Cisco Connect NFV/SDN Platform for Orchestrating Cloud and vBranch Managed Services R. Wayne Ogozaly Technical Lead Engineer Cisco Systems October 12th , 2017 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Agenda • What’s driving the NFV / SDN Business Transformation? • Critical Elements of a Next-gen NFV / SDN Solution • What’ possible today…Cisco Virtual Managed Services (VMS) Demo • Services Overview…VNFs running in Clouds and Virtual Branches • Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch Provisioning for Cisco and 3rd Party devices (physical and virtual) • Conclusions © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public What is Network Functions Virtualization (NFV)? Standards based frameworks…ETSI…NFV and MANO In NFV, network functions run as software modules on x86 servers. An NFV infrastructure, or NFVI, provides the underlying compute, storage, and network resources required for NFV. • New elastic services • Decoupling of hardware and software • Automating everything and simplifying network operations • Reducing OpEx (not transferring cost) • Increasing service revenue NFV Framework MANO European Telecommunications Standards Institute (ETSI) NFV Industry Specifications Group Management and Orchestration (MANO) Framework BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 What is Software Defined Networking (SDN)? In an SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications… • Separation of Control and Forwarding plane • Centralized Management – Global view • Automating everything and simplifying network operations • Reducing OpEx (not transferring cost) • Increasing service revenue BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 What’s driving the NFV / SDN Business Transformation? Markets are Poised for Epic Opportunity By 2021, mobile traffic will represent 20% of total IP traffic (up from 8% in 2016) Cisco VNI Mobile, 2017 80% of user workloads moved to Cloud by 2019 IoT will drive zettabytes of data and billions of new connections. Ratio of machine communications to human communications will be 30:1 by 2020 CapGemini, 2015 5G will generate $247B in service revenue by 2025 ABI Research Business Internet traffic will grow 4X faster than IP WAN. Global VPN grows 56% over the next 2 years from $45B to $70B by 2019 Gaming to grow 7-fold and account for 4% percent of fixed consumer internet by 2020; currently 2% of average and 10% of peak traffic Cisco VNI BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Enterprise customers require better IT solutions Global business IT priorities* Global SDN/NFV market is expected to reach $6B by 2020 (IDC) *AMI-Cisco ITaaS Research of 350 business in 11 countries BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Is your Network ready for the Digital Transformation? The WAN Connects Branch Sites to the rest of the world 80% of employees and customers are served in branch offices 70% 50% Have either 2 or 3 WAN connections per branch of our applications are accessed via the Internet How can SPs deliver better branch services, at a lower cost, over any connection? 48% Cite poor application performance and latency as a corporate concern BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Cisco is leading Service Provider Transformation SP Drivers • Bandwidth is growing; revenue is not • Web-scale breaks current cost & design models Cisco Strategy SP Outcomes • Reduce TCO Virtualize • Transform operations • Accelerate speed to market Simplify • Generate new revenue • Need to grow new compelling services • Need reductions in both CAPEX and OPEX, not a transfer • Customer retention & relationship critical • Improve customer experience • Mitigate risk Automate • Application-led, not infrastructure Service Focus • Network as platform for retention and new services Transform with a combo SDN, NFV, and traditional Network Products BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Critical Elements of a Next-gen NFV / SDN Solution Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities Orchestration Network Functions Virtualization Cloud Native Software-Defined Networking Service Orchestration Efficiency through automation and self-service fulfillment Flexibility with the transformation of solution architectures and operations SDN Virtual Managed Services