More Related Content Similar to NFV orchestration for cloud and virtual branch services (20) More from Cisco Canada (20) NFV orchestration for cloud and virtual branch services1. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
2. Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 2
NFV/SDN Platform for
Orchestrating Cloud and
vBranch Managed Services
R. Wayne Ogozaly Technical Lead Engineer Cisco Systems
October 12th , 2017
3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• What’s driving the NFV / SDN Business Transformation?
• What’ possible today…Cisco Virtual Managed Services (VMS) Demo
• Services Overview…VNFs running in Clouds and Virtual Branches
• Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch
Provisioning for Cisco and 3rd Party devices (physical and virtual)
• Conclusions
4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Network Functions Virtualization (NFV)?
In NFV, network functions run as software modules
on x86 servers. An NFV infrastructure, or NFVI,
provides the underlying compute, storage, and
network resources required for NFV.
• New elastic services
• Decoupling of hardware and software
• Automating everything and simplifying network
operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
Standards based frameworks…ETSI…NFV and MANO
MANONFV Framework
European Telecommunications Standards Institute (ETSI)
NFV Industry Specifications Group
Management and Orchestration (MANO) Framework
BRKARC-2259 4
5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Software Defined Networking (SDN)?
In an SDN architecture, the control and data
planes are decoupled, network intelligence and
state are logically centralized, and the
underlying network infrastructure is abstracted
from the applications…
• Separation of Control and Forwarding plane
• Centralized Management – Global view
• Automating everything and simplifying
network operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
BRKARC-2259 5
7. Why Virtualization for the Enterprise Network?
NFV Readiness
Organizations researching,
testing, or deploying in the
next 24 months
59%
IoTMobility Analytics Cloud
Mobile traffic will Exceed
wired traffic by 2017
IoT Devices will
triple by 2020
76% of companies planning
to or investing in Big Data
80% of organizations will
primarily use SaaS by 2018
Cites the need to
increase network
virtualization
32%
Solve Networking
Tech Challenges
Savings up to half
of current OPEX
50%
Costs
8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise customers require better IT solutions
*AMI-Cisco ITaaS Research of 350 business in 11 countries
Global business IT priorities*
Global
SDN/NFV market
is expected to
reach $6B by
2020 (IDC)
BRKARC-2259 8
9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Is your Network ready for the Digital Transformation?
The WAN Connects Branch Sites to the rest of the world
of employees and customers are
served in branch offices
80%
of our applications are
accessed via the Internet
50%
Cite poor application
performance and latency
as a corporate concern
48%
Have either 2 or 3 WAN
connections per branch
70%
How can SPs
deliver better
branch services,
at a lower cost,
over any
connection?
BRKARC-2259 9
10. What Managed NFV Services Can Do For You
Quickly roll out new services and locations
Gives you flexible deployment options
Simplify day to day operations, reduce OPEX
Simple and easy
to design, provision,
manage the trusted
services that are critical
to your business
12. • Zero-touch deployment from the Cloud of your
choice, multi-tenant platform
• Automated orchestration of platform and VNFs
• Service chaining and licensing
• Health monitoring
• Scaling of services, devices, tenants across the globe
• Operational SLA and Lifecycle management
• Create standard VMS Service Templates for different branches
• Cisco tested and validated designs, or bring your own configs
• For Cisco and 3rd party VNFs
Automated Orchestration, Management, Policy
Made simple with Virtual Managed Services (VMS)
13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14BRKARC-2259
The Power of VMS vBranch…
Many vendors, Many services…One Branch
VMS vBranch
Firewall
& IPS
ISRv
SD-WAN
vWAAS
NFVIS
Internet
lan-br2
wan-br1
GE0-0
GE1-2
lan-br1
GE1-0
Branch Clients
14
Viptela vEdge SD-WAN Service
Cisco vWAAS WAN acceleration
Cisco ISRv IOS-XE routing and mgt
Palo Alto FW WAN firewall +
Intrusion Protection Service (IPS)
Cisco NFVIS vBranch service chaining
and VNF Lifecycle mgt
VMS Services
14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Architecture – Simplified Cloud Management
VMS Operator/Admin services
Secure Multi-tenant Cloud management,
Service creation platform for Enterprises & SMBs
VMS Customer services
Self-service portal for service selection, device
analytics, traffic usage, service configuration,
SP Branding and service customization
[ OPTIONAL ]
Open REST APIs and SDKs
Develop new Services using rich APIs,
Service SDKs, and world-class NSO Customer equipment (On-premise and In-cloud)
SERVICE PROVIDER | CUSTOMER
ISRs &
ASRs
vBranch
VNFs
Multi-
VendorSecurity
16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simple Implementation of SDN/NFV using VMS
From Network Complexity to Simplicity and Automation
Service Oriented
Self-Service
Automated Provisioning
Scalability
Plan It Design It Where Can
We Put It?
