on-premise and cloud policies lacks centralization. The platform that seamlessly facilitates the translation of on-premise policies into cloud-compatible equivalents would enhance efficiency, ensuring that policies are consistent and stable, regardless of the hosting environment, allowing for smoother service delivery. An area for improvement lies in enhancing the integration with the security functions of the SD-WAN.

In the transition from Viptela to Cisco SD-WAN, there have been very huge revision cycles in the last three to four years. This does not happen for a stable product. Still, it is because Cisco has been migrating from one vendor and merging into their own operating system and making a lot of additional development beyond what is required. This has made it tough for enterprise-level integrators cannot find downtime to keep up with the upgrades. Cisco is working to stabilize the product, which will likely be much more stable in the coming years. So, I would like to see revision cycles to be more stable. Another area of improvement is the licensing and pricing model. The Cisco SD-WAN licensing model needs to be simplified. There are currently three types of licenses: enterprise agreements, individual licenses, and DNA subscriptions. This can confuse customers, requiring a dedicated person to determine which type of license is right for their organization. Although Cisco is working on many features, the general usability of the templating mechanism should be improved to make it easier to use and understand. The various GUI elements are different, as in Cisco Vault. If I migrate from a CLI to a GUI model for managing devices, the GUI is still more like Viptela. The GUI should be more aligned with the Cisco CLI regarding terms and concepts. The tools need to be more intuitive to use.

The product needs to have more understanding staff in their support team. The tool needs to provide support in every stage of deployment. We did not get the expected support from their team. The product is also not easy to use.

The integration of Cisco SD-WAN with cloud solutions could improve. For example, if any of the applications are hosted in the Amazon AWS cloud we can use a virtual transit gateway for integrating Cisco SD-WAN.

The cost of Cisco SD-WAN is high and has room for improvement compared to competitors such as Fortinet which has similar functionality. The technical support has room for improvement. The UI has room for improvement.

The user interface needs to be more friendly. The solution should be more cost effective.

It would be better if it provided more visibility. At present, we can't troubleshoot in real time.

The solution is expensive and could be cheaper.

Cisco SD-WAN doesn't have automation capabilities, artificial intelligence, machine learning, and isn't IOT-based. There are a lot of technologies coming onto the market that Cisco SD-WAN doesn't have. I would like to see AI-driven capabilities. It should be more cloud-based and compatible with all the clouds.

The cost is too high for certain countries, for example, those in Africa. The solution needs to be more cost-effective. I would like to see AI functionalities added to future releases. I would also like to see endpoint protection features with encryption technology to prevent data from being copied from different locations.

I cannot speak to what areas need improvement. It's an expensive solution.

SD-WAN itself is vendor locked in. At one point, Cisco should make it open so that if we have multiple mergers and acquisitions happening, it's easier to consolidate. Right now, if we are running Cisco, and the other organization in an acquisition scenario is deploying some other competitive vendor, the communication, the manageability of running two separate ESD instances, becomes a burden that falls back on us, especially the network administrators. It's better to consolidate and come up with better products, especially targeting AWS as their underlying transport. Traditionally, what Cisco has done, is they have always considered internet gateways or links and the MPLS links as their transport technology. In some devices, they have also used ELTs. Now, since we have 5G in place, they could look at private 5G ELTs, and they could expand that line, again, particularly in the ESD space since AWS has recently released their own SD instance where they are allowing their customers to backhaul. With SD-WAN being a very custom solution and a vendor-specific solution, we would end up having multiple software-defined instances where one is running in Cisco, and one you are running with AWS, and then again tomorrow, another SaaS-based player or a similar player will come up with something else. For example, when two organizations merge with each other, there is likely a scenario where organization X is running (for example) Juniper, and the other organization is running Cisco. The administrators would end up having to separate ESD controllers. You do not have a single ESD controller that is open in nature, where you can manage Cisco and Juniper devices. That is a concern. So if the controllers were made open, with compatibility between the vendors, that would be a very good thing for the industry overall. As a market leader, they are better positioned to go ahead and make that kind of change. If you look at the history of Cisco, before MPLS came into the game, it was Cisco, Juniper, and a few other vendors who came together and created a very good protocol. We need them to start focusing on the SD-WAN compatibility with other environments and not being so vendor locked with Cisco environments. They should get better controllers that can especially talk with AWS and Azure. Right now, I have taken a subscription with AWS Project Gateway. I will have to place a Cisco CSR image if I want to make it a true SD-WAN solution. Instead of using a separate image, if they could make the Cisco's controller open or a transit gateway solution, that would be ideal.