Agile service delivery via cloud-enabled services and management Dynamic market services via tight application and network interaction NFV Router FW Web IPS Cloud Managed Services Convergence of multiple disruptive technologies has created massive opportunity BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Disruptive Technologies unlock new Service Models Allowing Industry to Address new Market Opportunities Efficiency through automation and self-service fulfillment Orchestration Virtual and Physical devices, Cisco and 3rd Party Simple service models and device models (YANG, XML) Network Elements Drivers, Conf-D, and CLI Config Roll back, Service Extensions, 100,000 Devices Flexibility with the transformation of solution architectures and operations Network Functions Virtualization VNF Lifecycle Mgt and Service Orchestration VNFs run in the Cloud or Virtual Branch (x86) VNF Smart Licensing and Pay-as-you-Grow Pricing Models VNF Certification of Cisco and 3rd Party VNFs Agile service delivery via cloud-enabled services and management Cloud Native Tenant Self-Service, Monetized offers, Auto Rendered UI, Runs in any cloud, public or private (VIM Independent) Web Scale design, Multi-tenant 1,000s, Service Orientation Micro-services, Docker Containers, Kubernetes, Geo-redundancy Dynamic market services via tight application and network interaction Software-Defined Networking Central Device Mgt, Secure ID (RBAC), Zero Touch Provision Self-healing Networks, Configuration Guard Rails Service Creation capable, including analytics & monitoring BRKARC-2259 REST APIs to OSS/BSS for billing and SLAs © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Virtual Managed Services (VMS) Example Service Creation Platform Components VMS Service Creation Service Design | Service Assurance | Cloud Optimization Analytics Policy Security Cloud-based Services Consumer | Business | IoT | Many Markets Self-healing Network Network Abstraction Orchestration | Automation Infrastructure Physical | Virtual | Data Center BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 What’s possible today… Cisco Virtual Managed Services (VMS) Live Demo Cisco and Verizon SDN / NFV Running Cisco Virtual Managed Services (VMS) getsdwan.com https://getsdwan.com/?utm_source=mrpdb&utm_medium=email&utm_campaign=visitsdwangeni nfo&login=CV3655315889&elqTrackId=fdab2eea85914a6e876740e048848635&elq=fc084ed17 5084de8947d7ea1ef8a7a65&elqaid=2205&elqat=1&elqCampaignId=897 BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Cisco VMS SDN/NFV - Optimized for ease of Management Automated end-to-end SDN/NFV Services managed from the Verizon Cloud Secure multi-tenant Cloud Managed platform, simplified orchestration & tenant self-service WAN created with Zero Touch Provisioning, validated Service Packs (NSO), 1000’s devices Rapidly create new monetized services, modify existing services instantly from Cloud Perfect for distributed customers looking for lower cost and self-managed SDN/NFV options BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Cisco SD-WAN running on VMS SD-WAN Made Easy With VMS Microsoft Office 365 MPLS Internet LTE Public/Private Cloud New Branch Extensions MPLS, Internet, LTE links Secure VPN Overlays Lower Cost, Higher Capacity Identify See 1000+ apps on your network with NBAR Accelerate & Secure Prioritize Map apps to links using business policies with Performance Routing Boost app performance over secure overlays Secure, Reliable Application Experience for Enterprises and SMBs BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Why Verizon choose Cisco VMS SDN/NFV Business Challenge / Need Verizon Business Outcomes • Need to deploy new SDN/NFV faster • Reduced Time to market, deploy SD-WAN in minutes • DIY too costly, need resources per tenant • Reduced risk/cost via full service support • Scale customers without exponential costs • Saved CAPEX & OPEX, pay you grow model • Increase total addressable market • Leveraged Cisco Sales & Cisco installed base • Leverage existing IT investments • Used open APIs to integrate existing IT tooling BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 VMS Architecture - Simplified Cloud Management SERVICE PROVIDER | CUSTOMER VMS Operator/Admin Service VMS Customer Service Secure Multi-tenant Cloud management, Service creation