NFV orchestration for cloud and virtual branch services
-
Upload
cisco-canada -
Category
Technology
-
view
207 -
download
2
Transcript of NFV orchestration for cloud and virtual branch services
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Confidential © 2016 Cisco and/or its affiliates. All rights reserved. 2
NFV/SDN Platform for Orchestrating Cloud and vBranch Managed Services
R. Wayne Ogozaly Technical Lead Engineer Cisco Systems
October 12th , 2017
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• What’s driving the NFV / SDN Business Transformation?
• What’ possible today…Cisco Virtual Managed Services (VMS) Demo
• Services Overview…VNFs running in Clouds and Virtual Branches
• Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch Provisioning for Cisco and 3rd Party devices (physical and virtual)
• Conclusions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Network Functions Virtualization (NFV)?
In NFV, network functions run as software modules on x86 servers. An NFV infrastructure, or NFVI, provides the underlying compute, storage, and network resources required for NFV.
• New elastic services
• Decoupling of hardware and software
• Automating everything and simplifying network operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
Standards based frameworks…ETSI…NFV and MANO
MANO NFV Framework
European Telecommunications Standards Institute (ETSI) NFV Industry Specifications Group
Management and Orchestration (MANO) Framework
BRKARC-2259 4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Software Defined Networking (SDN)?
In an SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…
• Separation of Control and Forwarding plane
• Centralized Management – Global view
• Automating everything and simplifying network operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
BRKARC-2259 5
What’s driving the NFV / SDN Business Transformation?
Why Virtualization for the Enterprise Network?
NFV Readiness
Organizations researching, testing, or deploying in the
next 24 months
59%
IoT Mobility Analytics Cloud Mobile traffic will Exceed
wired traffic by 2017
IoT Devices will
triple by 2020
76% of companies planning
to or investing in Big Data
80% of organizations will
primarily use SaaS by 2018
Cites the need to increase network
virtualization
32%
Solve Networking Tech Challenges
Savings up to half of current OPEX
50%
Costs
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise customers require better IT solutions
*AMI-Cisco ITaaS Research of 350 business in 11 countries
Global business IT priorities*
Global
SDN/NFV market
is expected to
reach $6B by
2020 (IDC)
BRKARC-2259 8
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Is your Network ready for the Digital Transformation? The WAN Connects Branch Sites to the rest of the world
of employees and customers are
served in branch offices
80%
of our applications are
accessed via the Internet
50%
Cite poor application
performance and latency
as a corporate concern
48%
Have either 2 or 3 WAN
connections per branch
70%
How can SPs
deliver better
branch services,
at a lower cost,
over any
connection?
BRKARC-2259 9
What Managed NFV Services Can Do For You
Quickly roll out new services and locations
Gives you flexible deployment options
Simplify day to day operations, reduce OPEX
Simple and easy
to design, provision,
manage the trusted
services that are critical
to your business
What’s possible today… Cisco Virtual Managed Services (VMS)
• Zero-touch deployment from the Cloud of your
choice, multi-tenant platform
• Automated orchestration of platform and VNFs
• Service chaining and licensing
• Health monitoring
• Scaling of services, devices, tenants across the globe
• Operational SLA and Lifecycle management
• Create standard VMS Service Templates for different branches
• Cisco tested and validated designs, or bring your own configs
• For Cisco and 3rd party VNFs
Automated Orchestration, Management, Policy
Made simple with Virtual Managed Services (VMS)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 BRKARC-2259
The Power of VMS vBranch… Many vendors, Many services…One Branch
VMS vBranch
Firewall & IPS
ISRv
SD-WAN
vWAAS
NFVIS
Internet
lan-br2
wan-br1
GE0-0
GE1-2
lan-br1
GE1-0
Branch Clients
14
Viptela vEdge SD-WAN Service
Cisco vWAAS WAN acceleration
Cisco ISRv IOS-XE routing and mgt
Palo Alto FW WAN firewall + Intrusion Protection Service (IPS)
Cisco NFVIS vBranch service chaining and VNF Lifecycle mgt
VMS Services
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Architecture – Simplified Cloud Management
VMS Operator/Admin services Secure Multi-tenant Cloud management,
Service creation platform for Enterprises & SMBs
VMS Customer services Self-service portal for service selection, device
analytics, traffic usage, service configuration,
SP Branding and service customization
[ OPTIONAL ]
Open REST APIs and SDKs Develop new Services using rich APIs,
Service SDKs, and world-class NSO Customer equipment (On-premise and In-cloud)
SERVICE PROVIDER | CUSTOMER
ISRs &
ASRs vBranch
VNFs Multi-
Vendor Security
Demo Virtual Managed Services running on a Virtual Branch x86 device
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simple Implementation of SDN/NFV using VMS From Network Complexity to Simplicity and Automation
Service Oriented Self-Service
Automated Provisioning Scalability
Plan It Design It Where Can
We Put It?
