NFV orchestration for cloud and virtual branch services

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Confidential © 2016 Cisco and/or its affiliates. All rights reserved. 2

NFV/SDN Platform for Orchestrating Cloud and vBranch Managed Services

R. Wayne Ogozaly Technical Lead Engineer Cisco Systems

October 12th , 2017


Agenda

• What’s driving the NFV / SDN Business Transformation?

• What’ possible today…Cisco Virtual Managed Services (VMS) Demo

• Services Overview…VNFs running in Clouds and Virtual Branches

• Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch Provisioning for Cisco and 3rd Party devices (physical and virtual)

• Conclusions


What is Network Functions Virtualization (NFV)?

In NFV, network functions run as software modules on x86 servers. An NFV infrastructure, or NFVI, provides the underlying compute, storage, and network resources required for NFV.

• New elastic services

• Decoupling of hardware and software

• Automating everything and simplifying network operations

• Reducing OpEx (not transferring cost)

• Increasing service revenue

Standards based frameworks…ETSI…NFV and MANO

MANO NFV Framework

European Telecommunications Standards Institute (ETSI) NFV Industry Specifications Group

Management and Orchestration (MANO) Framework

BRKARC-2259 4


What is Software Defined Networking (SDN)?

In an SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…

• Separation of Control and Forwarding plane

• Centralized Management – Global view

• Automating everything and simplifying network operations

• Reducing OpEx (not transferring cost)

• Increasing service revenue

BRKARC-2259 5

What’s driving the NFV / SDN Business Transformation?

Why Virtualization for the Enterprise Network?

NFV Readiness

Organizations researching, testing, or deploying in the

next 24 months

59%

IoT Mobility Analytics Cloud Mobile traffic will Exceed

wired traffic by 2017

IoT Devices will

triple by 2020

76% of companies planning

to or investing in Big Data

80% of organizations will

primarily use SaaS by 2018

Cites the need to increase network

virtualization

32%

Solve Networking Tech Challenges

Savings up to half of current OPEX

50%

Costs


Enterprise customers require better IT solutions

*AMI-Cisco ITaaS Research of 350 business in 11 countries

Global business IT priorities*

Global

SDN/NFV market

is expected to

reach $6B by

2020 (IDC)

BRKARC-2259 8


Is your Network ready for the Digital Transformation? The WAN Connects Branch Sites to the rest of the world

of employees and customers are

served in branch offices

80%

of our applications are

accessed via the Internet

50%

Cite poor application

performance and latency

as a corporate concern

48%

Have either 2 or 3 WAN

connections per branch

70%

How can SPs

deliver better

branch services,

at a lower cost,

over any

connection?

BRKARC-2259 9

What Managed NFV Services Can Do For You

Quickly roll out new services and locations

Gives you flexible deployment options

Simplify day to day operations, reduce OPEX

Simple and easy

to design, provision,

manage the trusted

services that are critical

to your business

What’s possible today… Cisco Virtual Managed Services (VMS)

• Zero-touch deployment from the Cloud of your

choice, multi-tenant platform

• Automated orchestration of platform and VNFs

• Service chaining and licensing

• Health monitoring

• Scaling of services, devices, tenants across the globe

• Operational SLA and Lifecycle management

• Create standard VMS Service Templates for different branches

• Cisco tested and validated designs, or bring your own configs

• For Cisco and 3rd party VNFs

Automated Orchestration, Management, Policy

Made simple with Virtual Managed Services (VMS)

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 BRKARC-2259

The Power of VMS vBranch… Many vendors, Many services…One Branch

VMS vBranch

Firewall & IPS

ISRv

SD-WAN

vWAAS

NFVIS

Internet

lan-br2

wan-br1

GE0-0

GE1-2

lan-br1

GE1-0

Branch Clients

14

Viptela vEdge SD-WAN Service

Cisco vWAAS WAN acceleration

Cisco ISRv IOS-XE routing and mgt

Palo Alto FW WAN firewall + Intrusion Protection Service (IPS)

Cisco NFVIS vBranch service chaining and VNF Lifecycle mgt

VMS Services


VMS Architecture – Simplified Cloud Management

VMS Operator/Admin services Secure Multi-tenant Cloud management,

Service creation platform for Enterprises & SMBs

VMS Customer services Self-service portal for service selection, device

analytics, traffic usage, service configuration,

SP Branding and service customization

[ OPTIONAL ]