platform for Enterprises & SMBs Self-service portal for service selection, device analytics, traffic usage, and service configuration [ OPTIONAL ] ISRs & ASRs Open REST APIs and SDKs Develop new Services using rich APIs, Service SDKs, and world-class NSO VNFs Customer equipment BRKARC-2259 vBranch Security MultiVendor (On-premise and In-cloud) © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 VMS Demo based on Customer SD-WAN PoC SP team deployed this IWAN tenant in 34 minutes: (1) WAN Hub using three ASR-1001s (4) WAN Branches using ISR 2911s and 2951s MPLS and Internet links for all sites DMVPNs and VMS Mgt Tunnels Tenant creation WAN Hub site deployment User creation WAN Branch deployments Service creation PnP Device Registration BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Demo Virtual Managed Services running Cisco an SDN Service From Service Concept to Service Activation…in minutes VMS WAN Service Example Network Services Orchestrator (NSO) VMS WAN Service Package SERVICE MANAGER VMS WAN Service Model Yang Service Models VMS Models the Service Options WAN Service Models represent the IWAN Service intention • • Service Activation processes the Customer Intent SERVICE ACTIVATION LOGIC Mapping Code (Java/Templates) • VMS WAN DEVICE MANAGER Device Model Yang Device Models Network Element Drivers Physical Devices vBranch (x86) VNFs Maps Service Model options to the Device Model for each customer WAN Device Model abstracts Device specifics from the Service • Real Customer, Real WAN Service in only 30 Minutes! Written in Yang Includes service validation logic • Supports different devices thru the use of Network Element Drivers Creates an WAN instance based on Customer choices and topology VMS Service Activation across Diverse Devices and many Locations BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 User SDN selections activated through NSO service models Simple, secure, and scalable management of diverse devices NSO VMS User Selections NSO creates configs to match Branch Devices VMS WAN Service Package (VMS User Interface or APIs) Secure Branch Updates VMS WAN Cisco ISR 2901 Service Model Service Activation or Change VMS WAN Device Model Cisco ISR 899 Device Specific Configs VMS Cisco ISR 4431 NSO Atomic transactions, over secure links Network Element Drivers Physical Devices vBranch (x86) User makes a policy choice, Portal / APIs provide guard rails VNFs NSO processes User intent thru Service & Device models Device specific configs and updates are created BRKARC-2259 With a single click, updates are pushed to many sites © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Simple Implementation of SDN/NFV using VMS From Network Complexity to Simplicity and Automation Manual Plan It Design It Where Can We Put It? Procure It Install It Configure It Secure It Is It Ready? From Months to Minutes Automated Self- Service On-Demand Plan It Design It Service Oriented Is It Ready? Self-Service Automated Provisioning BRKARC-2259 Scalability © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 SPs need a Multi-Service Platform Cloud based Service Creation …Many Services…One Platform…for Enterprises and SMBs VMS SDN/NFV Service Packages unlock many Cloud Managed Services from a single platform NSO Service Models and Device Models simply the orchestration of new services and multi-vendor devices (90% less code) SPs can create new Cloud Managed Services rapidly using the VMS Software Development Kit (SDK) Your Service Here Many Service Packages offered from the SP Cloud VMS SDN/NFV Service Packages simplify… How to create and monetize a service How to orchestrate and activate a service How to monitor and modify a service How to collect analytics and bill a service How to boot and manage virtual and physical devices vRouter vFirewall vWAAS Multi-Vendor NSO Device Models NSO Service Models BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Services Overview… VNFs running in Clouds and Virtual Branches Cisco ISRv and CSRv Cisco Integrated Services Virtual Router (ISRv) • The Cisco® Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS® XE Software router that delivers WAN gateway and network services functions into virtual environments. • Using industry-leading Cisco IOS XE Software networking capabilities (the same features present on