UK’s trusted IT infrastructure partner since 2003
sales@servnetuk.com
0800 987 4111
Servnet
ConfiguratorGet in Touch
Networking · SD-WAN · Migration

Cisco Catalyst SD-WAN migration: the playbook for UK enterprises moving from Viptela

Servnet Editorial · Networking Practice10 min read

Cisco renamed Viptela SD-WAN to Catalyst SD-WAN in 2023 — but the platform underneath continues to evolve in two divergent directions: the long-term IOS-XE Catalyst SD-WAN platform that Cisco is investing in, and the original Viptela-OS platform that is in long-term support but no longer receiving feature releases. Most existing Viptela deployments need to plan a migration path. This is what works.

Viptela → Catalyst SD-WAN — typical UK migration phasing
W0W4W8W12W16W20W24Design + LLD3wControl-plane build4wPilot 3 sites3wPhased cutover10wViptela decom4wTotal: 24 weeks end-to-end

Where Cisco is investing

Cisco is consolidating its SD-WAN portfolio onto a single hardware + OS combination: Catalyst 8000 Edge routers running IOS-XE, managed by vManage Cloud and the Catalyst SD-WAN Manager. The original Viptela platforms (vEdge 1000 / 2000 / 5000, ISR-equivalent Viptela models) remain in long-term support but won't see new feature releases.

For greenfield SD-WAN deployments in 2025, there's no question — Catalyst 8000 + IOS-XE is the only path Cisco is investing in. For existing Viptela estates, the question is when to migrate, not whether.

When to migrate vs. wait

If your existing Viptela deployment is meeting business requirements and you're not on a hardware refresh cycle, you can wait — Viptela LTS continues to receive security patches and bug fixes through 2027–2028 depending on platform. But "wait" needs a hard deadline: a 2027 migration becomes harder, not easier, the longer it's deferred.

Trigger events that should accelerate migration: hardware EOSL for current vEdge devices; an opportunity to consolidate WAN routing + SD-WAN onto a single Catalyst 8000 platform; a need for features only available in IOS-XE Catalyst SD-WAN (advanced AppQoE, expanded cloud connectivity, SASE integration with Cisco Secure Connect).

Migration approaches

There are three common approaches. Each works; the right choice depends on the size and risk profile of the estate.

  • Parallel-run cutover: deploy Catalyst 8000 alongside existing vEdge at every site, migrate site-by-site over a 6–12 month window. Lowest risk; highest project cost.
  • Phased datacentre-first: migrate the SD-WAN hubs first (DC + cloud gateways), then branches over a longer window. Moderate risk; requires careful design of inter-overlay routing during the transition.
  • Big-bang per-site: replace at each site in a single change window. Lowest project cost; highest individual-site risk. Works well for smaller estates (<30 sites).
Catalyst SD-WAN topology — UK reference design
mgmtDC1DC1DC1SD-WAN ManagerCloud-hostedValidatorOnboardingControllerOMP routingUK Hub siteC8500Branch · LondonC8200Branch · LeedsC8200Branch · BelfastISR4331

The technical gotchas

Policy translation: existing Viptela centralised policy doesn't map 1:1 to IOS-XE Catalyst SD-WAN policy. Application-aware routing, security policies, control policies and data policies all need re-authoring in the new policy framework. Allow 2–4 weeks for this depending on complexity.

Authentication: Viptela ZTP onto the existing vManage doesn't bring devices into the IOS-XE controller plane. New Catalyst 8000 devices need to onboard onto the new SD-WAN Manager — typically via the Cisco Plug-and-Play (PnP) portal.

Transport tunnel re-establishment: BFD sessions, IPSec SAs, IKE associations all reset during cutover. Plan for a few minutes of branch-to-hub downtime per site during the cutover window.

Security stack integration: if you're running Cisco Umbrella, Cisco Secure Connect or third-party SASE (Zscaler ZIA, Netskope) integrated with the existing Viptela platform, the integration needs to be re-established on the IOS-XE side.