Procure It Install It Configure It Secure It Is It
Ready?
Manual
From Months to Minutes
Automated Self- Service On-Demand
Plan It Design It Is It Ready?
BRKARC-2259 17
Cisco vBranch and ENCS
Cisco 4000 Series ISR + UCS® E-Series
Cisco® UCS C-Series
Enterprise Network Compute System (ENCS)
Network Functions Virtualization Infrastructure Software (NFVIS)
Virtual Managed Services (VMS & NSO for SPs)
Introducing Cisco NFV managed by VMS Network Services in Minutes
Virtual Router
(ISRv / vEdge)
Virtual Firewall
(ASAv, FTDv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
Third-Party VNFs
Freedom of Choice from VMS Cisco Intelligent Branch
Virtual Router
Virtual Services
UCS C-Series
Branch and Campus NFV
Physical Router
Virtual Services
4000 Series ISR +
UCS® E-Series
Traditional
Physical Router
Cisco® 4000 Series ISR
Centralized services
Fixed integrated services
Conservative
Upgradable hardware
Deterministic routing
performance
Elastic routing and services
Performance
Early adopter
Virtual Managed
Services for SPs License
Portability
Investment
Protection Access to Ongoing
Innovation
Elastic routing and services
Router / Server Hybrid
Virtual Router
Virtual Services
Enterprise Network
Compute System (ENCS)
Platform Built for Branch/Campus NFV ENCS 5000 Series for the Branch
Enterprise Network Compute System
Best of Routing
& Compute
Complete
Virtualized Services
Open for Third Party
Services and Apps
ENCS 5400 Series
ENCS 5100 Series
ENCS 5000 Series - Chassis Options
ENCS5412 12-Core ENCS5408
8-Core ENCS5406 6-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412
CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS5104 4-Core
ENCS 5400 Series – I/O Side
6, 8, or 12-Core
Intel Xeon-D
16 - 64 GB
DRAM
8 Integrated LAN Ports
with Optional POE Network Interface Module
for LTE & WAN
Dedicated Board
Management Controller
2 HDD or SSD
RAID 0 & 1
Internal
M.2 Storage
64 – 400 GB
USB 3.0
Storage
2 Onboard Gigabit
Ethernet ports
with SFP
Optional Hardware
RAID Controller
Integrated
Power Supply
Hardware Acceleration for
VM Traffic
Shipping Now
Roadmap
ENCS 5100 Series - I/O Side
4-Core AMD
CPU
16 & 32 GB
DRAM
Optional
4G / LTE WAN
(Roadmap)
M.2 Storage
64 – 400 GB
2 x USB 3.0
Storage 4 GE ports
with 2 SFPs Integrated
Power Supply
Size: 1 RU
13” x 10”
Console
& MGMT
ENCS 5100 & 5400 Series Comparison
5100 Series 5400 Series
CPU Vendor / Model AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series
CPU Cores / Frequency 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz
CPU L2 Cache Size 2 MB 1.5 MB per core
Memory 16 – 32 GB 16 – 64 GB
Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB
Storage (SFF) - 2 disks with RAID (SATA, SAS, SED, SSD)
Dimensions 12.7” x 10” x 1RU 17.5” x 12” x 1RU
WAN Options 4 x GE, Cellular 2 x GE, Cellular, T1, DSL, Serial
LAN - 8 port Switch with Optional PoE
Hardware Offload - VM – VM Traffic, Crypto
Lights-out Management - Built-in CIMC
ISRv Performance 500 Mbps 2.5 Gbps
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NFVIS (Linux + ESC Lite+ PnP+CLI Agent)