Open REST APIs and SDKs Develop new Services using rich APIs,

Service SDKs, and world-class NSO Customer equipment (On-premise and In-cloud)

SERVICE PROVIDER | CUSTOMER

ISRs &

ASRs vBranch

VNFs Multi-

Vendor Security

Demo Virtual Managed Services running on a Virtual Branch x86 device


Simple Implementation of SDN/NFV using VMS From Network Complexity to Simplicity and Automation

Service Oriented Self-Service

Automated Provisioning Scalability

Plan It Design It Where Can

We Put It?

Procure It Install It Configure It Secure It Is It

Ready?

Manual

From Months to Minutes

Automated Self- Service On-Demand

Plan It Design It Is It Ready?

BRKARC-2259 17

Cisco vBranch and ENCS

Cisco 4000 Series ISR + UCS® E-Series

Cisco® UCS C-Series

Enterprise Network Compute System (ENCS)

Network Functions Virtualization Infrastructure Software (NFVIS)

Virtual Managed Services (VMS & NSO for SPs)

Introducing Cisco NFV managed by VMS Network Services in Minutes

Virtual Router

(ISRv / vEdge)

Virtual Firewall

(ASAv, FTDv)

Virtual WAN

Optimization

(vWAAS)

Virtual Wireless

LAN Controller

(vWLC)

Third-Party VNFs

Freedom of Choice from VMS Cisco Intelligent Branch

Virtual Router

Virtual Services

UCS C-Series

Branch and Campus NFV

Physical Router

Virtual Services

4000 Series ISR +

UCS® E-Series

Traditional

Physical Router

Cisco® 4000 Series ISR

Centralized services

Fixed integrated services

Conservative

Upgradable hardware

Deterministic routing

performance

Elastic routing and services

Performance

Early adopter

Virtual Managed

Services for SPs License

Portability

Investment

Protection Access to Ongoing

Innovation

Elastic routing and services

Router / Server Hybrid

Virtual Router

Virtual Services

Enterprise Network

Compute System (ENCS)

Platform Built for Branch/Campus NFV ENCS 5000 Series for the Branch

Enterprise Network Compute System

Best of Routing

& Compute

Complete

Virtualized Services

Open for Third Party

Services and Apps

ENCS 5400 Series

ENCS 5100 Series

ENCS 5000 Series - Chassis Options

ENCS5412 12-Core ENCS5408

8-Core ENCS5406 6-Core

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz

PoE No No 200W 200W

Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs

ENCS5104 4-Core

ENCS 5400 Series – I/O Side

6, 8, or 12-Core

Intel Xeon-D

16 - 64 GB

DRAM

8 Integrated LAN Ports

with Optional POE Network Interface Module

for LTE & WAN

Dedicated Board

Management Controller

2 HDD or SSD

RAID 0 & 1

Internal

M.2 Storage

64 – 400 GB

USB 3.0

Storage

2 Onboard Gigabit

Ethernet ports

with SFP

Optional Hardware

RAID Controller

Integrated

Power Supply

Hardware Acceleration for

VM Traffic

Shipping Now

Roadmap

ENCS 5100 Series - I/O Side

4-Core AMD

CPU

16 & 32 GB

DRAM

Optional

4G / LTE WAN

(Roadmap)

M.2 Storage

64 – 400 GB

2 x USB 3.0

Storage 4 GE ports

with 2 SFPs Integrated

Power Supply

Size: 1 RU

13” x 10”

Console

& MGMT

ENCS 5100 & 5400 Series Comparison

5100 Series 5400 Series

CPU Vendor / Model AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series

CPU Cores / Frequency 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz

CPU L2 Cache Size 2 MB 1.5 MB per core

Memory 16 – 32 GB 16 – 64 GB

Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB

Storage (SFF) - 2 disks with RAID (SATA, SAS, SED, SSD)

Dimensions 12.7” x 10” x 1RU 17.5” x 12” x 1RU

WAN Options 4 x GE, Cellular 2 x GE, Cellular, T1, DSL, Serial

LAN - 8 port Switch with Optional PoE

Hardware Offload - VM – VM Traffic, Crypto

Lights-out Management - Built-in CIMC

ISRv Performance 500 Mbps 2.5 Gbps


NFVIS (Linux + ESC Lite+ PnP+CLI Agent)