What Servnet does

We support Catalyst SD-WAN deployments across the UK enterprise market — banks, retail multisite, manufacturing groups, NHS organisations. We sell, deploy and manage Catalyst 8000 hardware + IOS-XE SD-WAN, and we run Viptela-to-Catalyst migrations as a defined practice.

A typical migration engagement runs: 1) discovery and current-state design review (2 weeks), 2) target architecture + policy re-authoring (3–4 weeks), 3) PoC pilot at 1–3 sites (3–4 weeks), 4) production migration site-by-site (size-dependent — 3 to 12 months for a typical enterprise estate), 5) Viptela controller decommission once final site is cut over.

Key takeaways
  • Cisco is consolidating SD-WAN onto Catalyst 8000 + IOS-XE Catalyst SD-WAN.
  • Viptela platforms remain in LTS through ~2027–2028 — but migration is when, not whether.
  • Three migration approaches: parallel-run, phased DC-first, big-bang per site.
  • Policy translation, ZTP onboarding and security stack re-integration are the major technical gotchas.
  • Servnet runs Viptela-to-Catalyst migrations as a defined practice with phased site-by-site cutover.
Frequently asked

FAQs — Cisco Catalyst SD-WAN migration

Migration approach

Do I have to migrate from Viptela vCloud — and by when?

Cisco end-of-sale for the legacy Viptela vCloud control plane drives most migrations. Catalyst SD-WAN Manager (formerly vManage) is the unified successor. Most UK enterprises target a 9-18 month migration window; longer if you operate >250 sites or have strict change-control freezes.

Can I do an in-place Viptela → Catalyst SD-WAN migration?

Edge devices stay; control plane migrates. ISR4000 / ASR1000 / Catalyst 8000 series support the Catalyst SD-WAN image — same hardware, software upgrade. The control plane (Manager / Validator / Controller) is rebuilt fresh; site templates port across with config rationalisation. Plan a per-site cutover window of 30-60 min.

Should we consider switching vendor at migration time?

It's the natural decision point. The honest alternatives are FortiGate SD-WAN (best for security-led firms with existing FortiGate edge) and Prisma SD-WAN (best for Zero-Trust + SASE journeys). See our three-way SD-WAN compare.

Hardware & licensing

Will my existing ISR4000s work with Catalyst SD-WAN?

Yes — ISR4321, 4331, 4351, 4431, 4451 + all ASR1000 + Catalyst 8200/8300/8500 are all supported. You may need a DRAM/flash upgrade on older ISR4321s. Our Cisco hardware team validates your current estate before quoting upgrades.

What changes about Cisco licensing under Catalyst SD-WAN?

Moves to Cisco DNA Subscription (Essentials / Advantage / Premier) per-device, replacing perpetual ONE Foundation. Smart Licensing is mandatory. Most firms see 10-20 % licensing uplift; offset against vManage / vSmart / vBond infrastructure savings if moving to Cisco Catalyst SD-WAN Cloud.

Operational changes

What's different operationally about Catalyst SD-WAN Manager vs vManage?

Manager UI is a refresh of vManage with the same workflow concepts. New: integrated Cloud OnRamp for SaaS / IaaS / Multicloud, ThousandEyes embedded telemetry, native integration with Cisco Catalyst Center for the wider campus / branch estate. Re-training is 2-3 days for a familiar vManage operator.

Should we migrate to cloud-hosted Catalyst SD-WAN control plane?

For most UK mid-market firms, yes — Cisco Catalyst SD-WAN Cloud removes the operational burden of Manager / Validator / Controller VMs, sits in AWS / Azure / GCP regions, and is the path Cisco invests in. Enterprises with strict data-residency may still need on-premises. Servnet engineering sizes the right option.

Related

Got a question this article didn't answer?

One conversation with an engineer who's done this before. No sales script.

Talk to Servnet →