VNF vAPP vAPP VNF VNF VNF
NIC NIM BMC Switch
X86 Processor
VMS Orchestration and Management Plug-n-Play
VM Lifecycle Management
Provisioning of VNFs
NIC Increased performance using SRIOV
Mirroring of traffic between VNFs
Switch 8 Port Integrated Switch (only on Low)
Optional UPOE Support
NFVIS
Lifecycle Management (ESC Lite) • Provide Northbound interface for Management/Orchestration
• Provide System level information
• Provide VNF management - Create, Modify, Delete
• Provide interface with onboard LAN switch
• Performance Monitoring of VNF’s
PnP Agent • PnP Agent must automatically configure WAN interface
• Must download platform Profile
CLI/WebUI Agent • Interface to configure onboard switch
• Provide Cisco® CLI wrapper
• Agnostic to switch vendor selected
Server Monitoring Agent • Agent to interact with Orchestration system
• Web GUI Interface for Management and Configuration
Drivers, Firmware, and Agents • NIC and interface drivers
• Optional Crypto support
Onboard Storage M.2 SSD Default Storage
VMS vBranch Architecture
BRKARC-2259 29
VMS managed ENCS advantages over white box server
• Hardware acceleration of VM-to-VM traffic
flow
• WAN module support
• 4G/LTE
• T1/E1
• xDSL
• Enterprise class grade components
(comparable to an ISR)
• Branch Form factor
• Shock, vibration, acoustic
• Secure Management of all VNFs from a single multi-tenant, multi-service platform (VMS)
• Support for Cisco and 3rd Party VNFs, securely managed by VMS
• Crypto hardware offload
• Secure VNF Lifecycle management
• BMC/CIMC – Lights out (server) management
• Support for Software and Hardware RAID on 12” chassis
• LTE modules can support Dying gasp support that is available on NIMs.
• Remote recovery of system over LTE modules
• Ability for increasing switch port density with NIMs.
Superior Hardware Engineering Superior Operational Platform
Network Functions simply managed from VMS
Cisco and 3rd Party Virtual Network Functions (VNFs)
ISRv
High Performance
Rich Features
ASAv/FTD
Full DC-class Featured Functionality
* vWAAS
Application Optimization and Akamai Connect
vWLC
Built for small and medium branches
Linux Windows Server
Active Directory,
File Share,
Server Applications
Custom Applications
DNS/DHCP
3rd Party
Network Services
Management & Monitoring
Viptela vEdge
SD-WAN
High Performance
Rich Features
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Power in Software NFVIS Software Stack managed simply from VMS
Linux Platform
Drivers
Interface
Drivers
NFVIS
Virtualization Layer – Hypervisor & vSwitch
Orchestration
API HTTPS
Plug-n-Play
Client
VMS
Plug-n-Play
Server
Console
/SSH YANG
VMS
Service
APIs
CLI NETCONF REST
Health Monitor
VMS
managed
portals
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKARC-2259 34
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VM
Life
Cycle
> D
ep
loy
BRKARC-2259 35
• 2 built-in GE ports for WAN or LAN uplink
• RJ45 Copper or SFP connectivity (10/100/1000 Mbps)
• Auto-sensing mode. Usable in a active-standby configuration.
