Post on 22-May-2020
www.expereo.com/sd-wan
Expereo SD-WAN management overview.
Managed Services and Technical Service
Building Blocks
Expereo SD-WAN Management Overview – January 2019 1
Contents 1 INTRODUCTION ........................................................................................................................ 2
2 WHAT IS EXPEREO SD-WAN: .................................................................................................... 3
3 EXPEREO SD-WAN MANAGED SERVICES BUILDING BLOCK ................................................... 4
3.1 Consult & Design ..................................................................................................................... 5
3.2 Procurement & Logistics......................................................................................................... 5
3.3 Install & Stage ........................................................................................................................... 5
3.4 Configure & Integrate ............................................................................................................ 6
3.5 Incident Management (CPE) ............................................................................................... 6
3.6 Incident Management (SD-WAN) ....................................................................................... 6
3.7 Change Management .......................................................................................................... 7
3.8 Network Management Services........................................................................................... 7
3.9 Security ...................................................................................................................................... 7
4 EXPEREO SD-WAN NETWORK OVERVIEW ................................................................................ 9
4.1 High-Level Architecture ......................................................................................................... 9
4.2 Site Typologies ........................................................................................................................ 11
5 EXPEREO SD-WAN TECHNICAL SERVICE BUILDING BLOCKS ................................................ 13
5.1 Underlay Network .................................................................................................................. 13
5.2 Managed Edge Device ....................................................................................................... 16
5.3 Overlay Network .................................................................................................................... 17
5.3.1 Secure Transmission of all Enterprise Traffics............................................................. 17
5.3.2 Application-Driven Service Assurance ..................................................................... 17
5.3.3 WAN Optimization ...................................................................................................... 18
5.4 Service Orchestration and Customized Reporting......................................................... 18
6 EXPEREO EXPERTISE ................................................................................................................ 20
APPENDIX: RACI .......................................................................................................................... 21
Expereo SD-WAN Management Overview – January 2019 2
1 INTRODUCTION
Expereo is a global provider of managed internet and hybrid networks, SD-WAN and Cloud
connectivity solutions. Our XDN portfolio provides Internet Connectivity, Cloud Acceleration
and network optimisation, SD-WAN, network security managed services, and Xpertise –
managed professional and field services for network solutions.
With an unmatched global reach, Expereo powers enterprise & government sites in 190+
countries, helping our customers improve productivity and powering Cloud with the agility,
flexibility and value of the Internet, with optimal performance.
24/7 network monitoring and customer service incident support – 5 global support centres
covering every continent, staffed by certified support engineers with fluency in 20+
languages.
This document describes the Expereo SD-WAN managed services offering, its technical
building blocks and how it fits into the Expereo Defined Networking (XDN) portfolio.
Expereo SD-WAN Management Overview – January 2019 3
2 WHAT IS EXPEREO SD-WAN:
The goal of the Expereo SD-WAN Service is to provide the next generation of connectivity
for Business. Expereo offers different vendor implementations under the name Expereo SD-
WAN Management.
Expereo supports the following Vendor Solutions:
• Cisco SD-WAN
o Former Viptela
o Legacy Cisco Intelligent WAN Design (IWAN) [legacy]
• Silver Peak EdgeConnect
• VeloCloud
Even though the various Vendor solutions differ in their individual approach, they are similar
in many aspects.
The Expereo SD-WAN Management Service aims to provide the following key features:
• Flexible and cost-effective,
• High Availability and Resiliency options
• Best user experience and Application oriented performance,
• Highest security standard
• Highest Agility to adapt to fast-changing business needs and reporting.
Expereo SD-WAN Management Overview – January 2019 4
3 EXPEREO SD-WAN MANAGED SERVICES BUILDING BLOCK
Expereo SD-WAN Management is a fully managed network service and provides end-to-
end managed services supporting multiple SD-WAN technologies (Cisco, Silver Peak and
VeloCloud), with complete lifecycle management - from Service Design, Service Transition,
Service Activation to 24/7 helpdesk for Service Assurance.
Our managed SD-WAN services in a modular design, as an overlay network to Expereo
managed Global Internet connectivity or as part of a Hybrid internet/MPLS WAN.