Cisco 4000 Series ISRs and ASR 1000 Series physical routers) Cisco ISRv Positioned as a Branch WAN Services Router BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Typical Use Cases for the Cisco ISRv Cisco ISRv: Highly Secure VPN Gateway Cisco ISRv: Traffic Control Point BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Differences between the: Cisco ISRv and Cisco CSR 1000v ISRv Cisco ENCS or UCS or Whitebox with NFVIS • The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only. • It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS platforms. CSR 1000v (Cloud Service Router) • The Cisco CSR1000v does not have these capabilities. • The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere, Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure). The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 ASAv Cisco Adaptive Security Virtual Appliance (ASAv) • This Security appliance brings the power of ASA to the virtual domain and cloud environments. • It runs the same software as the physical ASA to deliver proven security functionality. You can use it to protect virtual workloads within your data center, Public / Private Clouds, or virtual branches. http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Cisco ASAv: Features, Performance, and Resource Requirements BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Cisco FirePower Next-Gen Firewall (NGFW) Cisco Firepower Next-Gen Firewall Virtual (NGFWv) Advanced Security services to help defend your network FirePOWER Services Next-Gen Firewall Security Subscription thatthat run run on the andand provide enhanced levelslevels of threat and network Subscriptionservices services onASA FTDv provide enhanced ofprotection threat protection andvisibility network visibility URL Filtering Next-Generation Intrusion Prevention System Advanced Malware Protection Application Visibility and Control Foundational Functionality Foundational Internet Security Built-in services to provide basebase protection and connect with otherwith security Built-infirewall firewall services to provide protection and connect othersolutions security solutions Stateful Firewalling Policy Enforcement Point for ISE VPN Capabilities BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Cisco Firepower Next-Gen Firewall Virtual (NGFWv) • Cisco Firepower NGFWv is available on VMware, KVM, Amazon Web Services (AWS) and Microsoft Azure environments for virtual, public, private, and hybrid cloud environments. http://www.cisco.com/go/ngfw BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Cisco vWLC Wireless LAN Controller Cisco vWLC Virtual Wireless LAN Controller Virtual form-factor controller for any x86 server with VMware Hypervisor ESXi 4.x or 5.x • Supports up to 3000 access points and 32000 clients across 200 branches • Supports 100 access points per branch • Co-resides with other virtualized network services, including Cisco Identity Services Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE) • Entry-level 802.11n, 802.11ac controller application for small to medium-sized enterprises and branch offices • Pay as you grow licensing starting at support for five access points BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Cisco vWLC: Virtual Wireless LAN Controller BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Cisco vBranch and ENCS Freedom of Choice from VMS Cisco Intelligent Branch Traditional Physical Router Cisco® 4000 Series ISR Centralized services Fixed integrated services Conservative Virtual Managed Services for SPs Branch and Campus NFV Physical Router Virtual Services Virtual Router Virtual Services Virtual Router Virtual Services 4000 Series ISR + UCS® E-Series Enterprise Network Compute System (ENCS) UCS C-Series Upgradable hardware Deterministic routing performance Elastic routing and services Router / Server Hybrid Access to Ongoing Innovation License Portability Elastic routing and services Performance Early adopter Investment Protection Introducing Cisco NFV managed by VMS Network Services in Minutes Virtual Managed Services (VMS & NSO for SPs) Virtual Router (ISRv / vEdge) Virtual Firewall (ASAv, FTDv) Virtual WAN Optimization (vWAAS) Virtual Wireless LAN Controller (vWLC) Third-Party VNFs Network Functions Virtualization Infrastructure Software (NFVIS) Cisco 4000 Series