Procure It Install It Configure It Secure It Is It
Ready?
Manual
From Months to Minutes
Automated Self- Service On-Demand
Plan It Design It Is It Ready?
BRKARC-2259 17
18. Cisco 4000 Series ISR +
UCS® E-Series
Cisco® UCS
C-Series
Enterprise Network Compute
System
(ENCS)
Network Functions Virtualization Infrastructure Software (NFVIS)
Virtual Managed Services (VMS & NSO for SPs)
Introducing Cisco NFV managed by VMS
Network Services in Minutes
Virtual Router
(ISRv / vEdge)
Virtual Firewall
(ASAv, FTDv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
Third-Party VNFs
19. Freedom of Choice from VMS
Cisco Intelligent Branch
Virtual Router
Virtual Services
UCS C-Series
Branch and Campus NFV
Physical Router
Virtual Services
4000 Series ISR +
UCS® E-Series
Traditional
Physical Router
Cisco® 4000 Series ISR
Centralized services
Fixed integrated services
Conservative
Upgradable hardware
Deterministic routing
performance
Elastic routing and services
Performance
Early adopter
Virtual Managed
Services for SPs
License
Portability
Investment
Protection
Access to Ongoing
Innovation
Elastic routing and services
Router / Server Hybrid
Virtual Router
Virtual Services
Enterprise Network
Compute System (ENCS)
20. Platform Built for Branch/Campus NFV
ENCS 5000 Series for the Branch
Enterprise Network Compute System
Best of Routing
& Compute
Complete
Virtualized Services
Open for Third Party
Services and Apps
ENCS 5400 Series
ENCS 5100 Series
21. ENCS 5000 Series - Chassis Options
ENCS5412
12-CoreENCS5408
8-CoreENCS5406
6-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412
CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS5104
4-Core
22. ENCS 5400 Series – I/O Side
6, 8, or 12-Core
Intel Xeon-D
16 - 64 GB
DRAM
8 Integrated LAN Ports
with Optional POE
Network Interface Module
for LTE & WAN
Dedicated Board
Management Controller
2 HDD or SSD
RAID 0 & 1
Internal
M.2 Storage
64 – 400 GB
USB 3.0
Storage
2 Onboard Gigabit
Ethernet ports
with SFP
Optional Hardware
RAID Controller
Integrated
Power Supply
Hardware Acceleration for
VM Traffic
Shipping Now
Roadmap
23. ENCS 5100 Series - I/O Side
4-Core AMD
CPU
16 & 32 GB
DRAM
Optional
4G / LTE WAN
(Roadmap)
M.2 Storage
64 – 400 GB
2 x USB 3.0
Storage
4 GE ports
with 2 SFPs
Integrated
Power Supply
Size: 1 RU
13” x 10”
Console
& MGMT
24. ENCS 5100 & 5400 Series Comparison
5100 Series 5400 Series
CPU Vendor / Model AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series
CPU Cores / Frequency 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz
CPU L2 Cache Size 2 MB 1.5 MB per core
Memory 16 – 32 GB 16 – 64 GB
Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB
Storage (SFF) - 2 disks with RAID (SATA, SAS, SED, SSD)
Dimensions 12.7” x 10” x 1RU 17.5” x 12” x 1RU
WAN Options 4 x GE, Cellular 2 x GE, Cellular, T1, DSL, Serial
LAN - 8 port Switch with Optional PoE
Hardware Offload - VM – VM Traffic, Crypto
Lights-out Management - Built-in CIMC
ISRv Performance 500 Mbps 2.5 Gbps
25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NFVIS (Linux + ESC Lite+ PnP+CLI Agent)
