06-08-2016-CKN-VMS -Combined revised 6-10-16-pptx...New%Enterprise%WAN%Architecture...

Peter Wells, Sr. Director, Global Service Provider SegmentAndrew Vaz, Sr. Director, Product Management, Service Provider Solutions

June 8, 2016

The Profitable Path to NFV and SDN

Cisco Knowledge Network Presents:

Virtual Managed Services

Three Key Takeaways

Similar to compute moving to cloud, networking is virtualizing and moving to the (SP) cloud

Capturing this transition is a top priority for nearly all service providers: Lower CAPEX, OPEX, truck rolls, & agility;; Portal-based sales to SMB and Enterprises

The market is moving to IP as a primary WAN technology: Cloud traffic driving the need for hybrid WANs and new internet-based services from service providers

1 2 3

Cloud Forcing a Rethink of the WAN (and CPE)

Internet Pricing vs. Reliability, 1998-2012

Inte

rnet

Tra

nsit

Pric

ing1

($ p

er M

Bps

)

Packet delivery %

2

- Internet Transit Pricing - Packet delivery % (1-Packet Loss%)

Significant WAN traffic now destined outside the Enterprise…yet backhauled to centralized internet PoPs via costly MPLS

of CIOs Expect to Operate via the Cloud by 2015

50%

58% Of Enterprise IT Branch Budgets are Spent on WAN!

33%Of Enterprise Applications are Delivered from outside the enterprise

SaaS, Hybrid Cloud, Private Cloud

Internet (DIA) now considered a viable alternative for enterprise networking

Today’s Enterprise WAN ArchitectureDual Layer 3 VPN

General Internet

PrivateCloud

CorporateData Center

Public Cloud

VirtualPrivate Cloud

ActiveMPLS (IP-VPN)

Branch

InternetBack-upMPLS (IP-VPN)

General Internet

New Enterprise WAN ArchitectureHybrid WAN (“SD-WAN”)

PrivateCloud


Public Cloud


ActiveMPLS (IP-VPN)

Branch

InternetActiveInternet

New Enterprise WAN ArchitectureStep 1: Hybrid WAN – Keep security status quo

General Internet

PrivateCloud


Public Cloud


MPLS (IP-VPN)

Branch

InternetInternet

• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging

New Enterprise WAN ArchitectureCisco IWAN Solution

General Internet

PrivateCloud


Public Cloud


MPLS (IP-VPN)

Branch

InternetInternet(DMVPN)

- Enterprise CPE hubs: DMVPN- PfR routes on performance- AVC for traffic policy- WaaS for app acceleration

Challenges- Complex solution…need for automation- Need for cloud management and a smart UI…need for portal

New Enterprise WAN ArchitectureCisco IWAN Solution with SP Cloud Management

General Internet

PrivateCloud


Public Cloud


MPLS (IP-VPN)

Branch

InternetInternet(DMVPN)

- Enterprise CPE hubs: DMVPN- PfR routes on performance- AVC for traffic policy- WaaS for app acceleration

SP Solution- vMS platform for virtualization, SDN, and cross domain management- Q3 2016 launch delivers IWAN automation and visualization

Our Vision Service

Provider Cloud

Cisco SPARK e.g.

3rd party VNFs3rd party Apps

SP Apps and Services

Cisco Applications & VNFs

vUTM

Email secvRouter

Web proxy svc

Enterprise

SMB

Virtualized Network Functions in the Cloud

CPE / vCPE LandscapeOne size doesn’t fit all!

Premisedelivered

Clouddelivered

L3 “Classic”

L2 CPE

L3 CPE + Embedded x86

L3 CPE + Cloud Managed

X86 on Premise (uCPE / vBranch)

L3 “Classic”

L2 CPEL3 CPE + Embedded x86

L3 CPE + Cloud Managed

X86 on Premise (vBranch)

Network Functions on CPE RoutingEncryptionLoad balancing…

FWIDS/IPSWeb Security…

New Enterprise WAN ArchitectureStep 1: Hybrid WAN – Keep security status quo

General Internet

PrivateCloud


Public Cloud


MPLS (IP-VPN)

Branch

InternetInternet


Future Enterprise WAN ArchitectureStep 2: Lower Latency, Lower Cost WAN, New Approach to Security

General Internet

PrivateCloud

Public Cloud


MPLS (IP-VPN)

Internet

Branch


?

Reducing WAN CostsThe Cisco-on-Cisco Use Case

e.g. Cisco: 16 IPoPs serving ~450 branch offices

PrivateCloud


Public Cloud



Internet

?