These are summarised in the building blocks below in this document:
Figure 1: Managed Services Building Blocks
Consult & Design
Full SD-WAN network design, including underlay
Procurement and Logistics
Source and deliver SD-WAN CPE to the site
Install & Stage
Install & Initial configuration of SD-WAN CPE
Configure & Integrate
Migration/Integration of site into network
Incident Management (CPE)
CPE incident resolution (RMA)
Incident Management (SD-WAN)
SD-WAN network issue management & resolution
Change Management
Network configuration and Traffic Policies
Network Management Services
Ongoing support, design & performance reviews for CSI
Security
On premise and cloud-based SD-WAN security services
Expereo SD-WAN Management Overview – January 2019 5
3.1 Consult & Design
Expereo Consult & Design is a start for the SD-WAN engagement where we first understand
your requirements and design a solution that fits. It includes the choice of appropriate
Internet access connectivity, addressing any non-SD-WAN requirements, and accurately
scaled SD-WAN equipment.
Expereo acts as your Global ISP, having built a complete overview of ‘best-fit’ internet
connectivity for 190+ countries and for specific customer requirements based on multiple
factors, strategic sourcing for the right supplier based on quality, last mile access methods,
redundancy options and limitations, routing/peering options and limitations, and overall
limitations of connectivity in certain geographies, to help you choose the best options.
Expereo has extensive experience for both SD-WAN and legacy DMVPN solutions
integration.
3.2 Procurement & Logistics
With the surge in interest for SD WAN equipment, we have established the optimal sourcing
strategy to ensure that delivery lead time is aligned with the project. Depending on
geographies, this process can be a blend of regionalised and centralised procurement. As
an example, Cisco equipment may be procured within emerging markets our supplier
relations team will evaluate based on delivery lead time and cost.
It is important to note that SD-WAN equipment is not readily available in all countries.
Expereo monitors the situation closely and can advise customers throughout the project
management stage on current availability and expected timelines.
3.3 Install & Stage
Alongside our partnerships to provide Internet access in 190+ countries, Expereo maintains
an extensive network of local system integrators and vendors (hands and feet locally) that
enables us to install and stage SD-WAN equipment globally.
During the initial stage of an SD-WAN order, Project Manager should work with the customer
to provide details of each site’s WAN and LAN design through an SD-WAN Questionnaire
form. This form should be completed and returned to Expereo no later than five working
days prior to the on-site installation of the SD-WAN device.
Expereo SD-WAN Management Overview – January 2019 6
The supplier will hand over the Internet circuit’s information to Expereo after the installation
of the NTU at the Customer site. Expereo onsite engineer proceeds to confirm circuit
availability from service activation team. Expereo Service Activation engineer confirms
circuit availability and prepares the initial configuration required for ‘Zero Touch
Provisioning’ as per the Installation Guide for the field engineer as per the SD-WAN
Questionnaire document. After staging configuration is ready, SDM will request with
Customer for an on-site appointment, usually within the local office hours.
3.4 Configure & Integrate
The project management team will play a key role during this stage, as they will coordinate
with Expereo engineering team who are equipped with skill sets across all supported SD-
WAN technologies. Across these different technologies, our engineers will configure the
agreed setup for each site, as well as integrate it into the overall agreed network design. It
includes migration from legacy MPLS networks, coordination with Enterprise IT teams on
project plans and timelines, the coordination of third parties, and more.
Based on customer requirement, the integration will be based on customer’s methodology.
For standard practices, Expereo installs and implement SD-WAN solution when the Internet
circuit is ready, followed by migration of customer's existing LAN from MPLS to SD-WAN, then
migration of MPLS circuit to be the second access underlay leg of SD-WAN. If the customer
wants to start with MPLS, the pre-requisite will be that MPLS must have Internet breakout
somewhere to facilitate Zero Touch Provisioning as well as Orchestration and Management.
It is common that Configure & Integrate is carried out at a later stage and not during the
physical installation, to allow customer IT to prepare for the change. On some occasions,
for example, when adding a new site to an existing network deployment, this step is
completed together with Install & Stage.
The customer should arrange resources at each site, to connect existing LAN of each site to
the new SD-WAN CPE from Expereo and to test the Intranet and Internet connectivity (UAT)
before actual migration. Expereo will provide Customer with an engineer to be standby for
remote assistance when each site is connected to Expereo SD-WAN network.
3.5 Incident Management (CPE)
Expereo provides full Incident Management for RMA on Expereo managed SD-WAN CPE.
