06-08-2016-CKN-VMS -Combined revised 6-10-16-pptx...New%Enterprise%WAN%Architecture...
Transcript of 06-08-2016-CKN-VMS -Combined revised 6-10-16-pptx...New%Enterprise%WAN%Architecture...
Peter Wells, Sr. Director, Global Service Provider SegmentAndrew Vaz, Sr. Director, Product Management, Service Provider Solutions
June 8, 2016
The Profitable Path to NFV and SDN
Cisco Knowledge Network Presents:
Virtual Managed Services
Three Key Takeaways
Similar to compute moving to cloud, networking is virtualizing and moving to the (SP) cloud
Capturing this transition is a top priority for nearly all service providers: Lower CAPEX, OPEX, truck rolls, & agility;; Portal-based sales to SMB and Enterprises
The market is moving to IP as a primary WAN technology: Cloud traffic driving the need for hybrid WANs and new internet-based services from service providers
1 2 3
Cloud Forcing a Rethink of the WAN (and CPE)
Internet Pricing vs. Reliability, 1998-2012
Inte
rnet
Tra
nsit
Pric
ing1
($ p
er M
Bps
)
Packet delivery %
2
- Internet Transit Pricing - Packet delivery % (1-Packet Loss%)
Significant WAN traffic now destined outside the Enterprise…yet backhauled to centralized internet PoPs via costly MPLS
of CIOs Expect to Operate via the Cloud by 2015
50%
58% Of Enterprise IT Branch Budgets are Spent on WAN!
33%Of Enterprise Applications are Delivered from outside the enterprise
SaaS, Hybrid Cloud, Private Cloud
Internet (DIA) now considered a viable alternative for enterprise networking
Today’s Enterprise WAN ArchitectureDual Layer 3 VPN
General Internet
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
ActiveMPLS (IP-VPN)
Branch
InternetBack-upMPLS (IP-VPN)
General Internet
New Enterprise WAN ArchitectureHybrid WAN (“SD-WAN”)
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
ActiveMPLS (IP-VPN)
Branch
InternetActiveInternet
New Enterprise WAN ArchitectureStep 1: Hybrid WAN – Keep security status quo
General Internet
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
MPLS (IP-VPN)
Branch
InternetInternet
• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging
New Enterprise WAN ArchitectureCisco IWAN Solution
General Internet
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
MPLS (IP-VPN)
Branch
InternetInternet(DMVPN)
- Enterprise CPE hubs: DMVPN- PfR routes on performance- AVC for traffic policy- WaaS for app acceleration
Challenges- Complex solution…need for automation- Need for cloud management and a smart UI…need for portal
New Enterprise WAN ArchitectureCisco IWAN Solution with SP Cloud Management
General Internet
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
MPLS (IP-VPN)
Branch
InternetInternet(DMVPN)
- Enterprise CPE hubs: DMVPN- PfR routes on performance- AVC for traffic policy- WaaS for app acceleration
SP Solution- vMS platform for virtualization, SDN, and cross domain management- Q3 2016 launch delivers IWAN automation and visualization
Our Vision Service
Provider Cloud
Cisco SPARK e.g.
3rd party VNFs3rd party Apps
SP Apps and Services
Cisco Applications & VNFs
vUTM
Email secvRouter
Web proxy svc
Enterprise
SMB
Virtualized Network Functions in the Cloud
CPE / vCPE LandscapeOne size doesn’t fit all!
Premisedelivered
Clouddelivered
L3 “Classic”
L2 CPE
L3 CPE + Embedded x86
L3 CPE + Cloud Managed
X86 on Premise (uCPE / vBranch)
L3 “Classic”
L2 CPEL3 CPE + Embedded x86
L3 CPE + Cloud Managed
X86 on Premise (vBranch)
Network Functions on CPE RoutingEncryptionLoad balancing…
FWIDS/IPSWeb Security…
New Enterprise WAN ArchitectureStep 1: Hybrid WAN – Keep security status quo
General Internet
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
MPLS (IP-VPN)
Branch
InternetInternet
• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging
Future Enterprise WAN ArchitectureStep 2: Lower Latency, Lower Cost WAN, New Approach to Security
General Internet
PrivateCloud
Public Cloud
VirtualPrivate Cloud
MPLS (IP-VPN)
Internet
Branch
• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging
?
Reducing WAN CostsThe Cisco-on-Cisco Use Case
e.g. Cisco: 16 IPoPs serving ~450 branch offices
PrivateCloud
CorporateData Center
Public Cloud
VirtualPrivate Cloud
• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging
Internet
?