There's not much that should be improved, but the focus should be on the application side and more cloud applications should be added into the system. Most common sales applications should be supported. Mostly, I think cutting edge solutions should be included in this product. I'm talking about buzzwords like the cloud, for example. The solution should be more focused on the cloud because, apart from the controllers, everything can be cloud-based and everyone is moving to the cloud. Cyber security should also be implemented in the solution, along with maybe implementation of AI/ML.

All of the configurations are based on templates, and we need to spend a lot of time doing the templates. It's good because that means that all of the configurations will be equal in the network. However, we need to spend a lot of time implementing the templates and doing the customizations.

The software for Cisco SD-WAN is overkill because the box is more powerful than required. Cisco needs to replace it with a normal router because the current one is very advanced. They expect a stable internet connection but then try to get sophisticated devices to connect to any infrastructure. However, the infrastructure requires only SIM cards, so it's not that difficult. Implementing a router and a dual-SIM router would be sufficient, but Cisco makes it complicated. I cannot speak to additional features, but we've heard that Cisco may add analytics to the SD-WAN.

Cisco SD-WAN's clustering mechanism needs to be improved. If there are more than five milliseconds of latency time between installations of the VM manager, the cluster automatically breaks down.

We had some issues with Cisco SD-WAN but somehow we troubleshot it and things are going well. The issues have not been a large problem.

The solution is a bit complicated. They could work on simplifying the product. For example, doing configurations could be easier. The initial setup is tedious. It was a bit expensive. They can improve their licensing model. We'd like to see more monitoring features. They can improve in terms of their GUI. They can improve in terms of hardware.

The platform needs to be updated to be more stable and simple.

Cisco SD-WAN could improve the integration with the cloud.

There should be more security features in the hybrid and on-premise deployments of Cisco SD-WAN. The cloud has most of the security features. The AI is good, however, they can improve on it. The endpoint flow from the router to the data center needs to have consistency. Cisco doesn't have a solution for all the devices for the customer. We need more support for all kinds of devices.

We have had some problems with the licensing model, and it is something that should be improved. Specifically, Cisco has some bugs regarding licensing that they need to resolve.

I would like to see features related to security compliance, including a view of compliance with standards. With this, I should be able to do an audit of my SD-WAN network. In addition to having a network with an application-oriented intention, I would like to have a network that is oriented to security standards. I am only referring to the WAN network because with this, we can begin thinking about issues of virtualization. For example, access to SD-LAN where we can bring security policies with the user.

This solution could be improved with a simpler implementation process and licensing model. As for additional features, maybe from a security perspective, it could have more features built into the SD-WAN itself. Rather than going and integrating Cisco with some other solutions, it could have one single SD-WAN solution with more advanced user security features.

It is transversal to all industries. What is important is to work on the costs of the solution. On the technical side, manufacturer-independent solutions should be able to handle different topologies, simple or complex, and without having to invest more money in infrastructure or licensing. What I also find should be improved is the possibility of really separating the software layer from the hardware layer since today the current offer is not well adopted by the service providers, which is why it does not reach the end customers. I understand this is an issue that directly affects the business goal of each manufacturer.

In the next release, Cisco should focus on simplifying the configuration of SD-WAN. SD-WAN has a lot of room to grow. If you compare vEdge and something like Cisco CSR, you'll see the difference. Because vEdge is natively from Viptela, it is a little more complicated to set up an SD-WAN compared with an ISE device like CSR or ISR, or ISR 4000. You have now two different configuration spaces like iOS, and then some commands and styles are Viptela. So this is the thing that Cisco should work on.