ENCS 5000 Dual-mode GE Ports
ENCS 5400 NIM Support Managed simply by VMS
Category Description Availability on ENCS
WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN T1/E1 1, 2, 4 & 8 ports Now
Serial Asynchronous Serial: 16 & 24 ports Q1 CY18
WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M Q1 CY18
WAN Ethernet Dual-PHY: 1 & 2 ports Q1 CY18
LAN Ethernet Switches: 4 & 8 ports Q2 CY18
WAN Serial Synchronous Serial: 1, 2 & 4 ports Roadmap
Voice T1/E1, FXS, FXO Roadmap
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• 4 VNFs Deployed
• PAN FW/IPS
• vEdge
• ISRv
• vWaaS
• 6 Supporting Networks deployed
VMS Service Example
Virtual Branch ENCS 5412
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSO 3rd Party Integrations…managed simply by VMS
Open Platform with the Broadest Multi-vendor support, and Vendor Qualification
Network Services Orchestrator (NSO) - Over 100 Vendors Supported
Cisco Vendor Qualification Program
3rd Party VNFs available through VMS
BRKARC-2259 40
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSO 3rd Party Integrations…managed simply by VMS
Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products
VNF Lifecycle Mgt
Select VNF
(Fortinet)
Select Cloud
(SP or AWS or vBranch)
VNF Lifecycle Functions
Allocate VNF Resource
Locate / Boot Image
Load Day 0 Config
Monitor VNF / Analytics
VNF High Availability
Add / Delete VNFs
VNF Service Orchestration
VNF (or Device) Service Orchestration
Secure mgt connection
Create / Provision VNF Service
Monitor VNF Service
Collect Service Analytics
Add / Delete / Change Service
Multi-tenant, 1000’s of Services Fortinet VNF boot
Fortinet VNF provision
Monetize the Service
Fortinet VNF Service
Selection
1
3
2
BRKARC-2259 41
How to transform your Business… Conclusions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Self-healing
Network
Se
cu
rity
Po
licy
An
aly
tics
Virtual Managed Services (VMS) Example Service Creation Platform Components
Physical | Virtual | Data Center
Infrastructure
Orchestration | Automation
Network Abstraction
Consumer | Business | IoT | Many Markets
Cloud-based Services
Service Design | Service Assurance | Cloud Optimization
VMS Service Creation
BRKARC-2259 44
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities
Efficiency through automation and
self-service fulfillment Orchestration
Flexibility with the transformation of
solution architectures and operations
Network Functions
Virtualization
Agile service delivery via
cloud-enabled services and
management Cloud Native
Dynamic market services via tight
application and network interaction
Software-Defined
Networking
Convergence of multiple disruptive technologies has created massive opportunity
Service Orchestration
Cloud Managed
Services
NFV SDN Virtual
Managed
Services
Router FW Web IPS
BRKARC-2259 45
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Disruptive Technologies unlock new Services Allowing Industry to Address new Market Opportunities
Orchestration
Network Functions
Virtualization
Cloud Native
Software-Defined
Networking
Virtual and Physical
devices,
Cisco and 3rd Party
VNF Lifecycle Mgt
and
Service Orchestration
Simple service models
and device models
(YANG, XML)
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
VNFs run in the Cloud
or
Virtual Branch (x86)
Runs in any cloud,
public or private
(VIM Independent)
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
Service Creation
capable, including
analytics & monitoring
REST APIs to
OSS/BSS for
billing and SLAs
Config Roll back,
Service Extensions,
100,000 Devices
Auto Rendered UI,
Tenant Self-Service,
Monetized offers
Network Elements Drivers, Conf-D,
and CLI
Self-healing Networks,
Configuration Guard
Rails
VNF Certification of
Cisco and 3rd Party
VNFs
BRKARC-2259 46
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why do SPs want VMS VNF/SDN Services?
Simplify service activation, management, and assurance for 1000’s of devices/tenants
More cost effective WAN options with better performance and greater capacity
Bring up new tenants and services in minutes
Simplify
service creation while
delivering better app
experiences over any
branch connection.
Cisco NFV/SDN made easy with Virtual Managed Services
Rapid Time to Market, Proven Scale and Security
“Cisco VMS is helping
us to deliver secure,
high-performance
virtualized services
with agility to our
clients.”
BRKARC-2259 47
Thank you
Thank you
Backup
Services Overview… VNFs running in Clouds and Virtual Branches
Cisco ISRv and CSRv
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Integrated Services Virtual Router (ISRv)
• The Cisco® Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS® XE Software router that delivers WAN gateway and network services functions into virtual environments.