VNF vAPPvAPPVNF VNFVNF
NIC NIM BMCSwitch
X86 Processor
VMS Orchestration and Management
Plug-n-Play
VM Lifecycle Management
Provisioning of VNFs
NIC
Increased performance using SRIOV
Mirroring of traffic between VNFs
Switch
8 Port Integrated Switch (only on Low)
Optional UPOE Support
NFVIS
Lifecycle Management (ESC Lite)
• Provide Northbound interface for Management/Orchestration
• Provide System level information
• Provide VNF management - Create, Modify, Delete
• Provide interface with onboard LAN switch
• Performance Monitoring of VNF’s
PnP Agent
• PnP Agent must automatically configure WAN interface
• Must download platform Profile
CLI/WebUI Agent
• Interface to configure onboard switch
• Provide Cisco® CLI wrapper
• Agnostic to switch vendor selected
Server Monitoring Agent
• Agent to interact with Orchestration system
• Web GUI Interface for Management and Configuration
Drivers, Firmware, and Agents
• NIC and interface drivers
• Optional Crypto support
Onboard Storage
M.2 SSD Default Storage
VMS vBranch Architecture
BRKARC-2259 29
26. VMS managed ENCS advantages
over white box server
• Hardware acceleration of VM-to-VM traffic
flow
• WAN module support
• 4G/LTE
• T1/E1
• xDSL
• Enterprise class grade components
(comparable to an ISR)
• Branch Form factor
• Shock, vibration, acoustic
• Secure Management of all VNFs from a single
multi-tenant, multi-service platform (VMS)
• Support for Cisco and 3rd Party VNFs, securely
managed by VMS
• Crypto hardware offload
• Secure VNF Lifecycle management
• BMC/CIMC – Lights out (server) management
• Support for Software and Hardware RAID on 12”
chassis
• LTE modules can support Dying gasp support that
is available on NIMs.
• Remote recovery of system over LTE modules
• Ability for increasing switch port density with NIMs.
Superior Hardware Engineering Superior Operational Platform
27. Network Functions simply managed from VMS
Cisco and 3rd Party Virtual Network Functions (VNFs)
ISRv
High Performance
Rich Features
ASAv/FTD
Full DC-class Featured
Functionality
* vWAAS
Application Optimization
and Akamai Connect
vWLC
Built for small and medium
branches
LinuxWindows Server
Active Directory,
File Share,
Server Applications
Custom Applications
DNS/DHCP
3rd Party
Network Services
Management & Monitoring
Viptela vEdge
SD-WAN
High Performance
Rich Features
28. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Power in Software
NFVIS Software Stack managed simply from VMS
Linux
Platform
Drivers
Interface
Drivers
NFVIS
Virtualization Layer – Hypervisor & vSwitch
Orchestration
API
HTTPS
Plug-n-Play
Client
VMS
Plug-n-Play
Server
Console
/SSH
YANG
VMS
Service
APIs
CLI NETCONF REST
Health Monitor
VMS
managed
portals
29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKARC-2259 34
30. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMLifeCycle>Deploy
BRKARC-2259 35
31. • 2 built-in GE ports for WAN or LAN uplink
• RJ45 Copper or SFP connectivity (10/100/1000 Mbps)
• Auto-sensing mode. Usable in a active-standby configuration.