ISR + UCS® E-Series Enterprise Network Compute System (ENCS) Cisco® UCS C-Series Platform Built for Branch/Campus NFV ENCS 5000 Series for the Branch Best of Routing & Compute Complete Virtualized Services Open for Third Party Services and Apps Enterprise Network Compute System ENCS 5100 Series ENCS 5400 Series ENCS 5000 Series - Chassis Options ENCS5104 4-Core ENCS5406 6-Core ENCS5408 8-Core ENCS5412 12-Core ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412 CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz PoE No No 200W 200W ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs Capacity Guidance Shipping Now Roadmap ENCS 5400 Series – I/O Side Integrated Power Supply 16 - 64 GB DRAM 8 Integrated LAN Ports with Optional POE Hardware Acceleration for VM Traffic 6, 8, or 12-Core Intel Xeon-D Dedicated Board Management Controller USB 3.0 Storage Optional Hardware RAID Controller Network Interface Module for LTE & WAN 2 Onboard Gigabit Ethernet ports with SFP Internal M.2 Storage 64 – 400 GB 2 HDD or SSD RAID 0 & 1 Q3 CY 2017 ENCS 5100 Series - I/O Side Size: 1 RU 13” x 10” 16 & 32 GB DRAM Integrated Power Supply Console & MGMT 4-Core AMD CPU 4 GE ports with 2 SFPs M.2 Storage 64 – 400 GB 2 x USB 3.0 Storage Optional 4G / LTE WAN (Roadmap) ENCS 5100 & 5400 Series Comparison 5100 Series 5400 Series AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz 2 MB 1.5 MB per core Memory 16 – 32 GB 16 – 64 GB Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB - 2 disks with RAID (SATA, SAS, SED, SSD) 12.7” x 10” x 1RU 17.5” x 12” x 1RU 4 x GE, Cellular 2 x GE, Cellular, T1, DSL, Serial LAN - 8 port Switch with Optional PoE Hardware Offload - VM – VM Traffic, Crypto Lights-out Management - Built-in CIMC 500 Mbps 2.5 Gbps CPU Vendor / Model CPU Cores / Frequency CPU L2 Cache Size Storage (SFF) Dimensions WAN Options ISRv Performance ENCS 5400 NIM Support Managed simply by VMS Category Description Availability on ENCS WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC Now WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC Now WAN T1/E1 1, 2, 4 & 8 ports Now Serial Asynchronous Serial: 16 & 24 ports Q1 CY18 WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M Q1 CY18 WAN Ethernet Dual-PHY: 1 & 2 ports Q1 CY18 LAN Ethernet Switches: 4 & 8 ports Q2 CY18 WAN Serial Synchronous Serial: 1, 2 & 4 ports Roadmap Voice T1/E1, FXS, FXO Roadmap Demo Virtual Managed Services running on a Virtual Branch x86 device Network Functions simply managed from VMS Cisco and 3rd Party Virtual Network Functions (VNFs) Viptela vEdge Windows Server Linux 3rd Party SD-WAN Active Directory, Custom Applications Network Services High Performance File Share, DNS/DHCP Management & Monitoring Rich Features Server Applications Example VMS vBranch templates • • Dual WAN Links Protected with a Firewall • Add an Linux Server SPs can create BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Viptela vEdge VNF running on a VMS vBranch VMS vBranch WAN (GE) vEdge Viptela vEdge VNF is directly connected via GE port to the WAN Network BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 ISRv providing CUBE Voice Service for Viptela vEdge Running on a VMS vBranch vEdge is directly connected via GE port to the WAN Network vEdge VNF is connected via GE port to an ISRv that’s providing a CUBE Unified Communication Service BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 The Power of VMS vBranch… Many vendors, Many services…One Branch Internet VMS vBranch GE0-0 wan-br1 Firewall & IPS NFVIS SD-WAN ISRv lan-br1 VMS Services vWAAS lan-br2 GE1-2 GE1-0 Branch Clients Viptela vEdge SD-WAN Service Cisco vWAAS WAN acceleration Cisco ISRv IOS-XE routing and mgt Palo Alto FW WAN firewall + Intrusion Protection Service (IPS) Cisco NFVIS vBranch service chaining and VNF Lifecycle mgt BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Demo Virtual Managed Services running on a Virtual Branch x86 device SP Managed Service Options Branch Templates manage Physical (ISRs), Virtual (vBranch), and 3rd Party devices Branches managed from VMS running in the SP Cloud Many Service options, defined by the SP, created & managed by VMS Zero touch provisioning over secure mgt tunnels Diverse Branch topologies, defined with VMS templates BRKARC-2259 Real-time analytics service assurance, site