The quality could always continuously improve. For example, we've had stability concerns in the past. Native connectivity into the major cloud providers would be ideal. Often, the solution does require a specialized team to come in and assist with the initial setup. Technical support could be more helpful and responsive.

Cisco should focus more on making products that are convenient for users. Sadly, I think they are more interested in making money rather than making reliable products. The Cisco way of thinking is to create umbrella-like solutions. I would prefer it if this solution was separate from the entire monstrous Cisco portfolio, without additional marketing and other unnecessary features. Still, so far it has been working well. Plus, the support is great. The only drawback is that it's an expensive solution.

There is much room for improvement on the cybersecurity side. For most of the clients, it is unacceptable nowadays to have too many people involved in managing the corporate network, and many clients like to see providers that can deliver a unified solution that integrates together with the network functionalities and the cybersecurity functionalities as they go hand in hand, especially in a regulated industry such as in banking, insurance, or healthcare. All governmental infrastructure must be compliant with very specific guidelines and requirements. It's not always it is possible to meet them with out-of-the-box products. You need to integrate on the top. If Cisco can work more in creating a true SASE solution known simply as an SD-WAN solution, that will be magic. That will be perfect. Right now, they need to do more of the cybersecurity side. Cisco is working at the moment. Unfortunately, like all traditional companies, it is very big and quite spread out. That makes it a little bit slower to react than some of the other competitors in the space. Some competitors are much faster in providing out-of-the-box solutions, more innovative solutions. In terms of innovation, in many cases, they're lagging behind.

The price could be better. From a technical side, and everything's working smoothly. Cisco SD-WAN could be cheaper.

For the most part, we don't really see any features that are lacking. The actual configuration could use some work. The solution could add in some more automation elements to help with the process. The solution needs to be more flexible around legacy devices. The security should be improved on the solution. They need to make everything more secure. Scalability could be easier to achieve if a company needs to expand. The product could improve its pricing. They are very expensive.

We've worked with BetterCloud, and found the security to be better than what is offered by Cisco. The user interface is nicer as well. Cisco should look at what they are doing and try to replicate it a bit. When it comes to adding more security features, you need to add more RAM. The pricing could be a bit better. When a customer transfers from a traditional WAN to SD-WAN, the subscription price is one big problem for them. The solution is a bit buggy, which makes it slightly unstable. The provisioning could be easier during deployment. Some vendors say they can handle provisioning, however, it differs from vendor to vendor.

One of the major areas that Cisco can improve on with their SD-WAN offering is their security features. When compared with Fortinet, who have what they call their 'security pillars' (e.g. firewall and security features built-in to their SD-WAN solutions), Cisco generally comes up short. With Cisco, if you need a security component, you have to pay more to get it done. So if they could add more security features that come part and parcel with their existing solutions, then I think Cisco could be very aggressive in the market. Essentially, they have to incorporate different security features on top of their SD-WAN box. At the end of the day, I should be able to give one single box to the customer which includes SD-WAN and all the necessary features such as security. When it comes to IoT edges, they could possibly incorporate their SD-WAN features into the LAN side together with Cisco's DNA networking, just as Aruba is doing with their ESP solution. If Cisco could come up with a similar solution to that, then I think they will have the upper hand in the market compared to their competitors' brands. They have to come to a point where they can better integrate WAN and LAN into one single platform. Regarding the data center sites, when we're talking about software-defined networking, Cisco has the SD-WAN segment, software-defined access for the LAN segment, and application-centric infrastructure for their data center segment, and they have to combine all three segments into one platform. Just like how the other guys are doing it. Again, if they can accomplish this, then technically they have a fair share in the market. Otherwise, Cisco could also integrate more features on the cloud side of things, like with SD-WAN in the cloud, or SD-WAN in AWS, some of which I believe they have implemented already. Beyond that, I can't say too much about what I'd like to see when it comes to new features because almost every day I've seen Cisco add more features to their SD-WAN and SD-LAN portfolios. At the rate they're going, it could be only a few months before they add the security features I've mentioned. So from my perspective, I think they're doing okay. Finally, in terms of stability, there could be some improvement. In my experience with our current project, there have been some instances where stability has been an issue. But I can't speak for everyone here; other partners who have completed more projects may disagree and this is only my own observations so far.