VNF vAPP vAPP VNF VNF VNF

NIC NIM BMC Switch

X86 Processor

VMS Orchestration and Management Plug-n-Play

VM Lifecycle Management

Provisioning of VNFs

NIC Increased performance using SRIOV

Mirroring of traffic between VNFs

Switch 8 Port Integrated Switch (only on Low)

Optional UPOE Support

NFVIS

Lifecycle Management (ESC Lite) • Provide Northbound interface for Management/Orchestration

• Provide System level information

• Provide VNF management - Create, Modify, Delete

• Provide interface with onboard LAN switch

• Performance Monitoring of VNF’s

PnP Agent • PnP Agent must automatically configure WAN interface

• Must download platform Profile

CLI/WebUI Agent • Interface to configure onboard switch

• Provide Cisco® CLI wrapper

• Agnostic to switch vendor selected

Server Monitoring Agent • Agent to interact with Orchestration system

• Web GUI Interface for Management and Configuration

Drivers, Firmware, and Agents • NIC and interface drivers

• Optional Crypto support

Onboard Storage M.2 SSD Default Storage

VMS vBranch Architecture

BRKARC-2259 29

VMS managed ENCS advantages over white box server

• Hardware acceleration of VM-to-VM traffic

flow

• WAN module support

• 4G/LTE

• T1/E1

• xDSL

• Enterprise class grade components

(comparable to an ISR)

• Branch Form factor

• Shock, vibration, acoustic

• Secure Management of all VNFs from a single multi-tenant, multi-service platform (VMS)

• Support for Cisco and 3rd Party VNFs, securely managed by VMS

• Crypto hardware offload

• Secure VNF Lifecycle management

• BMC/CIMC – Lights out (server) management

• Support for Software and Hardware RAID on 12” chassis

• LTE modules can support Dying gasp support that is available on NIMs.

• Remote recovery of system over LTE modules

• Ability for increasing switch port density with NIMs.

Superior Hardware Engineering Superior Operational Platform

Network Functions simply managed from VMS

Cisco and 3rd Party Virtual Network Functions (VNFs)

ISRv

High Performance

Rich Features

ASAv/FTD

Full DC-class Featured Functionality

* vWAAS

Application Optimization and Akamai Connect

vWLC

Built for small and medium branches

Linux Windows Server

Active Directory,

File Share,

Server Applications

Custom Applications

DNS/DHCP

3rd Party

Network Services

Management & Monitoring

Viptela vEdge

SD-WAN

High Performance

Rich Features


Power in Software NFVIS Software Stack managed simply from VMS

Linux Platform

Drivers

Interface

Drivers

NFVIS

Virtualization Layer – Hypervisor & vSwitch

Orchestration

API HTTPS

Plug-n-Play

Client

VMS

Plug-n-Play

Server

Console

/SSH YANG

VMS

Service

APIs

CLI NETCONF REST

Health Monitor

VMS

managed

portals

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKARC-2259 34


VM

Life

Cycle

> D

ep

loy

BRKARC-2259 35

• 2 built-in GE ports for WAN or LAN uplink

• RJ45 Copper or SFP connectivity (10/100/1000 Mbps)

• Auto-sensing mode. Usable in a active-standby configuration.

ENCS 5000 Dual-mode GE Ports

ENCS 5400 NIM Support Managed simply by VMS

Category Description Availability on ENCS

WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC Now

WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC Now

WAN T1/E1 1, 2, 4 & 8 ports Now

Serial Asynchronous Serial: 16 & 24 ports Q1 CY18

WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M Q1 CY18

WAN Ethernet Dual-PHY: 1 & 2 ports Q1 CY18

LAN Ethernet Switches: 4 & 8 ports Q2 CY18

WAN Serial Synchronous Serial: 1, 2 & 4 ports Roadmap

Voice T1/E1, FXS, FXO Roadmap

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

• 4 VNFs Deployed

• PAN FW/IPS

• vEdge

• ISRv

• vWaaS

• 6 Supporting Networks deployed

VMS Service Example

Virtual Branch ENCS 5412


NSO 3rd Party Integrations…managed simply by VMS

Open Platform with the Broadest Multi-vendor support, and Vendor Qualification

Network Services Orchestrator (NSO) - Over 100 Vendors Supported

Cisco Vendor Qualification Program

3rd Party VNFs available through VMS

BRKARC-2259 40


NSO 3rd Party Integrations…managed simply by VMS

Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products

VNF Lifecycle Mgt

Select VNF

(Fortinet)

