By Liam Keegan - January 23, 2020
I’ve found my new favorite platform for branch infrastructure. I’m talking about the Cisco ENCS 5400 appliance, paired with Cisco’s NFVIS virtualization software.
Who should read this article? Financial, retail and other multi-location organizations that want to simplify and standardize their branch infrastructure while at the same time making it much easier to react to business curve-balls. If you’d like to discuss this possibility for your organization, let’s book a time.
There are two things here to explain:
With a traditional branch router (or SD-WAN gateway), you’re limited to just that box’s functionality. An ISR router is an ISR router. A PAN firewall is a PAN firewall. When your business requirements change, you’re rolling a truck. With ENCS+NVFIS, there are no more redeployments when you get a curveball.
I like the ENCS platform because it has everything you need for a branch and nothing more. I believe that 90% of organizations need a router/SD-WAN gateway, maybe a firewall, and maybe a local utility server.
Even with an SD-WAN, adding a 4G backup connection usually makes sense. With the ENCS platform, you can add a 4G NIM, without an external router.
If you’re running one-off NIM cards in your ISRs, this topology may require you to make some compromises. If you have FXO interfaces, move them to SIP, convert FXS ports to ATAs, etc. Everything in this business is about choice and compromise, so the need for flexibility might override changing supplementary service form factors.
With the ENCS, you get that, and more if your business demands ever change! At heart, ENCS is a virtualization platform. Need a router? Install Cisco ISRv. Want a firewall? No problem... vFTD. Have a Cisco SD-WAN? Deploy a Viptela image.
Think about this: you’re doing a significant upgrade. Instead of modifying production infrastructure, you setup your new router/firewall in parallel, then flip to it. Something goes wrong? Just change back. A/B testing for your network!
Here’s where this gets awesome… look at all the non-Cisco stuff you can deploy.
The NFVIS platform is designed to be zero-touch provisioned and has a full suite of APIs to manage the environment. If your team is configuring these boxes via console cable, you’re leaving a lot of efficiencies on the table. Let’s look at a real-world example using a bank.
Let’s look at a next-gen deployment for BankCo, who go all-in on the ENCS platform.
BankCo’s vendor (24/7 Networks, of course!) sends a spreadsheet with all the serial numbers of the ENCS units. Plug and Play (PnP) configuration templates are generated that configure each serial number to the chassis :
After the NFVIS software running on the ENCS is in a known-good state (verified by making API queries against the unit), we start the deployment process.
At this point, it doesn’t matter if BankCo deploys one or one thousand ENCS systems. In traditional deployments, the hard part is getting to the finish line. With an automated deployment, all the work goes into getting the first one out the door. After that, it’s just a matter of scale.
Lather. Rinse. Repeat.
When it comes time to look at branch refresh, take a peek at ENCS + NFVIS and see if it’s the right fit for your organization and the business needs. There are some drawbacks, and the cost may not be at par, but you may gain operational efficiencies that make it worth it as your organization changes and evolves.
If you’d like to discuss this as an option for your organization, book 30 minutes on my calendar. Let’s virtually whiteboard to see if it makes sense for you and your team. No pressure, no pitch.
And, seriously, that picture is untouched. Seriously. I mean it. Seriously.