As outlined in Procurement & Logistics, Expereo recognises there is a limited SLA on RMA
support globally. Therefore, Expereo proposes dual equipment (PRM) or cold standby based
on the priorities of the site, and other factors applicable to specific geographies.
3.6 Incident Management (SD-WAN)
Expereo SD-WAN Management Overview – January 2019 7
Expereo support engineers provide support and service assurance on the SD-WAN overlay
network for all supported SD-WAN technologies. Expereo acts as a single point of contact
to triage and investigate any SD-WAN incident reported by Enterprise IT. It includes Incident
Management related connectivity issues in the network underlay issues.
3.7 Change Management
Based on our experience, changes occur most often in three areas of SD-WAN
deployments:
a) The physical layer - equipment changes, cabling changes,
b) The overlay (SD-WAN design and policies), and;
c) The underlay (WAN IP, BGP routing).
Throughout the service lifecycle, Expereo works together with the customer to develop and
fine-tune change management scenarios that best fit the customer environment.
3.8 Network Management Services
It is very common for further network optimisations to be made as a customer’s SD-WAN
environment matures. For example, when an application flow is moved from MPLS to
Internet-based SD-WAN, reviews of application policies might be required. Alternatively,
when the customer is opening a new data centre or cloud location, the existing internet
routing/peering might need to change. Expereo carries out ongoing optimisation services
to identify the most optimal solution to meet the enterprise requirements, supported by
Xpertise - Professional services including project management and dedicated account
management. Network management services also include 24/7/365 NOC and CSC
support, backed up by a comprehensive customer portal for complete network
management visibility.
3.9 Security
Securing SD-WAN overlay, local internet breakout and underlay access handoffs are
already integrated into Expereo SD-WAN managed service suite. However, the scope does
not include managed security for additional service handoff such as additional public IP
subnets provisioned through the same underlay networks, meant for public hosting by the
customer or zone-based security for granular control of traffic flow.
As an optional module, Expereo provides a comprehensive suite of on-premise and cloud-
based security services for enterprises to securely operate SD-WAN and move to the cloud
Expereo SD-WAN Management Overview – January 2019 8
with confidence. For SD-WAN deployments, Expereo SecureXDN services deliver services
including security infrastructure management for internet break-out services and firewall
management, threat monitoring and response, and vulnerability lifecycle management.
Expereo SD-WAN Management Overview – January 2019 9
4 EXPEREO SD-WAN NETWORK OVERVIEW
4.1 High-Level Architecture
Figure 2: High-Level Architecture
Figure 2: High-Level Architecture showcases the components in a typical SD-WAN
deployment. It makes up of:
• SD-WAN Management platform
• ZTP*: Only minimal configuration of the global IP addresses on the SD-WAN CPE is
required to form the connectivity to the SD-WAN Controller;
• Management: Centralized portal to run and operate the SD-WAN controller and the
SD-WAN CPEs.
• Controller: Ease of operation to apply global traffic/application policies with a single
click. Troubleshooting is also performed from the same platform;
• Visualization: Provides real-time and historical data and other statistics of the GI
circuits and the SD-WAN overlay network.
Expereo SD-WAN Management Overview – January 2019 10
• Underlay Transport/Handoff
o Expereo SD-WAN network is transport independence and can run on any
underlays, such as MPLS, Dedicated Internet or Broadband Internet access
circuits.
• SD-WAN Overlay/Handoff
o Expereo proposes three SD-WAN resiliency models (refer to 4.2 Site Typologies)
to fit the customer’s business continuity requirements and budget.
• Customer Network
o Expereo simplifies WAN and SD-WAN management by connecting the GI
CPEs directly to Expereo managed SD-WAN CPEs. Customer has the flexibility
to connect their local network to Expereo SD-WAN solution using switches,
firewalls, IPS/IDS devices as they preferred.
Expereo SD-WAN Management Overview – January 2019 11
4.2 Site Typologies
Sites can have flexible deployment profiles, with Expereo standard models such as:
• Premium Resilient Model (PRM): Dual Access + Dual SD-WAN CPE
• Standard Resilient Model (SRM): Dual Access + Single SD-WAN CPE
• Non-Resilient Model (NRM): Single Access + Single SD-WAN CPE
Figure 3: Standard Site Typologies
Expereo SD-WAN Management Overview – January 2019 12
Bespoke Resiliency Models (i.e. Multiple Access + Multiple SD-WAN CPE) are available per
individual case basis.