• Using industry-leading Cisco IOS XE Software networking capabilities (the same features present on Cisco 4000 Series ISRs and ASR 1000 Series physical routers)
Cisco ISRv Positioned as a Branch WAN Services Router
BRKARC-2259 52
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Typical Use Cases for the Cisco ISRv
Cisco ISRv:
Highly Secure VPN Gateway
Cisco ISRv:
Traffic Control Point
BRKARC-2259 53
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Differences between the: Cisco ISRv and Cisco CSR 1000v
ISRv
• The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.
• It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS platforms.
CSR 1000v (Cloud Service Router)
• The Cisco CSR1000v does not have these capabilities.
• The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere, Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).
The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity
BRKARC-2259 55
Cisco ENCS or UCS or Whitebox with NFVIS
ASAv
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Adaptive Security Virtual Appliance (ASAv)
• This Security appliance brings the power of ASA to the virtual domain and cloud environments.
• It runs the same software as the physical ASA to deliver proven security functionality. You can use it to protect virtual workloads within your data center, Public / Private Clouds, or virtual branches.
http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html
BRKARC-2259 57
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ASAv: Features, Performance, and Resource Requirements
BRKARC-2259 58
Cisco FirePower Next-Gen Firewall (NGFW)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities Policy Enforcement Point
for ISE
FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering Application
Visibility and Control
Advanced Security services to help defend your network
Foundational Internet Security Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities Policy Enforcement Point
for ISE
Next-Gen Firewall Security Subscription services that run on FTDv and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering Application
Visibility and Control
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
BRKARC-2259 60
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
• Cisco Firepower NGFWv is available on VMware, KVM, Amazon Web Services (AWS) and Microsoft Azure environments for virtual, public, private, and hybrid cloud environments.
http://www.cisco.com/go/ngfw
BRKARC-2259 61
Cisco vWLC Wireless LAN Controller
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco vWLC Virtual Wireless LAN Controller
Virtual form-factor controller for any x86 server with VMware Hypervisor ESXi 4.x or 5.x
• Supports up to 3000 access points and 32000 clients across 200 branches
• Supports 100 access points per branch
• Co-resides with other virtualized network services, including Cisco Identity Services Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)
• Entry-level 802.11n, 802.11ac controller application for small to medium-sized enterprises and branch offices
• Pay as you grow licensing starting at support for five access points
BRKARC-2259 63
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco vWLC: Virtual Wireless LAN Controller
BRKARC-2259 64
Thank you
Template Development Environment (TDE) Rapidly Creating New Service Templates for use with VMS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 BRKARC-2259
VMS Template Development Environment Rapidly Create a brand new Managed Service in minutes
Create, Edit, Export, and Publish new SP Managed Services in minutes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 BRKARC-2259
VMS Template Development Environment Rapidly Create a brand new Managed Service in minutes
There are (5) simple steps to create a new Service Template:
Step 1: Provide a Service Template name and description
Step 2: Upload the Service XML code representing the service config, and select analytics
Step 3: Create a Service Picture
Step 4: Define Service Parameters
Step 5: Select ENCS (vBranch) options to bundle with the template
Once the Template is created, you can simply publish the Template to VMS
for consumption with your customers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 BRKARC-2259
Step 1: Describe the new Service Template User role: SP Service architect or Service Designer
Create a Service Icon
Service Name
Optional Pricing
Service Description
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 BRKARC-2259
