Application Lists

Table 1. Feature History

Feature Name

Release Information

Description

User-Defined SaaS Application Lists

Cisco SD-WAN Release 20.8.1

Cisco vManage Release 20.8.1

This feature expands the range of SaaS applications that Cloud onRamp for SaaS can monitor, and for which it can determine the best network path. The feature enables you to define lists of one or more SaaS applications, together with the relevant application server for those SaaS applications. Cloud onRamp for SaaS handles these lists in the same way that it handles the predefined set of SaaS applications that it can monitor.

When you enable a user-defined list, Cloud onRamp for SaaS probes for the best path to the application server and routes the application traffic for applications in the list to use the best path.

Information About SaaS Application Lists

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

SaaS Application Lists

Cisco vManage provides a preset list of several cloud applications that Cloud onRamp for SaaS can monitor to determine the best path for the cloud application traffic, including Amazon AWS, Box, and so on. Although Cisco vManage presents each of these as a singular cloud application, the cloud application is, in fact, a list that may include a set of closely related applications, but the details do not appear in Cisco vManage. For example, the Amazon AWS option includes a list of multiple applications that all contribute to the application traffic for Amazon AWS functionality. This is called a SaaS application list.

For each SaaS application list, Cloud onRamp for SaaS probes a single application server, called the probe endpoint, to determine the best path for network traffic for the applications in the list.

NBAR

Each of the cloud applications in a SaaS application list is an application as defined by Cisco network based application recognition (NBAR), a technology that identifies network traffic according to the network application that produced the traffic. Based on the installed Protocol Pack, NBAR operates with a standard set of applications that it can identify (see Protocol Pack). In addition to the standard set of applications, you can define custom applications (see Define Custom Applications) to extend the scope of applications that NBAR can identify.

User-Defined SaaS Application Lists

You can create a user-defined SaaS application list that includes one or more related applications. The applications can be standard applications that NBAR identifies using the installed Protocol Pack, or custom applications.

For each SaaS application list, you specify an application server as the probe endpoint. Cloud onRamp for SaaS probes this server to determine the best path to use for traffic produced by the applications in the SaaS application list.

Cloud onRamp for SaaS handles user-defined SaaS application lists in the same way that it handles the predefined set of SaaS applications that it can monitor. When you enable a user-defined list, Cloud onRamp for SaaS probes for the best path to the application server and routes the application traffic for applications in the list to use the best path.


Note

In contrast to user-defined custom applications, user-defined SaaS application lists do not appear as an option for matching when creating policies. (See the Cisco SD-WAN Policies Configuration Guide.)


Benefits of SaaS Application Lists

User-defined SaaS application lists expand the scope of Cloud onRamp for SaaS to include additional cloud applications. Application lists extend the benefits of Cloud onRamp for SaaS to cloud applications of specific interest to an organization.

Prerequisites for SaaS Application Lists

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

  • SD-AVC is enabled.

  • A centralized policy is defined and active.

    For information about defining a centralized policy, see the Cisco SD-WAN Policies Configuration Guide, Cisco IOS XE Release 17.x.

  • If a gateway site uses a SIG tunnel as its direct internet access (DIA) connection, then in the configuration of the tunnel, enable NBAR protocol discovery.

Restrictions for SaaS Application Lists

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

A SaaS application list can include only up to eight applications.

Use Cases for SaaS Application Lists

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

Scenario

An organization uses an uncommon teleconferencing system that is not recognized by NBAR. The teleconferencing system uses three different network applications to manage audio, video, and other media traffic. All three applications connect to a front-end application server at the following domain within the organization: teleconf-internal.example.com

Figure 1. Use Case

Custom Applications

To track network traffic produced by the teleconferencing system, a network administrator defines three custom applications using the server name described above or L3/L4 traffic attributes (see Define Custom Applications) to identify traffic from the three applications, as follows:

  • teleconf-system-audio

  • teleconf-system-video

  • teleconf-system-media

With these custom applications defined, NBAR can identify traffic from each of the three applications.

SaaS Application List

To optimize the best path for the set of three teleconferencing-related network applications, a network administrator creates a SaaS application list called teleconf-system, and adds each of the three related custom applications to this application list.
  • SaaS application list: teleconf-system
  • Applications in the list: teleconf-system-audio, teleconf-system-video, teleconf-system-media

For the probe endpoint for the SaaS application list, the network administrator specifies the front-end server described above (teleconf-internal.example.com), which handles traffic for the three applications.

The result is an application list, teleconf-system, which includes the three applications. The network administrator enables the teleconf-system application list in Cloud onRamp for SaaS, and Cloud onRamp for SaaS begins probing for the best path to the front-end server. Cloud onRamp for SaaS routes the traffic for these three applications to the best path for the front-end server.

Create a User-Defined SaaS Application List Using Cisco vManage

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

  1. Open the Cloud onRamp for SaaS page, using one of the following methods:

    • From the Cisco vManage main menu, choose Configuration > Cloud onRamp for SaaS.

      or

    • From the Cisco vManage menu, click the cloud icon near the top right and select Cloud onRamp for SaaS.

  2. In the Manage Cloud onRamp for SaaS drop-down list, choose SaaS Application Lists.

  3. Click New Custom Application List.

  4. Enter a name for the list.

  5. To add applications to the list, click the Search field and choose applications. The list includes standard applications and any custom applications that you have defined.

    Optionally, you can enter text in the Search field to filter for specific applications.

    The applications that you choose are added to the Application field, which shows each application in the list.

  6. Optionally, to create a new custom application within this workflow, click the Search field and then click New Custom Application. Creating a custom application on this page is equivalent to defining a custom application in the centralized policy workflow, as described in Define Custom Applications. See Define Custom Applications Using Cisco vManage for information about the what information is required for defining a custom application, the use of wildcard characters, the logic applied when matching traffic to the attributes that you enter, and so on.

  7. In the SaaS Probe Endpoint Type area, define the probe endpoint, which is the server that Cloud onRamp for SaaS probes to determine a best path for the traffic in the SaaS application list.

    • Choose an endpoint type from the following options:

      • IP Address: Enter an IP address. Cloud onRamp for SaaS probes the server using port 80.

      • FQDN: Enter a fully qualified domain name.

      • URL: Enter a URL using HTTP or HTTPS. Cloud onRamp for SaaS probes the server using port 80 or port 443, depending on the URL provided.

    • Enter an endpoint value, based on the endpoint type that you choose.

      Examples: 192.168.0.1, https://www.example.com

  8. Click Add. The new SaaS application list appears in the table of application lists.

View SaaS Application Lists

Minimum supported releases: Cisco IOS XE Release 17.8.1a, Cisco vManage Release 20.8.1

  1. Open the Cloud onRamp for SaaS page, using one of the following methods:

    • From the Cisco vManage main menu, choose Configuration > Cloud onRamp for SaaS.

      or

    • From the Cisco vManage menu, click the cloud icon near the top right and select Cloud onRamp for SaaS.

  2. In the Manage Cloud onRamp for SaaS drop-down list, choose SaaS Application Lists.

    A table shows the details of each SaaS application list. Optionally, you can click an icon in the Action column to edit or delete a list.