March 2018
Intent-based networking for the branch and WANCisco SD-WAN
PSS EN Spain
Carlos Infante
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
0
20
40
60
80
100
120
Aug-1
2
Oct-
12
Dec-1
2
Feb
-13
Apr-
13
Jun
-13
Aug-1
3
Oct-
13
Dec-1
3
Feb
-14
Apr-
14
Jun
-14
Aug-1
4
Oct-
14
De
c-1
4
Feb
-15
Apr-
15
Jun
-15
Aug-1
5
Oct-
15
Dec-1
5
Feb
-16
Apr-
16
Jun
-16
Aug-1
6
Oct-
16
Dec-1
6
Feb
-17
Apr-
17
Jun
-17
SD-WAN
Source: Google, SD-WAN searches 5yrs ending August 2017
Google Trends
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unprecedented demands on the network
Digital Disruption
Lack of Business
and IT Insights
63 million new devices online every second by 20201
Complexity
Slow and Error Prone
Operations
3X spend on network operations vs network2
Security
Unconstrained
Attack Surface
6 months to detect breach3
1. Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking
2. McKinsey Study of Network Operations for Cisco – 2016
3. Ponemon Research Institute Study on Malware Detection, Mar 2016
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The branch and WAN cannot keep up…
• Delays enabling new connectivity
• Inconsistent application performance
• Difficult to manage multiple network devices
• Increasing bandwidth demands
• Support non-traditional devices
• Can’t use the internet for SaaS
Complex to operate
Difficult to secure
Poor user experience
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANIntent-based networking for the branch
Branc
h
Greater agilitySimplify the deployment and operation of
your WAN and get faster performance
using less bandwidth
Advanced threat protectionSecurely connect your users to applications and
protect your data from the WAN edge to the cloud
Better user experienceDeploy applications in minutes on any platform
with consistent application performance
40% WAN OpEx Savings
3.24h Time to detection
4x Improved Application Experience
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What defines Enterprise Class SD-WAN
APPLICATION POLICIES
SERVICES DELIVERY PLATFORM
TRANSPORT INDEPENDENT FABRIC
Broadband CellularMPLS
ZERO TOUCH ZERO TRUST
QoSSecurity Segmentation Svc Insertion SurvivabilityRouting Multicast
Per-Segment
Topologies
Cloud
Path
Application
SLA
Secure
Perimeter
Traffic
Engineering
Transport
Hub
Cloud
Acceleration
Analytics
Monitoring
Operations
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN Architecture
Data Center Campus Branch Public Cloud
Cloud managed and
controlled fabric
End-point flexibility(Physical or Virtual)
Application quality
of experienceControl | Management | Analytics
Internet MPLS 4G LTETransport
Independence
Integrated Security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intent-based networking for the branch and WAN
Transport independence
Centralized cloud managed fabric
End-point flexibility
Application quality of experience
Integrated security
Inten
tContext
Securit
y
Learnin
g
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Network. Intuitive.Constantly learning, adapting and protecting.
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
Turns business intent to business results
Constantly learning, adapting and protecting.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Comprehensive threat protectionIntegrated security
4G/LTE
Corporate
Data Center
Campus
Small Office
Home Office
Branch
Cloud
Data Center
MPLSInternetMeet industry compliance with end-to-end
segmentation
Talos threat intelligence protects all
users devices
Reduce attack surface with cloud and
on-prem security
RouterVPN 3
VPN 3
VPN 1
VPN 2IPSec
Tunnel
VPN 4Cloud
Security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Best of breed trusted security services
Cloud-delivered security
First layer of defense against
threats at branch offices
Visibility and enforcement
at the DNS layer
Umbrella Branch ASAv
Multilayered protection
Integrated approach that consolidates
security services in a single platform
Optimized for DC, designed for NFV
NGFWv
Advanced defense for
end-to-end protection
Harden virtual services and
enable secure access
On-premise or cloud management
Cloud Security Traditional Firewall Next Gen Firewall
Secure Overlay | Trustworthy Systems | Encrypted Traffic Analytics*
*ISR 4400 – 2HCY17
Reduce risk
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud-first management and operations with a single WAN fabric across all end-points
Easier to deploy, manage and operateCentralized cloud managed fabric
Cisco DNA Center
Viptela vManage
Simplified workflows for easier configuration, monitoring and troubleshooting.
Advanced analytics and assurance for application service level agreement
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simplify migration to the cloudApplication quality of experience
Secure branch to cloud connectivity protects data in motion
IaaS/SaaS
Data
Center
Small Office
Home Office
CampusBranch
Cloud
Applications
Secure
SD-WAN
Fabric
Cloud
Providers
Agile workflows simplifies extending the enterprise to IaaS or SaaS
Analytics determines the optimal path for the best application experience
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deploy branches faster at lower costTransport independence
Leverage internet for public cloud and Internet access
Secure VPN overlay for private and virtual public cloud access
3G/4G-LTE
Branch
Private Cloud
Colocation
Public Cloud
MPLS
Internet
Seamless extension to the cloud enables business policy to follow workloads
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Reduce complexity for remote sitesSingle rich services branch platform
Application hosting
Cloud Based Security
SD-WANUnified Communications
Application Optimization
Branch
Easy to deploy and manage
services on-demand
On-demand physical and virtual
form factors
Best of breed trusted network
services
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deploy rich services across on any platformEnd-point flexibility
ISR 1000 ISR 4000 ASR 1000
• 2.5-200Gbps
• High-performance
service w/hardware
assist
• Hardware & software
redundancy
• Up to 2 Gbps
• Modular
• Integrated service
containers
• Compute with UCS E
• 200 Mbps
• Next-gen connectivity
• Performance flexibility
Branch Services
Public Cloud
vEdge 2000
• 10 Gbps
• Modular
vEdge 1000
• Up to 1 Gbps
• Fixed
vEdge 100
• 100 Mbps
• 4G LTE & Wireless
SD-WAN
Branch virtualization
ENCS 5100 ENCS 5400
• Up to 250Mbps • 250Mbps – 2GB
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANOpen and Programmable
3rd Party VNF’s
Cisco IOS XE
DevNet Cisco Developer Program
Program your network stronger, simpler, and faster
– build and develop with Cisco APIs
Improve security and reliability with an open
and programmable network operating system
Customizable for ’best of breed’ virtual network
functions
Easier to integrate with third-party solutions
What Is Enterprise NFV?
Freedom of choiceHardware platform
Hardware and software independenceVirtualization layer
Consistent, trusted network services across all the platformsVirtual network functions (VNFs)
Centralized Orchestration and ManagementSDN Applications
Cisco 4000 Series ISR + UCS® E-Series
Cisco® UCS C-Series
Enterprise Network Compute System(ENCS)
Network Functions Virtualization Infrastructure Software (NFVIS)
Cisco Enterprise Service Automation (ESA) on DNA-CenterNetwork Services Orchestrator (NSO)
Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform
Virtual Router(ISRv)
Virtual Firewall(ASAv)
Virtual WAN Optimization
(vWAAS)
Virtual Wireless LAN Controller (vWLC)
Third-Party VNFs
What Enterprise NFV Can Do For You
Gives you flexible deployment options
Simplify day to day operations
Quickly roll out new services and locations
Simple and easy to design, provision, manage the trusted
services that are critical to your business
Top Related