Step 2: Upload XML file and select Service Analytics User role: SP Service architect or Service Designer
Upload the XML File that represents the service config used in the new template
Select Service KPIs and analytics for the new template
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 BRKARC-2259
Step 3: Create a simple Service Picture User role: SP Service Architect or Service Designer
Drag objects from the pallet to the Service Pictogram
Label all objects as needed
Edit, move, delete objects within the service design as needed
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 BRKARC-2259
Step 4: Define the Service Parameters User role: SP Service Architect or Service Designer
5 Service Parameters were automatically extracted from the XML code file
Service architect defines each Service parameter
Service architect designs parameter input screen
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 BRKARC-2259
Step 5: Select vBranch device options for the template User role: SP Service Architect or Service Designer
Select small, medium, or large vBranch devices to bundle with the new service template
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 BRKARC-2259
Publish the new Service to VMS User role: SP Service Architect or Service Designer
Select your template and publish it to VMS for tenant consumption
Publish service, topology, and template to NSO and the VMS platform with the click of a button
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 BRKARC-2259
New Service is now available in VMS User role: SP Service Architect or Service Designer
VMS Operator portal includes the new service template
Select which customers have access to the new Service template
Demo Virtual Managed Services running CloudVPN demo
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Cloud VPN Service Package
Internet
Access
L3 Interface CSRv
Cloud
Router
IPSec
VPN WSAv Web
Security
Enterprise
Remote
Access VPN
Users
Service Provider Cloud
Branch 1
Branch 2
AWS Branch
Headquarters
Managed
CPE
ASAv Firewall
Security
Internet
Cloud Services made easy with
Virtual Network Functions:
• VPNs and Routing
• Web Security
• Internet Firewall
CSRv
BRKARC-2259 77
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Firepower NGFW Cloud Security Service Use Case
Internet
Access L3 Interface CSRv
Cloud Services
Router
Services IPSec VPN
Firewall
BGP
Branch 1
Branch 2
Branch 3
IPSec
VPN
NGFW Firepower
Services Intrusion Protection (IPS)
Application Visibility Control (AVC)
Geographic IP Control
Advanced Malware Protection (AMP)
URL Filtering
Internet Firewall
Remote Access VPN
FMC Firepower
Management Center
Services Multi-tenant Sensor Mgt
Per Tenant Threat Reporting
Enterprise
Internet
Remote Access
VPN
Service Provider
Cloud Headquarters
Managed
CPE
Managed
CPE
Managed
CPE
Managed
CPE
BRKARC-2259 78
Demo Virtual Managed Services extensions to Viptela Services
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Better Together: Providing Better Outcomes
Leading Routing & SD-WAN Platforms
Goal: Building next generation SD-WAN solutions
Together, helping businesses and IT to innovate faster, securing and delivering better customer outcomes, while reducing costs and lowering risk
Cloud-managed & Feature-rich SD-WAN
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
100+ Global Enterprise Customers Across Verticals
Manufacturing MANUFACTURING
Technology TECHNOLOGY Retail RETAIL Other Industries OTHER INDUSTRIES
FinServ FINSERV Healthcare / Pharma HEALTHCARE / PHARMA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Viptela Integration Plan Phase 2 (9-12 mo)
Platform Integration
Phase 1 No Integration
Phase 3 (12-mo +) Management Integration
Platform: • As-is
Management: • vManage
Platform: • vEdge capabilities integrated into all IOS-XE
platforms (ISR, CSR, ENCS, ASR1K)
Management: • vManage for SD-WAN capabilities on IOS-XE
Management: • Cloud hosted DNA Center-SP integrates
vManage capabilities • Full DNA Center-SP capabilities (Assurance,
Integrated workflows for SD-Access and SD-WAN)
Support and Scale the current sales motion
Viptela SD-WAN on strategic ISR platform
Deliver end-to-end experience with full DNA & DNA-SP
integration
Deplo
yment
Scenarios
Benefits
D
eta
ils
vEdge ISR4K + vEdge SW
DNA Center + SD-WAN
ISR4K + vEdge SW
vManage
vEdge
vManage
vEdge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Viptela Secure Extensible Network
Data Center Campus Branch Home Office
Control Plane (Containers or VMs)
Data Plane (Physical or Virtual)
Management Plane (Multi-tenant or Dedicated)