MPLS (IP-VPN)

Reducing WAN CostsThe Cisco-on-Cisco Use Case



Internet

ASA

SourceFire

WSA

NAM

AVDDOSSIEMNetflow Collection

MPLS (IP-VPN)

B

WAN costs

+ Network security costs

= Total costs

5-Year IWAN TCO Enterprise ComparisonUse Case: 200 Branches

5-Year TCO Enterprise ComparisonUse Case: 200 Branches

Cisco VMS is the Profitable Path to NFV / SDNDelivering automation and virtualization for service agility

Branch

Public Cloud


vCPECloud PoP

SP Data Center

VMS Platform

• Next-Generation Service PlatformCisco Virtual Managed Services Cisco VMS

Service Provider Business Facing its Own Transition

Battle for Apps—Efficiently and Quickly Deliver New Managed Services

Delivering Secure and Flexible Hybrid Cloud Management

Connecting Explosion of Internet Devices to the Network

Fulfilling Security and Data Sovereignty Requirements

4/5’s of workloads moved to cloud

by 2019

78% of enterprises pursuing multi-cloud

strategy

Over 507.5 ZB of data per year by 2019 via IOT

$18B new telco opportunity with 75% enterprises interested

Cisco GCI, VNI, MOISTL Partners 2016 Study

Industry Trends are Creating Incredible Market Opportunities

OrchestrationEfficiency with automation & self-service fulfillment

ServiceOrchestration

Software Defined NetworkingDynamic market services via tight application &

network interaction

CloudAgile service delivery via cloud-enabled solutions

Convergence of multiple disruptive technologies has created massive market opportunity

Cloud Managed Services

NFVNetwork Functions Virtualization

Flexibility due to transformation of solution architectures & operationsVirtual

Managed Services

SDN

For Service Providers who need a simple, agile, & secure means of connecting

Enterprises & SMBs to a rich catalog of value added business (& IOT) services, VMS is the

answer.

VMS Vision & Market Focus

Cisco VMS is a flexible platform that provisions & operates both Cisco and non-

Cisco physical & virtual functions.

Unlike the current limited-scope offerings in today’s market, VMS, built on Cisco’s strong brand and industry leading IT portfolio,

enables Service Providers to rapidly create & monetize next-generation business services.

Mobile lineFixed Wired line

Fixed WiredLine

LargeCompany

Multistore

LTELTE LTE LTE

EventIoT(M2M)

LTE

SPCloud

ConsortiumCloud

XxxxCloud Internet AWS,

MS Azure

SP VMS Vision

SMBCompany

E x a m p l e S P V M S Ta r g e t s

1 Enterprise Managed Business Services(Initial VMS Focus: IWAN, VBRANCH, CVPN)

2 Small Medium Business Services(ie: SMB-UTM)

3 IOT Managed Services(ie: M2M, per Enterprise Vertical Services)

VMS - Service Provider Benefits

Plug & Play Install reduces or eliminates truck rolls

Web-based Service Interface

automates service ordering AND activation

Enterprise-gradeNetwork & Security Servicesextended to multiple markets

Automated Service Lifecycle Management dramatically reduces operating costs

Source: ACG Research: Business Case for Virtual Managed Services – Sept 2014

010100100

010100100

78%Lower OPEX

200%Improved ROI

VMS CloudVPN

CISCO CONFIDENTIAL –SHARED UNDER NDA ONLY

SP CloudVPN needs / problems:• Enhance agility and deploy new services

• Lower hardware provisioning expenses

• Minimize the need for hardware upgrades

• Offer service catalog with latest security technologies and services

• Elasticity for service scaling

Secure, cloud-based Hub-and-spoke inter-office connectivity with remote access providing additional security packages including web security, firewall

Business Benefits• Enhances agility to deploy new services• Operational efficiency with Zero touch deployment and automated provisioning

• Enable business to comply with regulatory requirements with strong encryption of data in motion

• Enable Zero touch provisioning tenants self or SP managed solution.

• Installation and deployment simplicity

Firewall(ASAv)

Web Security(WSAv)

Remote Access

Internet

Branch

Branch

CloudVPN(IPSec)

vRouter(CSR1Kv)

CPE

ISR 800, 1900, 2900, 3900, 4000

Series

VPN Managed WAN Managed Security

CloudVPN solution:• Secure site-to-site VPN connection between customers’ sites using IPsec tunnels over Internet.

