Cisco Virtual Managed Services Transformation Through Innovation Joachim Jerberg Jensen –

Cisco Virtual
Managed Services
Transformation Through Innovation
Joachim Jerberg Jensen – joajense@cisco.com
CCIE SP #42403
April 2016
The Complex Enterprise World
Private WAN / Public Internet Thousands of Devices and Connections
Corporate Data Center
Citrix
WAN
Windows
Oracle
SAP
Branches
Rackspace
Amazon.com
Virtual Private Cloud
Internet
Branches
Google
Salesforce
WEBX
Office 365
Public Cloud
Home Offices
General Internet
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
2
The Transformative Power of the Cloud
Enterprise
Any Access
Secure Broadband / Leased Line / Carrier Ethernet
CPE
Virtual or Physical
Network Elements
SMB
Self-Service Portal
CPE
Any Access
Secure Broadband / Leased Line / Carrier Ethernet
Virtualized
Video
Services
Virtualized
Mobility
Services
Virtualized
Managed
Services
Cloud-based auto-discovery, provisioning,
orchestration automation, and management
Foundation for Service Agility and Transformation of the Customer Experience
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
3
Cisco NFV/SDN Strategy (Simplified)
Content
(NFVs)
Tools &
Services
CSR
WLC
NSO
TSS
ASA
ISE
ESC
PDI
WSA
IPS
Controllers
Operate
VMS
Cloud Infrastructure
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
4
Cisco Virtual Managed Services (VMS)
VMS Service Interface
Operator Administration, Service Catalog, APIs, Self-Service Portal
Service
Package
Service
Package
Service
Package
Service
Package
VMS Platform
Orchestration, Lifecycle Management, Controllers, Service Assurance
Cloud Infrastructure
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
5
Enjoy Rapid Growth and Seamless Services Delivery
Easy to Sell
Easy to Deploy
Easy to Manage
Immediate GTM
No CAPEX
Plug-n-Play Install
No Staging
Dashboard for
Visibility and Analytics
Customer Portal for Service
Expansion
Service Agility Dynamic Models
Open, Northbound APIs
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
6
Customer Experience in Brief
1
Order / Customize
Your Services
3
2
CPE is connected
(if needed)
CPE ships (if needed)
4
Customer
VPN
Internet
Service is up and running
Orchestration
occurs
Automatically!
Service
Provider
Cloud
10.12.162.x
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
7
Cisco Virtual Managed Services
Cloud VPN and Cloud MPLS Packages
Self-Service Portal
Service Provider Cloud
Cisco® Virtual Managed Services Platform
Orchestration
Engine
Service Catalog
Open APIs
Customers
Secure Broadband
Secure WAN
vRouter
vFirewall
vWSA
vIPS
Flexible CPE
IPsec / MPLS
Network
Cisco ISR
Ethernet NID
Compute
Storage
Cisco Evolved Programmable Network
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
8
VMS 1.0.2 Services
CPE
VPN
ISR 800, 1900,
2900, 3900,
Series
Managed
WAN
Managed
Security
Web Security
(WSAv)
Branch
Branch
CloudVPN
(IPSec)
Remote Access
vRouter
(CSR1Kv)
Firewall
(ASAv)
Internet
CISCO CONFIDENTIAL –
SHARED UNDER9NDA ONLY
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
VMS 2.0 Services
CPE
VPN
ISR 800, 1900,
2900, 3900,
4000 Series
Managed
WAN
Managed
Security
Web Security
(WSAv)
Branch
Branch
CloudVPN
(IPSec)
Remote Access
vRouter
(CSR1Kv)
Firewall
(ASAv)
Internet
CISCO CONFIDENTIAL –
SHARED UNDER
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
10NDA ONLY
VMS 2.1 Services
CPE
VPN
ISR 800, 1900,
2900, 3900,
4000 Series
Managed
WAN
Managed
Security
Web Security
(WSAv)
Branch
Branch
CloudVPN
(IPSec)
Remote Access
vRouter
(CSR1Kv)
Firewall
(ASAv)
Internet
CIS: VMS on IaaS
CISCO CONFIDENTIAL –
SHARED UNDER
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
11NDA ONLY
Scope of Orchestration
VMS 2.2 Services
CPE
VPN
ISR 800, 1900,
2900, 3900,
4000 Series
Managed
WAN
Managed
Security
Intrusion
Prevention
(IPSv)
Branch
CloudVPN
(IPSec)
Branch
vRouter
(CSR1Kv)
Web Security
(WSAv)
Firewall
(ASAv)
Branch
MPLS VPN
(MPLS)
Remote Access
Internet
vPE
(CSR1Kv)
Branch
4000 Series
Branch
CPE
Headquarters
Internet
DMVPN
MPLS
DMVPN
Internet
(IPSec)
MPLS VPN
(MPLS)
IWAN
IWAN
(BR/MC)
CISCO CONFIDENTIAL –
SHARED UNDER
C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved.