MPLS (IP-VPN)
Reducing WAN CostsThe Cisco-on-Cisco Use Case
CorporateData Center
• Stateful firewall• IDS / IPS• Web Security• ISE• Antivirus• DNS logging• URL Black listing • URL logging • Netflow Collection• Full Packet Capture • Web Proxy logging
Internet
ASA
SourceFire
WSA
NAM
AVDDOSSIEMNetflow Collection
MPLS (IP-VPN)
B
WAN costs
+ Network security costs
= Total costs
5-Year IWAN TCO Enterprise ComparisonUse Case: 200 Branches
5-Year TCO Enterprise ComparisonUse Case: 200 Branches
Cisco VMS is the Profitable Path to NFV / SDNDelivering automation and virtualization for service agility
Branch
Public Cloud
VirtualPrivate Cloud
vCPECloud PoP
SP Data Center
VMS Platform
• Next-Generation Service PlatformCisco Virtual Managed Services Cisco VMS
Service Provider Business Facing its Own Transition
Battle for Apps—Efficiently and Quickly Deliver New Managed Services
Delivering Secure and Flexible Hybrid Cloud Management
Connecting Explosion of Internet Devices to the Network
Fulfilling Security and Data Sovereignty Requirements
4/5’s of workloads moved to cloud
by 2019
78% of enterprises pursuing multi-cloud
strategy
Over 507.5 ZB of data per year by 2019 via IOT
$18B new telco opportunity with 75% enterprises interested
Cisco GCI, VNI, MOISTL Partners 2016 Study
Industry Trends are Creating Incredible Market Opportunities
OrchestrationEfficiency with automation & self-service fulfillment
ServiceOrchestration
Software Defined NetworkingDynamic market services via tight application &
network interaction
CloudAgile service delivery via cloud-enabled solutions
Convergence of multiple disruptive technologies has created massive market opportunity
Cloud Managed Services
NFVNetwork Functions Virtualization
Flexibility due to transformation of solution architectures & operationsVirtual
Managed Services
SDN
For Service Providers who need a simple, agile, & secure means of connecting
Enterprises & SMBs to a rich catalog of value added business (& IOT) services, VMS is the
answer.
VMS Vision & Market Focus
Cisco VMS is a flexible platform that provisions & operates both Cisco and non-
Cisco physical & virtual functions.
Unlike the current limited-scope offerings in today’s market, VMS, built on Cisco’s strong brand and industry leading IT portfolio,
enables Service Providers to rapidly create & monetize next-generation business services.
Mobile lineFixed Wired line
Fixed WiredLine
LargeCompany
Multistore
LTELTE LTE LTE
EventIoT(M2M)
LTE
SPCloud
ConsortiumCloud
XxxxCloud Internet AWS,
MS Azure
SP VMS Vision
SMBCompany
E x a m p l e S P V M S Ta r g e t s
1 Enterprise Managed Business Services(Initial VMS Focus: IWAN, VBRANCH, CVPN)
2 Small Medium Business Services(ie: SMB-UTM)
3 IOT Managed Services(ie: M2M, per Enterprise Vertical Services)
VMS - Service Provider Benefits
Plug & Play Install reduces or eliminates truck rolls
Web-based Service Interface
automates service ordering AND activation
Enterprise-gradeNetwork & Security Servicesextended to multiple markets
Automated Service Lifecycle Management dramatically reduces operating costs
Source: ACG Research: Business Case for Virtual Managed Services – Sept 2014
010100100
010100100
78%Lower OPEX
200%Improved ROI
VMS CloudVPN
CISCO CONFIDENTIAL –SHARED UNDER NDA ONLY
SP CloudVPN needs / problems:• Enhance agility and deploy new services
• Lower hardware provisioning expenses
• Minimize the need for hardware upgrades
• Offer service catalog with latest security technologies and services
• Elasticity for service scaling
Secure, cloud-based Hub-and-spoke inter-office connectivity with remote access providing additional security packages including web security, firewall
Business Benefits• Enhances agility to deploy new services• Operational efficiency with Zero touch deployment and automated provisioning
• Enable business to comply with regulatory requirements with strong encryption of data in motion
• Enable Zero touch provisioning tenants self or SP managed solution.
• Installation and deployment simplicity
Firewall(ASAv)
Web Security(WSAv)
Remote Access
Internet
Branch
Branch
CloudVPN(IPSec)
vRouter(CSR1Kv)
CPE
ISR 800, 1900, 2900, 3900, 4000
Series
VPN Managed WAN Managed Security
CloudVPN solution:• Secure site-to-site VPN connection between customers’ sites using IPsec tunnels over Internet.