ENCS 5000 Dual-mode GE Ports
32. ENCS 5400 NIM Support
Managed simply by VMS
Category Description Availability on ENCS
WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN T1/E1 1, 2, 4 & 8 ports Now
Serial Asynchronous Serial: 16 & 24 ports Q1 CY18
WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M Q1 CY18
WAN Ethernet Dual-PHY: 1 & 2 ports Q1 CY18
LAN Ethernet Switches: 4 & 8 ports Q2 CY18
WAN Serial Synchronous Serial: 1, 2 & 4 ports Roadmap
Voice T1/E1, FXS, FXO Roadmap
33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• 4 VNFs Deployed
• PAN FW/IPS
• vEdge
• ISRv
• vWaaS
• 6 Supporting Networks
deployed
VMS Service Example
Virtual Branch
ENCS 5412
34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSO 3rd Party Integrations…managed simply by VMS
Open Platform with the Broadest Multi-vendor support, and Vendor Qualification
Network Services Orchestrator (NSO) - Over 100 Vendors Supported
Cisco Vendor Qualification Program
3rd Party VNFs
available through VMS
BRKARC-2259 40
35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSO 3rd Party Integrations…managed simply by VMS
Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products
VNF Lifecycle Mgt
Select VNF
(Fortinet)
Select Cloud
(SP or AWS or vBranch)
VNF Lifecycle Functions
Allocate VNF Resource
Locate / Boot Image
Load Day 0 Config
Monitor VNF / Analytics
VNF High Availability
Add / Delete VNFs
VNF Service Orchestration
VNF (or Device) Service Orchestration
Secure mgt connection
Create / Provision VNF Service
Monitor VNF Service
Collect Service Analytics
Add / Delete / Change Service
Multi-tenant, 1000’s of ServicesFortinet VNF boot
Fortinet VNF
provision
Monetize the
Service
Fortinet VNF
Service
Selection
1
3
2
BRKARC-2259 41
37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Self-healing
Network
Security
Policy
Analytics
Virtual Managed Services (VMS) Example
Service Creation Platform Components
Physical | Virtual | Data Center
Infrastructure
Orchestration | Automation
Network Abstraction
Consumer | Business | IoT | Many Markets
Cloud-based Services
Service Design | Service Assurance | Cloud Optimization
VMS Service Creation
BRKARC-2259 44
38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disruptive Technologies unlock new Services
Allowing Industry to Address new Market Opportunities
Efficiency through automation and
self-service fulfillment
Orchestration
Flexibility with the transformation of
solution architectures and operations
Network Functions
Virtualization
Agile service delivery via
cloud-enabled services and
management
Cloud Native
Dynamic market services via tight
application and network interaction
Software-Defined
Networking
Convergence of multiple disruptive technologies has created massive opportunity
Service
Orchestration
Cloud Managed
Services
NFVSDN
Virtual
Managed
Services
Router FW Web IPS
BRKARC-2259 45
39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Disruptive Technologies unlock new Services
Allowing Industry to Address new Market Opportunities
Orchestration
Network Functions
Virtualization
Cloud Native
Software-Defined
Networking
Virtual and Physical
devices,
Cisco and 3rd Party
VNF Lifecycle Mgt
and
Service Orchestration
Simple service models
and device models
(YANG, XML)
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
VNFs run in the Cloud
or
Virtual Branch (x86)
Runs in any cloud,
public or private
(VIM Independent)
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
Service Creation
capable, including
analytics & monitoring
REST APIs to
OSS/BSS for
billing and SLAs
Config Roll back,
Service Extensions,
100,000 Devices
Auto Rendered UI,
Tenant Self-Service,
Monetized offers
Network Elements
Drivers, Conf-D,
and CLI
Self-healing Networks,
Configuration Guard
Rails
VNF Certification of
Cisco and 3rd Party
VNFs
BRKARC-2259 46
40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why do SPs want VMS VNF/SDN Services?
Simplify service activation, management,
and assurance for 1000’s of devices/tenants
More cost effective WAN options with better
performance and greater capacity
Bring up new tenants and services in minutes
Simplify
service creation while
delivering better app
experiences over any
branch connection.
Cisco NFV/SDN made easy with Virtual Managed Services
Rapid Time to Market, Proven Scale and Security
“Cisco VMS is helping
us to deliver secure,
high-performance
virtualized services
with agility to our
clients.”
BRKARC-2259 47
45. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Integrated Services Virtual Router (ISRv)
• The Cisco® Integrated Services
Virtual Router (ISRv) is a virtual
form-factor Cisco IOS® XE
Software router that delivers
WAN gateway and network
services functions into virtual
environments.