12NDA ONLY
vMS Architecture Update
Building VMS Reference Architecture
MOOG++
SkyFall
Analytics & Billing
Operator Access
Tenant Ordering
Cloud API
Fault/Perf Management
API Layer
NSO
ESC
Orchestrator
Orchestrator
Life Cycle
Manager
Life Cycle
Manager
Virtualized
Element
Operation
Affinity/Elasticity Virtualized
Element
Operation
Affinity/Elasticity
Controller
Controller
Open Stack
KVM
End to End Full Service View
End to End Full Service View
Service Models
Service Models
Service Views
Controller Data Model
Controller
Data Model
DomainSpecific
Specific
Domain
DomainSpecific
Specific
Domain
Component Views
Virtualization Layer
Compute
Pepsi
Coke
Chain
Chain
OVS/VPP
Service Offer
Inventory
Correlation
Network
Elements
Virtual
VNFs
Virtual
Functional Service
Physical
Virtual
Virtual
Premise
Devices
Resource
Pools
Availability
Operation
Functional Service
Underlay
V
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network Reachability
Cisco Confidential
14
VMS 2.0 Simple VirtO
“Simple Virto Model”
Service Variables
Service Intent
Service Model
3. Ready?
Service APIs
Rest/NetConf
NSO
Service Manager
Transactional
Database
Reactive Fastmap
No Longer Generates
Overlay
Device Manager
VMS Underlay Defines the
infrastructure Resources for Simple
Virto Model. Loaded into CDB. Underlay
1. VNF Spin-up
4. Service
Callback
ESC
ESC
OpenStack
2b. Network
Assignment
2a. Launch
with Day0
5. Day 1/2
OVS
VNF
CSR
Physical
ASA
WSA
Internal
Mgmt
External
Virtual
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
Summary of VMS 2.0 NB APIs
Basic, Medium, Full including vIPS Support
§
Service Creation Descriptions:
§
Basic: CPE and 1 CSR.
§
Medium: CPE, 1 CSR and 1 ASA.
§
Full: CPE, 1 CSR, 1 ASA and 1 WSA.
§
vIPS: CPE, 1 CSR, 1ASA, 1 WSA, 1 VDC, 1 Sensor
§
QOS applied to CPE to CSR bridge tunnel.
§
Redundant is the case where 2 CSR/ASA/WSA depending on
basic/medium/full exist with a tunnel between 2 CSRs.
§
Modify Service Bandwidth
§
Add CPE (with Ser #), Delete CPE
§
Add/Delete FW Rules
§
Add/Modify/Delete SSL VPN Users
§
Delete Service.
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
§
Set vIPS // Add vIPS service
§
Set/Delete QoS from CPE Tunnel
§
Set CPE LAN IP Address
§
Set Geo-Redundancy
§
Set MPLS
§
Set vIPS
§
Show Service Details
§
Show IP Allocations
§
Create/Modify/Delete/List iWAN Service
§
Get Service VirtO Performance Data
Cisco Confidential
16
New in VMS 2.0; Portal System Architecture (SkyFall)
vMS
Who is the SP
customer?
UX/UI
Skinned, Exposes
VMS Services
SP
Fulfillment
Identity/RBAC
SP Identity Provider
Log Aggregation
Front End
Back End
Ticketing
Orchestration`
Common Infrastructure
Services
SP BSS
Product/offer
definition, pricing,
subscription, and
customer billing
SP
Helpdesk
Your system for
handling customer
support requests
OSS Analytics
Function Pack APIs
vMS
Services
NSO
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Is there any
physical/unorchestrated
fulfillment?
SP
Assurance
Your data
collection engine
can provide deeper
insights for vMS
customers as well
as operators
Cisco Confidential
17
Thank you.