Cisco Virtual Managed Services Transformation Through Innovation Joachim Jerberg Jensen – joajense@cisco.com CCIE SP #42403 April 2016 The Complex Enterprise World Private WAN / Public Internet Thousands of Devices and Connections Corporate Data Center Citrix WAN Windows Oracle SAP Branches Rackspace Amazon.com Virtual Private Cloud Internet Branches Google Salesforce WEBX Office 365 Public Cloud Home Offices General Internet C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 2 The Transformative Power of the Cloud Enterprise Any Access Secure Broadband / Leased Line / Carrier Ethernet CPE Virtual or Physical Network Elements SMB Self-Service Portal CPE Any Access Secure Broadband / Leased Line / Carrier Ethernet Virtualized Video Services Virtualized Mobility Services Virtualized Managed Services Cloud-based auto-discovery, provisioning, orchestration automation, and management Foundation for Service Agility and Transformation of the Customer Experience C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 3 Cisco NFV/SDN Strategy (Simplified) Content (NFVs) Tools & Services CSR WLC NSO TSS ASA ISE ESC PDI WSA IPS Controllers Operate VMS Cloud Infrastructure C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 4 Cisco Virtual Managed Services (VMS) VMS Service Interface Operator Administration, Service Catalog, APIs, Self-Service Portal Service Package Service Package Service Package Service Package VMS Platform Orchestration, Lifecycle Management, Controllers, Service Assurance Cloud Infrastructure C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 5 Enjoy Rapid Growth and Seamless Services Delivery Easy to Sell Easy to Deploy Easy to Manage Immediate GTM No CAPEX Plug-n-Play Install No Staging Dashboard for Visibility and Analytics Customer Portal for Service Expansion Service Agility Dynamic Models Open, Northbound APIs C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 6 Customer Experience in Brief 1 Order / Customize Your Services 3 2 CPE is connected (if needed) CPE ships (if needed) 4 Customer VPN Internet Service is up and running Orchestration occurs Automatically! Service Provider Cloud 10.12.162.x C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 7 Cisco Virtual Managed Services Cloud VPN and Cloud MPLS Packages Self-Service Portal Service Provider Cloud Cisco® Virtual Managed Services Platform Orchestration Engine Service Catalog Open APIs Customers Secure Broadband Secure WAN vRouter vFirewall vWSA vIPS Flexible CPE IPsec / MPLS Network Cisco ISR Ethernet NID Compute Storage Cisco Evolved Programmable Network C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 8 VMS 1.0.2 Services CPE VPN ISR 800, 1900, 2900, 3900, Series Managed WAN Managed Security Web Security (WSAv) Branch Branch CloudVPN (IPSec) Remote Access vRouter (CSR1Kv) Firewall (ASAv) Internet CISCO CONFIDENTIAL – SHARED UNDER9NDA ONLY C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. VMS 2.0 Services CPE VPN ISR 800, 1900, 2900, 3900, 4000 Series Managed WAN Managed Security Web Security (WSAv) Branch Branch CloudVPN (IPSec) Remote Access vRouter (CSR1Kv) Firewall (ASAv) Internet CISCO CONFIDENTIAL – SHARED UNDER C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 10NDA ONLY VMS 2.1 Services CPE VPN ISR 800, 1900, 2900, 3900, 4000 Series Managed WAN Managed Security Web Security (WSAv) Branch Branch CloudVPN (IPSec) Remote Access vRouter (CSR1Kv) Firewall (ASAv) Internet CIS: VMS on IaaS CISCO CONFIDENTIAL – SHARED UNDER C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 11NDA ONLY Scope of Orchestration VMS 2.2 Services CPE VPN ISR 800, 1900, 2900, 3900, 4000 Series Managed WAN Managed Security Intrusion Prevention (IPSv) Branch CloudVPN (IPSec) Branch vRouter (CSR1Kv) Web Security (WSAv) Firewall (ASAv) Branch MPLS VPN (MPLS) Remote Access Internet vPE (CSR1Kv) Branch 4000 Series Branch CPE Headquarters Internet DMVPN MPLS DMVPN Internet (IPSec) MPLS VPN (MPLS) IWAN IWAN (BR/MC) CISCO CONFIDENTIAL – SHARED UNDER C97-735506-00 © 2015 Cisco and/or its affiliates. All rights reserved. 