• Using industry-leading Cisco
IOS XE Software networking
capabilities (the same features
present on Cisco 4000 Series
ISRs and ASR 1000 Series
physical routers)
Cisco ISRv Positioned as a Branch WAN Services Router
BRKARC-2259 52
46. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Typical Use Cases
for the Cisco ISRv
Cisco ISRv:
Highly Secure VPN Gateway
Cisco ISRv:
Traffic Control Point
BRKARC-2259 53
47. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Differences between the:
Cisco ISRv and Cisco CSR 1000v
ISRv
• The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.
• It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform
and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS
platforms.
CSR 1000v (Cloud Service Router)
• The Cisco CSR1000v does not have these capabilities.
• The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere,
Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).
The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity
BRKARC-2259 55
Cisco ENCS or UCS or Whitebox with NFVIS
49. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Adaptive Security Virtual Appliance (ASAv)
• This Security appliance
brings the power of ASA to
the virtual domain and
cloud environments.
• It runs the same software
as the physical ASA to
deliver proven security
functionality. You can use it
to protect virtual workloads
within your data center,
Public / Private Clouds, or
virtual branches.
http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html
BRKARC-2259 57
50. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ASAv:
Features,
Performance,
and Resource
Requirements
BRKARC-2259 58
52. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Foundational Functionality
Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities
Policy Enforcement Point
for ISE
FirePOWER Services
Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering
Application
Visibility and Control
Advanced Security services to help defend your network
Foundational Internet Security
Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities
Policy Enforcement Point
for ISE
Next-Gen Firewall Security
Subscription services that run on FTDv and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering
Application
Visibility and Control
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
BRKARC-2259 60
53. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
• Cisco Firepower NGFWv is available on VMware, KVM,
Amazon Web Services (AWS) and Microsoft Azure environments
for virtual, public, private, and hybrid cloud environments.
http://www.cisco.com/go/ngfw
BRKARC-2259 61
55. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco vWLC
Virtual Wireless LAN Controller
Virtual form-factor controller for any x86 server with VMware Hypervisor
ESXi 4.x or 5.x
• Supports up to 3000 access points and 32000 clients across 200 branches
• Supports 100 access points per branch
• Co-resides with other virtualized network services, including Cisco Identity Services
Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)
• Entry-level 802.11n, 802.11ac controller application for small to medium-sized
enterprises and branch offices
• Pay as you grow licensing starting at support for five access points
BRKARC-2259 63
56. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco vWLC: Virtual Wireless LAN Controller
BRKARC-2259 64
59. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67BRKARC-2259
VMS Template Development Environment
Rapidly Create a brand new Managed Service in minutes
Create, Edit, Export, and Publish new SP Managed Services in minutes
60. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68BRKARC-2259
VMS Template Development Environment
Rapidly Create a brand new Managed Service in minutes
There are (5) simple steps to create a new Service Template:
Step 1: Provide a Service Template name and description
Step 2: Upload the Service XML code representing the service config, and select analytics
Step 3: Create a Service Picture
Step 4: Define Service Parameters
Step 5: Select ENCS (vBranch) options to bundle with the template
Once the Template is created, you can simply publish the Template to VMS
for consumption with your customers
61. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69BRKARC-2259
Step 1: Describe the new Service Template
User role: SP Service architect or Service Designer
Create a Service Icon
Service Name
Optional Pricing
Service Description
62. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70BRKARC-2259