Select Cloud

(SP or AWS or vBranch)

VNF Lifecycle Functions

Allocate VNF Resource

Locate / Boot Image

Load Day 0 Config

Monitor VNF / Analytics

VNF High Availability

Add / Delete VNFs

VNF Service Orchestration

VNF (or Device) Service Orchestration

Secure mgt connection

Create / Provision VNF Service

Monitor VNF Service

Collect Service Analytics

Add / Delete / Change Service

Multi-tenant, 1000’s of Services Fortinet VNF boot

Fortinet VNF provision

Monetize the Service

Fortinet VNF Service

Selection

1

3

2

BRKARC-2259 41

How to transform your Business… Conclusions


Self-healing

Network

Se

cu

rity

Po

licy

An

aly

tics

Virtual Managed Services (VMS) Example Service Creation Platform Components

Physical | Virtual | Data Center

Infrastructure

Orchestration | Automation

Network Abstraction

Consumer | Business | IoT | Many Markets

Cloud-based Services

Service Design | Service Assurance | Cloud Optimization

VMS Service Creation

BRKARC-2259 44


Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities

Efficiency through automation and

self-service fulfillment Orchestration

Flexibility with the transformation of

solution architectures and operations

Network Functions

Virtualization

Agile service delivery via

cloud-enabled services and

management Cloud Native

Dynamic market services via tight

application and network interaction

Software-Defined

Networking

Convergence of multiple disruptive technologies has created massive opportunity

Service Orchestration

Cloud Managed

Services

NFV SDN Virtual

Managed

Services

Router FW Web IPS

BRKARC-2259 45


VMS Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities

Orchestration

Network Functions

Virtualization

Cloud Native

Software-Defined

Networking

Virtual and Physical

devices,

Cisco and 3rd Party

VNF Lifecycle Mgt

and

Service Orchestration

Simple service models

and device models

(YANG, XML)

Web Scale design,

Multi-tenant 1,000s,

Service Orientation

Central Device Mgt,

Secure ID (RBAC),

Zero Touch Provision

VNFs run in the Cloud

or

Virtual Branch (x86)

Runs in any cloud,

public or private

(VIM Independent)

Micro-services, Docker

Containers, Kubernetes,

Geo-redundancy

VNF Smart Licensing

and Pay-as-you-Grow

Pricing Models

Service Creation

capable, including

analytics & monitoring

REST APIs to

OSS/BSS for

billing and SLAs

Config Roll back,

Service Extensions,

100,000 Devices

Auto Rendered UI,

Tenant Self-Service,

Monetized offers

Network Elements Drivers, Conf-D,

and CLI

Self-healing Networks,

Configuration Guard

Rails

VNF Certification of

Cisco and 3rd Party

VNFs

BRKARC-2259 46


Why do SPs want VMS VNF/SDN Services?

Simplify service activation, management, and assurance for 1000’s of devices/tenants

More cost effective WAN options with better performance and greater capacity

Bring up new tenants and services in minutes

Simplify

service creation while

delivering better app

experiences over any

branch connection.

Cisco NFV/SDN made easy with Virtual Managed Services

Rapid Time to Market, Proven Scale and Security

“Cisco VMS is helping

us to deliver secure,

high-performance

virtualized services

with agility to our

clients.”

BRKARC-2259 47

Thank you

Thank you

Backup

Services Overview… VNFs running in Clouds and Virtual Branches

Cisco ISRv and CSRv


Cisco Integrated Services Virtual Router (ISRv)

• The Cisco® Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS® XE Software router that delivers WAN gateway and network services functions into virtual environments.

• Using industry-leading Cisco IOS XE Software networking capabilities (the same features present on Cisco 4000 Series ISRs and ASR 1000 Series physical routers)

Cisco ISRv Positioned as a Branch WAN Services Router

BRKARC-2259 52


Typical Use Cases for the Cisco ISRv

Cisco ISRv:

Highly Secure VPN Gateway

Cisco ISRv:

Traffic Control Point

BRKARC-2259 53


Differences between the: Cisco ISRv and Cisco CSR 1000v

ISRv

• The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.