• Secure Internet Connectivity options• Constant Intelligent Security through Firewall and web security options
• AnyConnect Remote Access VPN capabilities
• Advanced Web Security with real-time Advanced Malware Protection (AMP)
Intrusion Prevention (IPSv)
Firewall
(ASAv)
Web Security(WSAv)
Remote Access
Internet
Branch
CPE
ISR 800, 1900, 2900, 3900, 4000 Series
VPN Managed WAN Managed Security
Other Networks
MPLS VPNNetwork
.1Q VLANs
CloudVPN(IPSec)
vRouter(CSR1Kv)
SP Managed Netw
ork
Branch
Branch
Branch
SP vCE needs:• Expand CloudVPN service to support customers on MPLS network.
• Maintain MPLS network integrity and security, as well as SP domain separation.
• Ability to offer network integration of customer branch offices across CloudVPN and MPLS Networks
SP vCE solution:• Existing CloudVPN Service terminates IPSec on vRouter
• Terminate MPLS network at SP MPLS PE• .1Q Trunk transports Private (terminated MPLS) and Public tenant (IPsec) VLANs.
• vRouter has route information for tenant IPsec and MPLS sites
Business Benefits• Enhances agility to deploy new services.• Simplified integration of Cloud Services for Internet and MPLS network customers.
• Enable business to comply with regulatory requirements with strong encryption of data in motion.
VMS Cloud VPN with vCEL2vCE provides secure convergence of tenant’s IPsec & MPLS network sites. MPLS sites also gain added Managed Security benefits.
CISCO CONFIDENTIAL –SHARED UNDER NDA ONLY
Intrusion Prevention (IPSv)
Public Cloud
VirtualPrivate Cloud
MPLS
PrivateCloud
Internet
Branch
ISR4K
VMS IWANA DMVPN cloud per transport between branch and enterprise hubAll security implemented at hub before going out to Internet
• Visibility, control and optimization (AVC)
• Intelligent Path Allocation
• Network Diversity
• Reduced Access Costs
Internet
ISR branch todayEvolving to Virtual Branch
Inet and MPLS DMVPN
vBranch Solution Overview and Benefits
vBranch solution benefits:ü Services run virtualized in branch – eliminates additional HW for new services, easily enabling new SP revenue opportunities
ü Operational efficiency by zero touch deployment & automated provisioning - minimizing truck-rolls
ü No change for current branch service delivery model - Service capability remains in the branch
ü Enables tenant self-managed or SP managed operations
ü Suited to overlay VPNs – MPLS, IWAN, IVPN
ü Enables SW based value-added services besides VNFs
Solution to deploy feature-rich services in the branch environment using virtualization technology
Enterprise Headquarters
Firewall(ASAv)
InternetWAN opt(WAASv)
vBranch @ EnterpriseBranch Office
SP Infrastructure
vRouterISRv
VMS vBranchManagement platform
ENCS w/ NFVIS
MPLS VPN(MPLS)
Virtual MachineLife Cycle Manager
Service Life Cycle ManagerNetwork Services Orchestrator
Package LibraryData
Platform
(Producer / Storage)
Platform Integration Framework (API Core Normalization)
CloudVPN
Platform Integrations
UI Framework
Function Packs
Platform Customizations
Service APIs
DP APIs
Service Integration Framework
BSS OSS Monitor Manage Consume ‘N’
CAT INV OPER ‘N’
“N” Service Package
Service APIs
Orchestration Platform
CloudVPN
NSO
ESC
Skyfall
SA
IWAN -VBRANCH
NSO
ESC
Skyfall
SA
MSEG -CloudVPN
NSO
ESC
Skyfall
SA
VMS NG Platform:
• API Driven Design at each layer
• Reusable Package Library & Function Packs
• Modular Component Design for proper sub-component evolution
• Platform for Simultaneous Use-Case Delivery to end customers
VMS 1.x & 2.x Platforms:• A single bundle of use-case(s) and platform in one releasable software package
• Non-modular code with low reusability
• Mainly packaged service builds
Cisco VMS Platform Evolution
Use Case Overlay;; Service Packs
Virtual MachineLife Cycle Manager
Service Life Cycle ManagerNetwork Services Orchestrator
Package LibraryData
Platform(Producer/Storage)
Platform Integration Framework (API Core Normalization)
Platform Integrations
UI Framework
Function Packs
Platform Customizations
Function PackService APIs DP APIs
Service Integration Framework (Business Logic)
BSS OSS Monitor Manage
CAT INV OPER
API + Function
= Contract
Orchestration Platform
Use CaseTo be overlaid on the
platform
Function Pack
Service APIs
MicroService
UI
MonitoringExtension
Thank you for attending today!For more information, please visit:
http://cisco.com/go/vms