12NDA ONLY vMS Architecture Update Building VMS Reference Architecture MOOG++ SkyFall Analytics & Billing Operator Access Tenant Ordering Cloud API Fault/Perf Management API Layer NSO ESC Orchestrator Orchestrator Life Cycle Manager Life Cycle Manager Virtualized Element Operation Affinity/Elasticity Virtualized Element Operation Affinity/Elasticity Controller Controller Open Stack KVM End to End Full Service View End to End Full Service View Service Models Service Models Service Views Controller Data Model Controller Data Model DomainSpecific Specific Domain DomainSpecific Specific Domain Component Views Virtualization Layer Compute Pepsi Coke Chain Chain OVS/VPP Service Offer Inventory Correlation Network Elements Virtual VNFs Virtual Functional Service Physical Virtual Virtual Premise Devices Resource Pools Availability Operation Functional Service Underlay V © 2013-2014 Cisco and/or its affiliates. All rights reserved. Network Reachability Cisco Confidential 14 VMS 2.0 Simple VirtO “Simple Virto Model” Service Variables Service Intent Service Model 3. Ready? Service APIs Rest/NetConf NSO Service Manager Transactional Database Reactive Fastmap No Longer Generates Overlay Device Manager VMS Underlay Defines the infrastructure Resources for Simple Virto Model. Loaded into CDB. Underlay 1. VNF Spin-up 4. Service Callback ESC ESC OpenStack 2b. Network Assignment 2a. Launch with Day0 5. Day 1/2 OVS VNF CSR Physical ASA WSA Internal Mgmt External Virtual © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Summary of VMS 2.0 NB APIs Basic, Medium, Full including vIPS Support § Service Creation Descriptions: § Basic: CPE and 1 CSR. § Medium: CPE, 1 CSR and 1 ASA. § Full: CPE, 1 CSR, 1 ASA and 1 WSA. § vIPS: CPE, 1 CSR, 1ASA, 1 WSA, 1 VDC, 1 Sensor § QOS applied to CPE to CSR bridge tunnel. § Redundant is the case where 2 CSR/ASA/WSA depending on basic/medium/full exist with a tunnel between 2 CSRs. § Modify Service Bandwidth § Add CPE (with Ser #), Delete CPE § Add/Delete FW Rules § Add/Modify/Delete SSL VPN Users § Delete Service. © 2013-2014 Cisco and/or its affiliates. All rights reserved. § Set vIPS // Add vIPS service § Set/Delete QoS from CPE Tunnel § Set CPE LAN IP Address § Set Geo-Redundancy § Set MPLS § Set vIPS § Show Service Details § Show IP Allocations § Create/Modify/Delete/List iWAN Service § Get Service VirtO Performance Data Cisco Confidential 16 New in VMS 2.0; Portal System Architecture (SkyFall) vMS Who is the SP customer? UX/UI Skinned, Exposes VMS Services SP Fulfillment Identity/RBAC SP Identity Provider Log Aggregation Front End Back End Ticketing Orchestration` Common Infrastructure Services SP BSS Product/offer definition, pricing, subscription, and customer billing SP Helpdesk Your system for handling customer support requests OSS Analytics Function Pack APIs vMS Services NSO © 2013-2014 Cisco and/or its affiliates. All rights reserved. Is there any physical/unorchestrated fulfillment? SP Assurance Your data collection engine can provide deeper insights for vMS customers as well as operators Cisco Confidential 17 Thank you.