• It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS platforms.

CSR 1000v (Cloud Service Router)

• The Cisco CSR1000v does not have these capabilities.

• The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere, Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).

The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity

BRKARC-2259 55

Cisco ENCS or UCS or Whitebox with NFVIS

ASAv


Cisco Adaptive Security Virtual Appliance (ASAv)

• This Security appliance brings the power of ASA to the virtual domain and cloud environments.

• It runs the same software as the physical ASA to deliver proven security functionality. You can use it to protect virtual workloads within your data center, Public / Private Clouds, or virtual branches.

http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html

BRKARC-2259 57


Cisco ASAv: Features, Performance, and Resource Requirements

BRKARC-2259 58

Cisco FirePower Next-Gen Firewall (NGFW)


Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions

Stateful Firewalling VPN Capabilities Policy Enforcement Point

for ISE

FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility

Advanced Malware

Protection

Next-Generation

Intrusion Prevention

System

URL Filtering Application

Visibility and Control

Advanced Security services to help defend your network

Foundational Internet Security Built-in firewall services to provide base protection and connect with other security solutions

Stateful Firewalling VPN Capabilities Policy Enforcement Point

for ISE

Next-Gen Firewall Security Subscription services that run on FTDv and provide enhanced levels of threat protection and network visibility

Advanced Malware

Protection

Next-Generation

Intrusion Prevention

System

URL Filtering Application

Visibility and Control

Cisco Firepower Next-Gen Firewall Virtual (NGFWv)

BRKARC-2259 60


Cisco Firepower Next-Gen Firewall Virtual (NGFWv)

• Cisco Firepower NGFWv is available on VMware, KVM, Amazon Web Services (AWS) and Microsoft Azure environments for virtual, public, private, and hybrid cloud environments.

http://www.cisco.com/go/ngfw

BRKARC-2259 61

Cisco vWLC Wireless LAN Controller


Cisco vWLC Virtual Wireless LAN Controller

Virtual form-factor controller for any x86 server with VMware Hypervisor ESXi 4.x or 5.x

• Supports up to 3000 access points and 32000 clients across 200 branches

• Supports 100 access points per branch

• Co-resides with other virtualized network services, including Cisco Identity Services Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)

• Entry-level 802.11n, 802.11ac controller application for small to medium-sized enterprises and branch offices

• Pay as you grow licensing starting at support for five access points

BRKARC-2259 63


Cisco vWLC: Virtual Wireless LAN Controller

BRKARC-2259 64

Thank you

Template Development Environment (TDE) Rapidly Creating New Service Templates for use with VMS


VMS Template Development Environment Rapidly Create a brand new Managed Service in minutes

Create, Edit, Export, and Publish new SP Managed Services in minutes


VMS Template Development Environment Rapidly Create a brand new Managed Service in minutes

There are (5) simple steps to create a new Service Template:

Step 1: Provide a Service Template name and description

Step 2: Upload the Service XML code representing the service config, and select analytics

Step 3: Create a Service Picture

Step 4: Define Service Parameters

Step 5: Select ENCS (vBranch) options to bundle with the template

Once the Template is created, you can simply publish the Template to VMS

for consumption with your customers


Step 1: Describe the new Service Template User role: SP Service architect or Service Designer

Create a Service Icon

Service Name

Optional Pricing

Service Description


Step 2: Upload XML file and select Service Analytics User role: SP Service architect or Service Designer

Upload the XML File that represents the service config used in the new template

Select Service KPIs and analytics for the new template


Step 3: Create a simple Service Picture User role: SP Service Architect or Service Designer

Drag objects from the pallet to the Service Pictogram

Label all objects as needed

Edit, move, delete objects within the service design as needed


Step 4: Define the Service Parameters User role: SP Service Architect or Service Designer

5 Service Parameters were automatically extracted from the XML code file

Service architect defines each Service parameter

Service architect designs parameter input screen


Step 5: Select vBranch device options for the template User role: SP Service Architect or Service Designer

Select small, medium, or large vBranch devices to bundle with the new service template