and device status from VMS © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 VMS vBranch Architecture NFVIS VMS Orchestration and Management Plug-n-Play VM Lifecycle Management Provisioning of VNFs PnP Agent • PnP Agent must automatically configure WAN interface • Must download platform Profile Lifecycle Management (ESC Lite) VNF VNF VNF VNF vAPP vAPP NFVIS (Linux + ESC Lite+ PnP+CLI Agent) • • • • • Provide Northbound interface for Management/Orchestration Provide System level information Provide VNF management - Create, Modify, Delete Provide interface with onboard LAN switch Performance Monitoring of VNF’s CLI/WebUI Agent X86 Processor Switch NIC Onboard Storage M.2 SSD Default Storage NIM BMC • Interface to configure onboard switch • Provide Cisco® CLI wrapper • Agnostic to switch vendor selected Server Monitoring Agent • Agent to interact with Orchestration system • Web GUI Interface for Management and Configuration Switch NIC 8 Port Integrated Switch (only on Low) Optional UPOE Support Increased performance using SRIOV Mirroring of traffic between VNFs Drivers, Firmware, and Agents • NIC and interface drivers • Optional Crypto support BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Optimized for Network Services NFV Infrastructure Software (NFVIS) Network Hypervisor Zero-Touch Deployment Supports segmentation of virtual networks Automatic connection to PnP server Abstract CPU, memory, and storage resources Highly secure connection to the orchestration system Easy day-0 provisioning Lifecycle Management Service Chaining Open API Provisioning and launch of VNFs Elastic service insertion Failure and recovery monitoring Multiple independent service paths based on applications or user profiles Programmable API for service orchestration Stop and restart services REST and NETCONF API Dynamically add and remove services BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 VMS managed ENCS advantages over white box server Superior Hardware Engineering • Hardware acceleration of VM-to-VM traffic flow • WAN module support • 4G/LTE • T1/E1 • xDSL Superior Operational Platform • Secure Management of all VNFs from a single multi-tenant, multi-service platform (VMS) • Support for Cisco and 3rd Party VNFs, securely managed by VMS • Crypto hardware offload • Secure VNF Lifecycle management • BMC/CIMC – Lights out (server) management • Enterprise class grade components (comparable to an ISR) • Branch Form factor • Shock, vibration, acoustic • Support for Software and Hardware RAID on 12” chassis • LTE modules can support Dying gasp support that is available on NIMs. • Remote recovery of system over LTE modules • Ability for increasing switch port density with NIMs. NSO 3rd Party Integrations…managed simply by VMS Open Platform with the Broadest Multi-vendor support, and Vendor Qualification 3rd Party VNFs available through VMS Network Services Orchestrator (NSO) - Over 100 Vendors Supported Cisco Vendor Qualification Program BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 NSO 3rd Party Integrations…managed simply by VMS Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products VNF Service Orchestration VNF Lifecycle Mgt Select VNF (Fortinet) 1 Fortinet VNF Service Selection 3 Select Cloud Fortinet VNF provision (SP or AWS or vBranch) Monetize the Service 2 Fortinet VNF boot VNF Lifecycle Functions VNF (or Device) Service Orchestration Allocate VNF Resource Secure mgt connection Locate / Boot Image Create / Provision VNF Service Load Day 0 Config Monitor VNF Service Monitor VNF / Analytics Collect Service Analytics VNF High Availability Add / Delete / Change Service Add / Delete VNFs Multi-tenant, 1000’s of Services BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Demo Virtual Managed Services running CloudVPN demo VMS Cloud VPN Service Package Service Provider Cloud Enterprise Headquarters Managed CPE Cloud Services made easy with Virtual Network Functions: • VPNs and Routing • Web Security • Internet Firewall Remote Access VPN Users Branch 1 Internet Access Branch 2 AWS Branch CSRv IPSec VPN CSRv Cloud Router WSAv L3 Interface Web Security ASAv Internet Firewall Security BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Firepower NGFW Cloud Security Service Use Case Enterprise Headquarters Service Provider Cloud FMC