Step 2: Upload XML file and select Service Analytics
User role: SP Service architect or Service Designer
Upload the XML File that represents
the service config used in the new
template
Select Service KPIs
and analytics for the
new template
63. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71BRKARC-2259
Step 3: Create a simple Service Picture
User role: SP Service Architect or Service Designer
Drag objects from the
pallet to the Service
Pictogram
Label all objects as needed
Edit, move, delete objects
within the service design
as needed
64. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72BRKARC-2259
Step 4: Define the Service Parameters
User role: SP Service Architect or Service Designer
5 Service Parameters
were automatically
extracted from the XML
code file
Service architect defines
each Service parameter
Service architect
designs parameter input
screen
65. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73BRKARC-2259
Step 5: Select vBranch device options for the template
User role: SP Service Architect or Service Designer
Select small,
medium, or
large vBranch
devices to
bundle with the
new service
template
66. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74BRKARC-2259
Publish the new Service to VMS
User role: SP Service Architect or Service Designer
Select your template
and publish it to VMS
for tenant
consumption
Publish service, topology,
and template to NSO and
the VMS platform with the
click of a button
67. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75BRKARC-2259
New Service is now available in VMS
User role: SP Service Architect or Service Designer
VMS Operator portal
includes the new
service template
Select which customers
have access to the new
Service template
69. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMS Cloud VPN Service Package
Internet
Access
L3 InterfaceCSRv
Cloud
Router
IPSec
VPN
WSAv
Web
Security
Enterprise
Remote
Access VPN
Users
Service Provider Cloud
Branch 1
Branch 2
AWS Branch
Headquarters
Managed
CPE
ASAv
Firewall
Security
Internet
Cloud Services made easy with
Virtual Network Functions:
• VPNs and Routing
• Web Security
• Internet Firewall
CSRv
BRKARC-2259 77
70. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Firepower NGFW Cloud Security Service Use Case
Internet
Access
L3 InterfaceCSRv
Cloud Services
Router
Services
IPSec VPN
Firewall
BGP
Branch 1
Branch 2
Branch 3
IPSec
VPN
NGFW
Firepower
Services
Intrusion Protection (IPS)
Application Visibility Control (AVC)
Geographic IP Control
Advanced Malware Protection (AMP)
URL Filtering
Internet Firewall
Remote Access VPN
FMC
Firepower
Management Center
Services
Multi-tenant Sensor Mgt
Per Tenant Threat Reporting
Enterprise
Internet
Remote Access
VPN
Service Provider
CloudHeadquarters
Managed
CPE
Managed
CPE
Managed
CPE
Managed
CPE
BRKARC-2259 78
72. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Better Together: Providing Better Outcomes
Leading Routing &
SD-WAN Platforms
Goal: Building next generation SD-WAN solutions
Together, helping businesses and IT to innovate faster, securing and delivering
better customer outcomes, while reducing costs and lowering risk
Cloud-managed &
Feature-rich SD-WAN
73. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
100+ Global Enterprise Customers Across Verticals
ManufacturingMANUFACTURING
TechnologyTECHNOLOGYRetail RETAIL Other IndustriesOTHER INDUSTRIES
FinServ FINSERV Healthcare / PharmaHEALTHCARE / PHARMA
74. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Viptela Integration Plan
Phase 2 (9-12 mo)
Platform Integration
Phase 1
No Integration
Phase 3 (12-mo +)
Management Integration
Platform:
• As-is
Management:
• vManage
Platform:
• vEdge capabilities integrated into all IOS-XE
platforms (ISR, CSR, ENCS, ASR1K)
Management:
• vManage for SD-WAN capabilities on IOS-XE
Management:
• Cloud hosted DNA Center-SP integrates
vManage capabilities
• Full DNA Center-SP capabilities (Assurance,
Integrated workflows for SD-Access and
SD-WAN)
Support and Scale the current
sales motion
Viptela SD-WAN on strategic
ISR platform
Deliver end-to-end experience
with full DNA & DNA-SP
integration
DeploymentScenariosBenefitsDetails
vEdge ISR4K + vEdge SW
DNA Center
+ SD-WAN
ISR4K + vEdge SW
vManage
vEdge
vManage
vEdge
75. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Viptela Secure Extensible Network
Data Center Campus Branch Home Office
Control Plane
(Containers or VMs)
Data Plane
(Physical or Virtual)
Management Plane
