What is our primary use case?
We are a reseller and Cisco IOS Security is one of the network security products that we offer to our clients. The primary use case is securing connectivity between sites. Examples of this are between a site and a data center, or a site and a cloud provider.
How has it helped my organization?
DMVPN as a technology, not necessarily for security, has allowed my customers to be more agile in their connectivity, without having to rely on a hub-and-spoke topology. Rather, they can leverage a full mesh topology, which is essentially SD-WAN.
IPsec allows us to overlay that, which means we can obfuscate the underlying infrastructure, whatever the transports are. Whether it is a secure private transport like MPLS or just public internet, we can commoditize the underlying transports and trust that everything is secured from prying eyes.
What is most valuable?
What I have used the most and received the most benefit from is the IPsec technology. It overlays on DMVPN tunnels and being able to secure these object-based tunnels is good because they perform significantly better than traditional IPsec tunnels.
What needs improvement?
With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology.
The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.
For how long have I used the solution?
I have been working with this product for the past ten years.
What do I think about the stability of the solution?
It is not the most stable system that I have worked with.
What do I think about the scalability of the solution?
I don't think that scalability is much of an issue.
Our clients are small enterprise-level organizations, typically between 1,000 and 5,000 knowledge workers.
How are customer service and technical support?
The technical support is pretty good and I would rate them an eight out of ten. If anything, they should work on their response times for critical cases.
Which solution did I use previously and why did I switch?
I would say that 80% of my experience is with Cisco products.
How was the initial setup?
The initial setup is fairly complex, although it depends on the feature sets that you're looking for. Cisco IOM is probably the most complex part of it because it involves setting up all of the QoS policies, performance-routing policies, and performance-routing domains.
From a DMVPN over IPsec perspective, it is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
Price is certainly something that the IOS technology has fallen behind the competition on.
What other advice do I have?
My advice for anybody who is implementing this product is to ensure that they don't overlook the technical overhead that is required to get it set up and keep it running. From an SD-WAN perspective, there are more user-friendly options out there, so they are going to have their own shortcomings. However, if you're going down the route of a Cisco command-line-based solution then make sure that you're prepared to have the staff on hand to manage it or instead, have a trusted partner that you work with and has the expertise to manage it.
From a feature-set perspective, as long as Cisco continues down the path of combining features from its products onto the unified platform, it will have all the features you need.
It's a good product and it does exactly what it's intended to do, but there and stability issues and the price is expensive.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?