The security features could be improved. The solution needs to offer better stability. The product could have improved flexibility.

An area of improvement for this solution is reducing the complexity. Currently, the solution requires people who have a very good understanding of Cisco SD-WAN. For example, VeloCloud can be used and is easier to understand, but it has limited functionality. It is designed like a block box where the internal architecture is hidden. With Cisco, I can see the inner workings of the architecture. Therefore, it is necessary to have a good understanding of how the solution works in order make full use of it. An additional feature that should be included in the next release of this solution is the ability to use a local area network (LAN) behind the domain name system (DNS) box. This feature would allow for better communication protocols to be put in place.

The bandwidth limitations would be good to remove, but it is a policy and license situation for Cisco because the cost is very high. It would be good to have OTP implemented with VRF. It can have support for EIGRP Over the Top (OTP) VRF. I saw some limitations in regards to the VRF protocol and the advertisement between VRF configuration. EIGRP Over the Top basically was quite limited with the VRF configuration. If you wanted to do rollback in VRF by using the EIGRP OTP protocol, the formation was not populated across. Cisco got back and confirmed that it is a configuration that I need to wait for until the next release, which is going to happen in one year. Cisco documentation is not the way it used to be before. It just gives an easy way to configure, but it doesn't go into the details of the configuration. The information that you need is there, but sometimes you want to go further and get more information, but the information is quite limited. It would be good to cover a few business cases or configuration cases. They used to be there in the past.

Its license model needs to be improved. They always make the license model too complex. There are too many license models and too many options. They should have a flexible license model. They can improve a lot of things in terms of scalability, templates, and automation, mainly automation for onboarding a number of sites. If you want some new features, it can take quite a long time. If you want a feature and it is not yet developed, you need to have the support of the business units to have the feature developed. If the feature is not on their roadmap, it can take quite some time before you get the feature.

When you buy the equipment, they should already put it into your cloud account. It should already be set up so that we can manage with vBond. We came across an issue where it wasn't resolved in the DNS. We are using Umbrella, so we need to create a VPN IPSec tunnel to Umbrella to enable the users to browse. I would really like to see an internal built-in firewall so that we don't have to go to Umbrella. This functionality might already be there. We are quite new to this solution, and we are still learning about it.

They should enhance the reporting because, as it is today, they need more executive-level reports. If in the future they can support Cisco SASE then it would be good.

The licensing model needs to be improved. Sometimes we feel that the choice of models is very limited, so we would like to see additional devices made available.

I think that the SD-WAN had everything that my client was interested in in our first experience with it. I think that some of the solutions now are being integrated with other services. As an example, Fortinet has a product called FortiGuard. Included in the FortiGuard product is an SD-WAN. So some of these products are expanding capabilities so that they have more to offer in a single product. That would be a nice thing for Cisco. They could provide you your firewall and your SD-WAN solution together. Some people like that approach of nesting products or bundling because they have fewer vendors to deal with and immediate integration. I am sure as time goes on that the threat landscape will continue to change all the time. What was good encryption five years ago may not be such great encryption today. Because of that, I am sure that you have to constantly be looking at the threat landscape to see if you need to change anything. I do not know if I am close enough to that cutting edge of the problem to answer the question as to what Cisco's solution really needs. All I know is that my client is very happy with what they have got in the way of savings and functionality. That does not mean that there are not some other things that they would like to see. I just do not know what they are. There are a number of large companies that have bought out various SD-WAN vendors. If you looked at VMware, you will find that they also have an SD-WAN that they bought. There are several other companies that have bought SD-WAN services because the technology is so good and the cost benefit is so great that it is worthwhile for almost any company to implement it. They get the advantage of performance and the benefit that these systems never go down. As an example, one time locally there was an incident where two providers, CenturyLink and Level 3, went down at the same time. If you had CenturyLink and Level 3, your connection to the internet would have gone down for six or seven hours or whatever the overlap of those outages was. That would be an extreme case. There is another local ISP service called Cox, if you had CenturyLink and Cox, Cox did not go down. In that case, you would continue using your internet or your connections to your branches without ever experiencing an outage and it would just go through Cox. The reason is that Cox's infrastructure, their central office, their wiring, their co-ax cables, or fiber are completely separate from what CenturyLink uses. CenturyLink has got a completely separate central office and completely separate wire. So the chances of those two entities going down exactly at the same time is something that just never happens.