Firepower Management Center Services Managed CPE Multi-tenant Sensor Mgt Per Tenant Threat Reporting Remote Access VPN Branch 1 Managed CPE Branch 2 Managed CPE Branch 3 IPSec VPN CSRv Cloud Services Router Managed CPE Services IPSec VPN Firewall BGP L3 Interface NGFW Firepower Internet Access Internet Services Intrusion Protection (IPS) Application Visibility Control (AVC) Geographic IP Control Advanced Malware Protection (AMP) URL Filtering Internet Firewall Remote Access VPN BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Demo Virtual Managed Services extensions to Viptela Services Better Together: Providing Better Outcomes Leading Routing & SD-WAN Platforms Cloud-managed & Feature-rich SD-WAN Together, helping businesses and IT to innovate faster, securing and delivering better customer outcomes, while reducing costs and lowering risk Goal: Building next generation SD-WAN solutions © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100+ Global Enterprise Customers Across Verticals FinServ Retail FINSERV RETAIL HEALTHCARE / PHARMA Healthcare / Pharma MANUFACTURING Manufacturing TECHNOLOGY Technology OTHER INDUSTRIES Other Industries © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Viptela Integration Plan Phase 1 Phase 2 (9-12 mo) Phase 3 (12-mo +) vManage vManage DNA Center + SD-WAN Deployment Scenarios No Integration vEdge Benefits Details Platform Integration vEdge Support and Scale the current sales motion Management Integration vEdge ISR4K + vEdge SW Viptela SD-WAN on strategic ISR platform Deliver end-to-end experience with full DNA & DNA-SP integration Platform: Platform: Management: • • • As-is Management: • vManage © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential vEdge capabilities integrated into all IOS-XE platforms (ISR, CSR, ENCS, ASR1K) Management: • vManage for SD-WAN capabilities on IOS-XE ISR4K + vEdge SW • Cloud hosted DNA Center-SP integrates vManage capabilities Full DNA Center-SP capabilities (Assurance, Integrated workflows for SD-Access and SD-WAN) Viptela Secure Extensible Network vManage Orchestration Plane vOrchestrator vSmart vBond MANAGEMENT vEdge Management Plane API (Multi-tenant or Dedicated) ANALYTICS ORCHESTRATION Control Plane (Containers or VMs) CONTROL INTERNET MPLS 4G Data Plane (Physical or Virtual) Cloud Data Center Campus Branch Home Office © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Simplified Management and Operations Single Pane Of Glass Operations Rich Analytics © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public vEdge-1000 and vEdge-2000 Routers vEdge 1000 1 Gbps AES-256 1RU, standard rack mountable 8x GE SFP (10/100/1000) TPM chip 3G/4G via USB (or) Ethernet Security, QoS Dual Power supplies (external) Low power consumption vEdge 2000 10 Gbps AES-256 1RU, standard rack mountable 4x Fixed GE SFP (10/100/1000) 2 Pluggable Interface Modules 8 x 1GE SFP (10/100/1000) 2 x 10GE SFP+ TPM chip 3G/4G via USB (or) Ethernet Security, QoS Dual power supplies (internal) Redundant fans © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public vEdge-100 Routers vEdge 100m vEdge 100mw vEdge 100 100 Mbps AES-256 5x 1000Base-T TPM chip Security, QoS External AC PS Kensington lock Fan-less 9” x 1.75” x 5.5” GPS 100 Mbps AES-256 1RU 5x 1000Base-T 1x POE port 2G/3G/4G LTE Internal AC PS 1x USB-3.0 TPM Board-ID Kensington lock Low power fan GPS 100 Mbps AES-256 1RU 5x 1000Base-T 1x POE port 2G/3G/4G LTE 802.11a/b/g/n/ac Internal AC PS 1x USB-3.0 TPM Board-ID Kensington lock Low power fan GPS © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Extending Viptela with VMS 6 SP OSS/BSS 1 1 VMS 3 Public Cloud, VMS on-boarding Viptela service 3 VMS vBranch support, Viptela vEdge VNFs 4 VMS Cloud based Service Extensions 5 VMS Service Interconnects, installed networks 6 VMS OSS/BSS APIs (VMS micro-service) VMS vBranch (ENCS) VMS VMS Tenant 1 Tenant 2 3rd Party VNFs ASAv FTDv VMS Tenant 3 Viptela SD-WAN Controllers Viptela vEdge vManage vSmart & vBond Viptela SD-WAN Fabric SP Data Center Cloud Services SP Data Center INTERNET 4G MPLS Security and Cloud Services VMS Tenant 4 vEdge © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Public Cloud Internet SP Services 4 2 Viptela Customer Sites (vEdge) VMS Multi-tenancy, Viptela Controller on-boarding 2 Interconnects with installed