Orchestration Plane
vManage
vSmart vBond
vEdge
vOrchestrator
API
4G INTERNET MPLS
CONTROL
ANALYTICS ORCHESTRATION
MANAGEMENT
Cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplified Management and Operations
Single Pane Of Glass Operations Rich Analytics
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge 1000
vEdge-1000 and vEdge-2000 Routers
1 Gbps AES-256
1RU, standard rack mountable
8x GE SFP (10/100/1000)
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual Power supplies (external)
Low power consumption
vEdge 2000
10 Gbps AES-256
1RU, standard rack mountable
4x Fixed GE SFP (10/100/1000)
2 Pluggable Interface Modules
8 x 1GE SFP (10/100/1000)
2 x 10GE SFP+
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual power supplies (internal)
Redundant fans
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge-100 Routers
100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS
100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
802.11a/b/g/n/ac
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS
vEdge 100m vEdge 100mw
100 Mbps AES-256
5x 1000Base-T
TPM chip
Security, QoS
External AC PS
Kensington lock
Fan-less
9” x 1.75” x 5.5”
GPS
vEdge 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Extending Viptela with VMS
Viptela
Customer Sites
(vEdge)
Viptela
vEdge
ASAv
FTDv 3rd Party
VNFs
SP OSS/BSS
vSmart & vBond
vManage
Security and Cloud Services
SP
Services
SP Data Center
VMS vBranch (ENCS)
Public Cloud
Cloud
Services
Internet
Hosted Collaboration,
Security, Storage…
Interconnects with
installed Networks
4G INTERNET MPLS
2
3
4
5 VMS
Tenant 4
vEdge
Viptela SD-WAN
Controllers
VMS
VMS
Tenant 1
VMS
Tenant 2 VMS
Tenant 3
1
1 VMS Multi-tenancy, Viptela Controller on-boarding
2 Public Cloud, VMS on-boarding Viptela service
3 VMS vBranch support, Viptela vEdge VNFs
4 VMS Cloud based Service Extensions
5 VMS Service Interconnects, installed networks
6 VMS OSS/BSS APIs (VMS micro-service)
6
SP Data Center Viptela
SD-WAN Fabric
Zero Touch Provisioning
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
5
4
3
2
1
VMS CPE Onboarding Zero Touch Provisioning using Cloud Plug and Play (PnP) server Secure management tunnels using Network Service Orchestrator (NSO)
MPLS
Router INET
Router VMS in a Service Provider
Datacenter
Customer WAN Hub Site
Branch CPE #15
Onboard new branch CPE to NSO with specific identifier (Serial #) and wait for CPE to be booted
CPE calls home using HTTPS (with Crypto/Cert) to the VMS PnP Server. CPE Identity based on CPE Serial #
PnP Delivers CPE Day 0 config including Mgt Keys to form secure FlexVPN Mgt Tunnel (IKEv2)
Secure FlexVPN Mgt Tunnel is created for subsequent CPE configurations, analytics, and monitoring
NSO sends tenant configuration to the CPE device
NSO creates VPN Tunnels between CPE and Hub devices and completes service activation
VPN MPLS
VPN INET
PnP
Server
VMS
Mgt Hub
2
3
4
5
5
6 6
NSO 1 CPE #15
BRKARC-2259 89
Cisco Smart Software Licensing
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ESC Smart Licensing
• VNF Licensing is another core task in virtualized environments that typically requires manual processes to activate the VNF license.
• Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.
• With Smart Licensing, instead of having to manually activate licenses for each virtual machine, the virtual machine registers itself with a centralized licensing server on boot-up, tracks how the resource is used, and bills on a consumption basis.
• This setup provides important flexibility for elastic environments, allowing you to expand and contract as needed, in a completely automated fashion, while paying only for the resources you actually consume.
BRKARC-2259 91
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Smart Licensing Example – More Flexible with PAYG
• Cisco Smart Software Licensing makes it easier to buy, deploy, track, and renew Cisco licenses.
• Simpler purchase and activation of the VM, Pay-as-you-grow (PAYG)
• Easier license management and reporting of virtual appliances due to license pooling
• Automatic license activation when the virtual appliance is provisioned
• Customers can view product entitlements and services in the Cisco Smart Software Manager.
BRKARC-2259 92
VMS REST APIs
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
REST APIs and Software Development Kits Simple to use, simple to create new SP Services
• All VMS Services are configurable via REST APIs
• New Services can be created through the Software Development Kit (SDK)
BRKARC-2259 94
Thank you