Cisco products are a little bit complicated, so making them a little bit easier would be an improvement. The installation is easy but having many components, and the integration with other components, is a little bit complex compared to other products and other vendors.

I would like them to add some more SD-WAN ports. We have seen one implementation where there were four ISPs. Currently, we have a maximum of two ports for ISP in this device. Therefore, we cannot connect directly, and we need other switches. There should be some option to have more than two ports for SD-WAN.

The inexpensive Viptela hardware may be replaced with overpriced Cisco routers. This would be a tragic mistake for Cisco as the lightweight commodity platform built by Viptela is the reason to own this solution.

I would like to see a better, web-based interface to make changes to the configuration or to view statistics. The main weakness of Cisco products is the user interface. This solution would be improved with the inclusion of an ISA Firewall.

On its own the product does what it's expected to do but if you're looking for more features you'd need to move to a dedicated firewall like the ISA firewall. There's something a little inconvenient and old style about it. The solution could have a better web interface to simplify changing configurations or see some statistics. I think the main weakness of the Cisco product is the user interface, I'd like to see things more clearly.

We've just started using the solution, so I don't know if there are any features that are missing. We haven't used it long enough to find any faults. The initial setup could be a bit less complex.

Since most user-data is going through the solution, we are concerned about security, as all the information is in the cloud and not on-premises. The user data authentification should be higher to better prevent malicious attacks.

The client portal needs to be improved in order to make the solution much better. The service care area of the solution needs improvement. That is to say, the ability to have a simplified management system is a key success factor. If you could have the ability to raise an SD-WAN capability just by activating a kind of license, it would great. We have too much hardware deployment needed right now. In the future, if the solution could make it so that there is nothing to deploy beyond a license and some firmware, it would be great.

The main issue is that not in the technology, but it comes back comparison. When we do a comparison with other SD-WAN solutions, they are priced better. Then on that basis, they conclude to use the other solution.

The whole solution needs to be re-imagined. It's quite complex right now and really needs to be simplified to make it easier for those of us using it. It should offer more simplified management as well. The solution is expensive. They should adjust their pricing to make it more competitive.

This solution has a built-in firewall that handles URL filtering and functionality, but you have to buy other cisco services like, Umbrella. Some of the customers would rather just use Fortinet or Palo Alto. This solution should include a fully functional firewall at no extra charge. At this time it supports layers three, four, and five, but it needs support for a level seven firewall.

The product is not a cheap solution and could be improved by lowering the cost. Most customers who do not buy Cisco give their primary reason as cost. If the cost was reduced then I think we'd be able to sell more. Vendor log in could also be improved. There are a lot of solutions on the market now that are open solutions, meaning boxless solutions. You don't really need to buy the box that Cisco provides. You can upgrade to SD-WAN using the open solutions. Cisco could provide a full mobile solution but I don't think they'll do that because selling their hardware on top of the software is their bread and butter, . Before SD-WAN came in they provided quite a few features. For example, a lot of customers were using Cisco's router and voice gateway which has not been available since the launch of SD-WAN. They are still working on restoring it. It's one of the key issues with the Cisco SD-WAN solution that would be a good additional feature. Whatever features were supported before are not supported in the SD-WAN solution now. If they could incorporate all those features for customers that would be a big improvement.

It would be very helpful if we had better access to a knowledge base, or online documentation, to help both us and our customers learn to use this solution.

This solution is expensive so pricing is a concern.