Networks Hosted Collaboration, Security, Storage… How to transform your Business… Conclusions VMS Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities Orchestration Virtual and Physical devices, Cisco and 3rd Party Simple service models and device models (YANG, XML) Network Elements Drivers, Conf-D, and CLI Config Roll back, Service Extensions, 100,000 Devices Network Functions Virtualization VNF Lifecycle Mgt and Service Orchestration VNFs run in the Cloud or Virtual Branch (x86) VNF Smart Licensing and Pay-as-you-Grow Pricing Models VNF Certification of Cisco and 3rd Party VNFs Cloud Native Web Scale design, Multi-tenant 1,000s, Service Orientation Runs in any cloud, public or private (VIM Independent) Micro-services, Docker Containers, Kubernetes, Geo-redundancy Auto Rendered UI, Tenant Self-Service, Monetized offers Software-Defined Networking Central Device Mgt, Secure ID (RBAC), Zero Touch Provision Self-healing Networks, Configuration Guard Rails Service Creation capable, including analytics & monitoring REST APIs to OSS/BSS for billing and SLAs BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Why do SPs want VMS VNF/SDN Services? Bring up new tenants and services in minutes Simplify service activation, management, and assurance for 1000’s of devices/tenants More cost effective WAN options with better performance and greater capacity Simplify service creation while delivering better app experiences over any branch connection. “Cisco VMS is helping us to deliver secure, high-performance virtualized services with agility to our clients.” Cisco NFV/SDN made easy with Virtual Managed Services Rapid Time to Market, Proven Scale and Security BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 Thank you Backup Thank you Zero Touch Provisioning VMS CPE Onboarding Zero Touch Provisioning using Cloud Plug and Play (PnP) server Secure management tunnels using Network Service Orchestrator (NSO) Customer IWAN Hub Site IWAN Master Controller 1 Onboard new branch CPE to NSO with specific identifier (Serial #) and wait for CPE to be booted 2 CPE calls home using HTTPS (with Crypto/Cert) to the VMS PnP Server. CPE Identity based on CPE Serial # 3 PnP Delivers CPE Day 0 config including Mgt Keys to form secure FlexVPN Mgt Tunnel (IKEv2) VMS in a Service Provider Datacenter 1 NSO CPE #15 4 MPLS Border Router 5 PnP Server DMVPN MPLS Secure FlexVPN Mgt Tunnel is created for subsequent CPE configurations, analytics, and monitoring 5 NSO sends tenant configuration to the CPE device 6 NSO creates DMVPN Tunnels between CPE and Hub devices and completes service activation INET Border Router DMVPN INET 6 6 2 VMS Mgt Hub 3 4 5 Branch CPE #15 BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 Cisco Smart Software Licensing Cisco ESC Smart Licensing • VNF Licensing is another core task in virtualized environments that typically requires manual processes to activate the VNF license. • Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs. • With Smart Licensing, instead of having to manually activate licenses for each virtual machine, the virtual machine registers itself with a centralized licensing server on boot-up, tracks how the resource is used, and bills on a consumption basis. • This setup provides important flexibility for elastic environments, allowing you to expand and contract as needed, in a completely automated fashion, while paying only for the resources you actually consume. BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 Smart Licensing Example – More Flexible with PAYG • Cisco Smart Software Licensing makes it easier to buy, deploy, track, and renew Cisco licenses. • Simpler purchase and activation of the VM, Pay-as-you-grow (PAYG) • Easier license management and reporting of virtual appliances due to license pooling • Automatic license activation when the virtual appliance is provisioned • Customers can view product entitlements and services in the Cisco Smart Software Manager. BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 VMS REST APIs REST APIs and Software Development Kits Simple to use, simple to create new SP Services • All VMS Services are configurable via REST APIs • New Services can be created through the Software Development Kit (SDK) BRKARC-2259 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 Thank you