• Secure Internet Connectivity options• Constant Intelligent Security through Firewall and web security options

• AnyConnect Remote Access VPN capabilities

• Advanced Web Security with real-time Advanced Malware Protection (AMP)

Intrusion Prevention (IPSv)

Firewall

(ASAv)

Web Security(WSAv)

Remote Access

Internet

Branch

CPE

ISR 800, 1900, 2900, 3900, 4000 Series

VPN Managed WAN Managed Security

Other Networks

MPLS VPNNetwork

.1Q VLANs

CloudVPN(IPSec)

vRouter(CSR1Kv)

SP Managed Netw

ork

Branch

Branch

Branch

SP vCE needs:• Expand CloudVPN service to support customers on MPLS network.

• Maintain MPLS network integrity and security, as well as SP domain separation.

• Ability to offer network integration of customer branch offices across CloudVPN and MPLS Networks

SP vCE solution:• Existing CloudVPN Service terminates IPSec on vRouter

• Terminate MPLS network at SP MPLS PE• .1Q Trunk transports Private (terminated MPLS) and Public tenant (IPsec) VLANs.

• vRouter has route information for tenant IPsec and MPLS sites

Business Benefits• Enhances agility to deploy new services.• Simplified integration of Cloud Services for Internet and MPLS network customers.

• Enable business to comply with regulatory requirements with strong encryption of data in motion.

VMS Cloud VPN with vCEL2vCE provides secure convergence of tenant’s IPsec & MPLS network sites. MPLS sites also gain added Managed Security benefits.

CISCO CONFIDENTIAL –SHARED UNDER NDA ONLY

Intrusion Prevention (IPSv)

Public Cloud


MPLS

PrivateCloud

Internet

Branch

ISR4K

VMS IWANA DMVPN cloud per transport between branch and enterprise hubAll security implemented at hub before going out to Internet

• Visibility, control and optimization (AVC)

• Intelligent Path Allocation

• Network Diversity

• Reduced Access Costs

Internet

ISR branch todayEvolving to Virtual Branch

Inet and MPLS DMVPN

vBranch Solution Overview and Benefits

vBranch solution benefits:ü Services run virtualized in branch – eliminates additional HW for new services, easily enabling new SP revenue opportunities

ü Operational efficiency by zero touch deployment & automated provisioning - minimizing truck-rolls

ü No change for current branch service delivery model - Service capability remains in the branch

ü Enables tenant self-managed or SP managed operations

ü Suited to overlay VPNs – MPLS, IWAN, IVPN

ü Enables SW based value-added services besides VNFs

Solution to deploy feature-rich services in the branch environment using virtualization technology

Enterprise Headquarters

Firewall(ASAv)

InternetWAN opt(WAASv)

vBranch @ EnterpriseBranch Office

SP Infrastructure

vRouterISRv

VMS vBranchManagement platform

ENCS w/ NFVIS

MPLS VPN(MPLS)

Virtual MachineLife Cycle Manager

Service Life Cycle ManagerNetwork Services Orchestrator

Package LibraryData

Platform

(Producer / Storage)

Platform Integration Framework (API Core Normalization)

CloudVPN

Platform Integrations

UI Framework

Function Packs

Platform Customizations

Service APIs

DP APIs

Service Integration Framework

BSS OSS Monitor Manage Consume ‘N’

CAT INV OPER ‘N’

“N” Service Package

Service APIs

Orchestration Platform

CloudVPN

NSO

ESC

Skyfall

SA

IWAN -VBRANCH

NSO

ESC

Skyfall

SA

MSEG -CloudVPN

NSO

ESC

Skyfall

SA

VMS NG Platform:

• API Driven Design at each layer

• Reusable Package Library & Function Packs

• Modular Component Design for proper sub-component evolution

• Platform for Simultaneous Use-Case Delivery to end customers

VMS 1.x & 2.x Platforms:• A single bundle of use-case(s) and platform in one releasable software package

• Non-modular code with low reusability

• Mainly packaged service builds

Cisco VMS Platform Evolution

Use Case Overlay;; Service Packs

Virtual MachineLife Cycle Manager

Service Life Cycle ManagerNetwork Services Orchestrator

Package LibraryData

Platform(Producer/Storage)

Platform Integration Framework (API Core Normalization)

Platform Integrations

UI Framework

Function Packs

Platform Customizations

Function PackService APIs DP APIs

Service Integration Framework (Business Logic)

BSS OSS Monitor Manage

CAT INV OPER

API + Function

= Contract

Orchestration Platform

Use CaseTo be overlaid on the

platform

Function Pack

Service APIs

MicroService

UI

MonitoringExtension

Thank you for attending today!For more information, please visit:

http://cisco.com/go/vms

06-08-2016-CKN-VMS -Combined revised 6-10-16-pptx...New%Enterprise%WAN%Architecture...

Documents

Transcript of 06-08-2016-CKN-VMS -Combined revised 6-10-16-pptx...New%Enterprise%WAN%Architecture...