Publish the new Service to VMS User role: SP Service Architect or Service Designer

Select your template and publish it to VMS for tenant consumption

Publish service, topology, and template to NSO and the VMS platform with the click of a button


New Service is now available in VMS User role: SP Service Architect or Service Designer

VMS Operator portal includes the new service template

Select which customers have access to the new Service template

Demo Virtual Managed Services running CloudVPN demo


VMS Cloud VPN Service Package

Internet

Access

L3 Interface CSRv

Cloud

Router

IPSec

VPN WSAv Web

Security

Enterprise

Remote

Access VPN

Users

Service Provider Cloud

Branch 1

Branch 2

AWS Branch

Headquarters

Managed

CPE

ASAv Firewall

Security

Internet

Cloud Services made easy with

Virtual Network Functions:

• VPNs and Routing

• Web Security

• Internet Firewall

CSRv

BRKARC-2259 77


Firepower NGFW Cloud Security Service Use Case

Internet

Access L3 Interface CSRv

Cloud Services

Router

Services IPSec VPN

Firewall

BGP

Branch 1

Branch 2

Branch 3

IPSec

VPN

NGFW Firepower

Services Intrusion Protection (IPS)

Application Visibility Control (AVC)

Geographic IP Control

Advanced Malware Protection (AMP)

URL Filtering

Internet Firewall

Remote Access VPN

FMC Firepower

Management Center

Services Multi-tenant Sensor Mgt

Per Tenant Threat Reporting

Enterprise

Internet

Remote Access

VPN

Service Provider

Cloud Headquarters

Managed

CPE

Managed

CPE

Managed

CPE

Managed

CPE

BRKARC-2259 78

Demo Virtual Managed Services extensions to Viptela Services


Better Together: Providing Better Outcomes

Leading Routing & SD-WAN Platforms

Goal: Building next generation SD-WAN solutions

Together, helping businesses and IT to innovate faster, securing and delivering better customer outcomes, while reducing costs and lowering risk

Cloud-managed & Feature-rich SD-WAN


100+ Global Enterprise Customers Across Verticals

Manufacturing MANUFACTURING

Technology TECHNOLOGY Retail RETAIL Other Industries OTHER INDUSTRIES

FinServ FINSERV Healthcare / Pharma HEALTHCARE / PHARMA


Viptela Integration Plan Phase 2 (9-12 mo)

Platform Integration

Phase 1 No Integration

Phase 3 (12-mo +) Management Integration

Platform: • As-is

Management: • vManage

Platform: • vEdge capabilities integrated into all IOS-XE

platforms (ISR, CSR, ENCS, ASR1K)

Management: • vManage for SD-WAN capabilities on IOS-XE

Management: • Cloud hosted DNA Center-SP integrates

vManage capabilities • Full DNA Center-SP capabilities (Assurance,

Integrated workflows for SD-Access and SD-WAN)

Support and Scale the current sales motion

Viptela SD-WAN on strategic ISR platform

Deliver end-to-end experience with full DNA & DNA-SP

integration

Deplo

yment

Scenarios

Benefits

D

eta

ils

vEdge ISR4K + vEdge SW

DNA Center + SD-WAN

ISR4K + vEdge SW

vManage

vEdge

vManage

vEdge


Viptela Secure Extensible Network

Data Center Campus Branch Home Office

Control Plane (Containers or VMs)

Data Plane (Physical or Virtual)

Management Plane (Multi-tenant or Dedicated)

Orchestration Plane

vManage

vSmart vBond

vEdge

vOrchestrator

API

4G INTERNET MPLS

CONTROL

ANALYTICS ORCHESTRATION

MANAGEMENT

Cloud


Simplified Management and Operations

Single Pane Of Glass Operations Rich Analytics


vEdge 1000

vEdge-1000 and vEdge-2000 Routers

1 Gbps AES-256

1RU, standard rack mountable

8x GE SFP (10/100/1000)

TPM chip

3G/4G via USB (or) Ethernet

Security, QoS

Dual Power supplies (external)

Low power consumption

vEdge 2000

10 Gbps AES-256

1RU, standard rack mountable

4x Fixed GE SFP (10/100/1000)

2 Pluggable Interface Modules

8 x 1GE SFP (10/100/1000)