(Multi-tenant or Dedicated)
Orchestration Plane
vManage
vSmart
vBond
vEdge
vOrchestrator
API
4GINTERNET MPLS
CONTROL
ANALYTICS ORCHESTRATION
MANAGEMENT
Cloud
76. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplified Management and Operations
Single Pane Of Glass Operations Rich Analytics
77. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge 1000
vEdge-1000 and vEdge-2000 Routers
1 Gbps AES-256
1RU, standard rack mountable
8x GE SFP (10/100/1000)
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual Power supplies (external)
Low power consumption
vEdge 2000
10 Gbps AES-256
1RU, standard rack mountable
4x Fixed GE SFP (10/100/1000)
2 Pluggable Interface Modules
8 x 1GE SFP (10/100/1000)
2 x 10GE SFP+
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual power supplies (internal)
Redundant fans
78. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge-100 Routers
100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS
100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
802.11a/b/g/n/ac
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS
vEdge 100m vEdge 100mw
100 Mbps AES-256
5x 1000Base-T
TPM chip
Security, QoS
External AC PS
Kensington lock
Fan-less
9” x 1.75” x 5.5”
GPS
vEdge 100
79. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Extending Viptela with VMS
Viptela
Customer Sites
(vEdge)
Viptela
vEdge
ASAv
FTDv
3rd Party
VNFs
SP OSS/BSS
vSmart & vBond
vManage
Security and Cloud Services
SP
Services
SP Data Center
VMS vBranch (ENCS)
Public Cloud
Cloud
Services
Internet
Hosted Collaboration,
Security, Storage…
Interconnects with
installed Networks
4GINTERNET MPLS
2
3
4
5
VMS
Tenant 4
vEdge
Viptela SD-WAN
Controllers
VMS
VMS
Tenant 1
VMS
Tenant 2
VMS
Tenant 3
1
1 VMS Multi-tenancy, Viptela Controller on-boarding
2 Public Cloud, VMS on-boarding Viptela service
3 VMS vBranch support, Viptela vEdge VNFs
4 VMS Cloud based Service Extensions
5 VMS Service Interconnects, installed networks
6 VMS OSS/BSS APIs (VMS micro-service)
6
SP Data Center
Viptela
SD-WAN Fabric
81. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
5
4
3
2
1
VMS CPE Onboarding
Zero Touch Provisioning using Cloud Plug and Play (PnP) server
Secure management tunnels using Network Service Orchestrator (NSO)
MPLS
Router
INET
RouterVMS in a
Service Provider
Datacenter
Customer WAN Hub Site
Branch
CPE #15
Onboard new branch CPE to NSO with specific identifier
(Serial #) and wait for CPE to be booted
CPE calls home using HTTPS (with Crypto/Cert) to the
VMS PnP Server. CPE Identity based on CPE Serial #
PnP Delivers CPE Day 0 config including Mgt Keys
to form secure FlexVPN Mgt Tunnel (IKEv2)
Secure FlexVPN Mgt Tunnel is created for subsequent
CPE configurations, analytics, and monitoring
NSO sends tenant configuration to the CPE device
NSO creates VPN Tunnels between CPE and
Hub devices and completes service activation
VPN
MPLS
VPN
INET
PnP
Server
VMS
Mgt Hub
2
3
4
5
5
6 6
NSO1
CPE #15
BRKARC-2259 89
83. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ESC Smart Licensing
• VNF Licensing is another core task in virtualized environments that typically
requires manual processes to activate the VNF license.
• Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.
• With Smart Licensing, instead of having to manually activate licenses for each
virtual machine, the virtual machine registers itself with a centralized licensing
server on boot-up, tracks how the resource is used, and bills on a consumption
basis.
• This setup provides important flexibility for elastic environments, allowing you to
expand and contract as needed, in a completely automated fashion, while
paying only for the resources you actually consume.
BRKARC-2259 91
84. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Smart Licensing Example – More Flexible with PAYG
• Cisco Smart Software Licensing
makes it easier to buy, deploy,
track, and renew Cisco licenses.
• Simpler purchase and activation of
the VM, Pay-as-you-grow (PAYG)
• Easier license management and
reporting of virtual appliances
due to license pooling
• Automatic license activation when
the virtual appliance is provisioned
• Customers can view product
entitlements and services in the
Cisco Smart Software Manager.
BRKARC-2259 92
86. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
REST APIs and Software Development Kits
Simple to use, simple to create new SP Services
• All VMS Services are
configurable via
REST APIs
• New Services can be
created through the
Software Development
Kit (SDK)
BRKARC-2259 94