Figure 4: Bespoke Resiliency Model
Expereo SD-WAN Management Overview – January 2019 13
5 EXPEREO SD-WAN TECHNICAL SERVICE BUILDING BLOCKS
5.1 Underlay Network
By the term Underlay Network, Expereo understands the access technology that is used at
any Customer Location. In case of an Internet-only location, this will be provided by the
Global Internet as a Service (GIaaS) Solution of Expereo.
The Expereo SD-WAN supports hybrid networking, this means that multiple Access
Technologies can be utilized at the same time.
This creates an Access network technology independence, which offers a lower cost
alternative (GIaaS) to the often premium-priced MPLS technology and can also facilitate
replacing costly transport technologies.
The following Access technologies are currently supported:
• (existing) MPLS / Metro Ethernet networks
• Internet Access = Global Internet as a Service (GIaaS) Solution of Expereo
Note: The Internet service needs to be provided on an unfiltered publicly reachable fixed
IP address.
Expereo SD-WAN Management Overview – January 2019 14
Examples of transport independence can be seen in Figure 5: Hybrid and Figure 6: Dual
Internet
Figure 5: Hybrid
Figure 5: Hybrid illustrates the connection model in a Hybrid solution, where the customer
has Internet Access and MPLS on a site. Both Connections can be utilized at the same time
by the SD-WAN Tunnels.
Figure 6: Dual Internet
Figure 6: Dual Internet illustrates the connection model in a dual Internet solution (service
provider independent), where the customer is provided with resilient Internet Access by
Expereo. The SD-WAN Tunnels can apply path optimization and load balancing depending
on the vendor solution.
Expereo SD-WAN Management Overview – January 2019 16
5.2 Managed Edge Device
The XDN portfolio provides a Managed Edge device, that forms the demarcation point
between Expereo and the customer. The same applies to the Expereo SD-WAN portfolio,
where the SD-WAN functionality is being provided by the managed SD-WAN Edge device.
The Managed SD-WAN Edge functionality can be provided on either:
• a physical device, residing on the customer premises (CPE)
• a virtual device (Virtual Machine), residing on a Server in a customer data centre or
at a private cloud location such as Amazon Web Services (AWS) or Microsoft Azure
Cloud.
• (future) a software-based virtual network function (VNF), which may run on a virtual
CPE (vCPE) at the customer premises.
The Managed Edge Devices can also provide:
• local Direct Internet Access/Breakout by Network Address Translation (NAT)
• firewall capabilities
The LAN capabilities of the Managed Edge Devices, such as local routing or DHCP vary per
vendor solution. All Edge Devices have a feature parity, independent of the location where
they are installed, be it a remote Office, a data centre location, or a cloud location.
Expereo SD-WAN Management Overview – January 2019 17
5.3 Overlay Network
The Overlay Network removes the complexity of the different Underlay Network
technologies. The Expereo SD-WAN Service connects enterprise locations, branch offices,
data centres and cloud locations independent of distance in a way that allows improving
the agility and performance of the enterprise WAN.
The Expereo SD-WAN Solution offers
• Secure transmission of all Enterprise traffic
• Application-Driven Service Assurance
• WAN Optimization
5.3.1 Secure Transmission of all Enterprise Traffics
Expereo SD-WAN uses the strongest available IPSEC encryption standards to securely
transmit the traffic over the non-secure underlay networks. The Edge devices are hardened
according to the industry standard specifications.
5.3.2 Application-Driven Service Assurance
Service assurance is a critical part of the Expereo SD-WAN managed services. QoS
performance, e.g., packet loss and latency, is measured over each SD-WAN tunnel in real-
time. These measurements determine whether a WAN meets the performance
requirements of an application, resulting in application-driven performance assurance. If
any WAN meets these criteria, the application can be forwarded, provided no pre-existing
policy disallows transmission over a particular WAN, e.g., only use MPLS VPN and not
Internet.
Customer specific policies can also be considered when making forwarding (or blocking)
decisions for the SD-WAN tunnels over each WAN. Policies can be based on each
application-level classification (up to OSI Layer 7), an application’s QoS, or application
grouping, e.g., real-time media or conferencing application. Policy enforcement considers
an application’s QoS performance requirements, or an organization’s security or business
priority policy requirements.