2 x 10GE SFP+

TPM chip

3G/4G via USB (or) Ethernet

Security, QoS

Dual power supplies (internal)

Redundant fans


vEdge-100 Routers

100 Mbps AES-256

1RU

5x 1000Base-T

1x POE port

2G/3G/4G LTE

Internal AC PS

1x USB-3.0

TPM Board-ID

Kensington lock

Low power fan

GPS

100 Mbps AES-256

1RU

5x 1000Base-T

1x POE port

2G/3G/4G LTE

802.11a/b/g/n/ac

Internal AC PS

1x USB-3.0

TPM Board-ID

Kensington lock

Low power fan

GPS

vEdge 100m vEdge 100mw

100 Mbps AES-256

5x 1000Base-T

TPM chip

Security, QoS

External AC PS

Kensington lock

Fan-less

9” x 1.75” x 5.5”

GPS

vEdge 100


Extending Viptela with VMS

Viptela

Customer Sites

(vEdge)

Viptela

vEdge

ASAv

FTDv 3rd Party

VNFs

SP OSS/BSS

vSmart & vBond

vManage

Security and Cloud Services

SP

Services

SP Data Center

VMS vBranch (ENCS)

Public Cloud

Cloud

Services

Internet

Hosted Collaboration,

Security, Storage…

Interconnects with

installed Networks

4G INTERNET MPLS

2

3

4

5 VMS

Tenant 4

vEdge

Viptela SD-WAN

Controllers

VMS

VMS

Tenant 1

VMS

Tenant 2 VMS

Tenant 3

1

1 VMS Multi-tenancy, Viptela Controller on-boarding

2 Public Cloud, VMS on-boarding Viptela service

3 VMS vBranch support, Viptela vEdge VNFs

4 VMS Cloud based Service Extensions

5 VMS Service Interconnects, installed networks

6 VMS OSS/BSS APIs (VMS micro-service)

6

SP Data Center Viptela

SD-WAN Fabric

Zero Touch Provisioning


6

5

4

3

2

1

VMS CPE Onboarding Zero Touch Provisioning using Cloud Plug and Play (PnP) server Secure management tunnels using Network Service Orchestrator (NSO)

MPLS

Router INET

Router VMS in a Service Provider

Datacenter

Customer WAN Hub Site

Branch CPE #15

Onboard new branch CPE to NSO with specific identifier (Serial #) and wait for CPE to be booted

CPE calls home using HTTPS (with Crypto/Cert) to the VMS PnP Server. CPE Identity based on CPE Serial #

PnP Delivers CPE Day 0 config including Mgt Keys to form secure FlexVPN Mgt Tunnel (IKEv2)

Secure FlexVPN Mgt Tunnel is created for subsequent CPE configurations, analytics, and monitoring

NSO sends tenant configuration to the CPE device

NSO creates VPN Tunnels between CPE and Hub devices and completes service activation

VPN MPLS

VPN INET

PnP

Server

VMS

Mgt Hub

2

3

4

5

5

6 6

NSO 1 CPE #15

BRKARC-2259 89

Cisco Smart Software Licensing


Cisco ESC Smart Licensing

• VNF Licensing is another core task in virtualized environments that typically requires manual processes to activate the VNF license.

• Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.

• With Smart Licensing, instead of having to manually activate licenses for each virtual machine, the virtual machine registers itself with a centralized licensing server on boot-up, tracks how the resource is used, and bills on a consumption basis.

• This setup provides important flexibility for elastic environments, allowing you to expand and contract as needed, in a completely automated fashion, while paying only for the resources you actually consume.

BRKARC-2259 91


Smart Licensing Example – More Flexible with PAYG

• Cisco Smart Software Licensing makes it easier to buy, deploy, track, and renew Cisco licenses.

• Simpler purchase and activation of the VM, Pay-as-you-grow (PAYG)

• Easier license management and reporting of virtual appliances due to license pooling

• Automatic license activation when the virtual appliance is provisioned

• Customers can view product entitlements and services in the Cisco Smart Software Manager.

BRKARC-2259 92

VMS REST APIs


REST APIs and Software Development Kits Simple to use, simple to create new SP Services

• All VMS Services are configurable via REST APIs

• New Services can be created through the Software Development Kit (SDK)

BRKARC-2259 94

Thank you