For example, a QoS policy may be set so Skype for Business packets are forwarded over
any WAN if its QoS performance requirements, e.g., latency and packet loss, are met, so
users get an acceptable quality of Experience (QoE). A security policy may be set so Skype
for Business packets are sent over the MPLS VPN and not the Internet. A business priority
Expereo SD-WAN Management Overview – January 2019 18
policy may also be set so credit card payment transactions are sent ahead of any Skype
for Business packets.
5.3.3 WAN Optimization
WAN Optimization can seemingly increase WAN bandwidth and QoS performance and/or
WAN latency depending on the implementation. This can be accomplished by the means
of data deduplication, data compression/data caching to minimize the amount of data
transmitted over the WAN.
Methods of protocol spoofing / local acknowledgements can overcome packet size
limitations, and protocol waiting times, and therefore increase the throughput.
Forward error correction (FEC) compensates for WAN packet loss by sending duplicate
packets over multiple WANs and then reassembles the packets in the correct sequence at
the receiving end. FEC enables SD-WAN overlay tunnels to provide essentially zero packet
loss, a low Jitter by using lower cost, higher packet loss Internet broadband underlay
networks.
Since WAN optimization is not required at all SD-WAN sites, it is often delivered as a value-
added service.
5.4 Service Orchestration and Customized Reporting
A key feature of the Expereo SD-WAN Service is the Service Orchestration. Because of the
Service Orchestration, the whole infrastructure becomes agile and adaptable without
compromising on configuration consistency and reliability.
The SD-WAN Orchestrator simplifies and automates tasks such as adding, changing and
deleting SD-WAN services without disrupting the overall service.
It also provides physical and/or virtual device management for all SD-WAN Edges and SD-
WAN Gateways associated. This includes, but is not limited to, configuration and activation,
IP address management, and pushing down policies onto SD-WAN Edges.
Expereo SD-WAN Management Overview – January 2019 19
The SD-WAN orchestrator maintains connections to all SD-WAN Edges and SD-WAN
Gateways to identify the operational state of SD-WAN tunnels across different WANs and
retrieves QoS performance metrics for each SD-WAN tunnel. These performance metrics
can then be used for customized reporting.
Expereo SD-WAN Management Overview – January 2019 20
6 EXPEREO EXPERTISE
Xpertise removes the complexity from managing customer’s complete network lifecycle
and enables their organization to achieve innovation with complete logistics project
management for the SD-WAN deployments. Expereo provides a global footprint with
exceptional depth and breadth of in-country solutions for access technologies, equipment
and customer site professional services, ensuring delivery of technical, regulatory and
quality standards across the globe removes the complexity from managing.
The Expereo SD-WAN service can be tailored to the technical requirements and
preferences of the customer. For that reason, Expereo offers different vendor-based
solutions under the umbrella of Expereo SD-WAN managed services.
Expereo works closely together with the customer to select the best fitting vendor.
To be able to design the solution in accordance with the customer requirements, Expereo
needs to be made aware of all:
• existing network connectivity (including backend network connects between sites)
• IP address spaces
• routing protocols
• any special configurations
that are currently used or planned to be used, on all sites to be connected to the SD-WAN
Service.
Expereo SD-WAN Management Overview – January 2019 21
APPENDIX: RACI
Tasks Customer Expereo
SD-WAN design & build C, I R, A
SD-WAN project management C R, A
SD-WAN orchestration hosting I R, A
SD-WAN on-site deployment C R, A
SD-WAN site provisioning C R, A
SD-WAN 24x7 monitoring & helpdesk I R, A
SD-WAN system configuration backup I R, A
SD-WAN software upgrades C R, A
SD-WAN incident management I R, A
SD-WAN hardware replacement C R, A
SD-WAN configuration fine-tuning C R, A
SD-WAN administration C R, A
SD-WAN reporting C R, A
SD-WAN security incident management C R, A
Access links availability and performance
monitoring I R, A
Access links incident management I R, A
Access links security incident management I R, A
Access links software upgrades I R, A
Site infrastructure availability
(i.e. power, rack space) R, A C
Site physical security and access control R, A I
Site-local network connectivity to SD-WAN
CPE R, A C