Cisco Knowledge Network Presents: Virtual Managed Services The Profitable Path to NFV and SDN Peter Wells, Sr. Director, Global Service Provider Segment Andrew Vaz, Sr. Director, Product Management, Service Provider Solutions June 8, 2016
Three Key Takeaways 1 2 3 Similar to compute moving to cloud, networking is virtualizing and moving to the (SP) cloud Capturing this transition is a top priority for nearly all service providers: Lower CAPEX, OPEX, truck rolls, & agility; Portal-based sales to SMB and Enterprises The market is moving to IP as a primary WAN technology: Cloud traffic driving the need for hybrid WANs and new internetbased services from service providers 2
Cloud Forcing a Rethink of the WAN (and CPE) SaaS, Hybrid Cloud, Private Cloud Pricing vs. Reliability, 1998-2012 50% 33% 58% of CIOs Expect to Operate via the Cloud by 2015 Of Enterprise Applications are Delivered from outside the enterprise Of Enterprise IT Branch Budgets are Spent on WAN! Transit Pricing 1 ($ per MBps) - Transit Pricing - Packet delivery % (1-Packet Loss%) Packet delivery % 2 (DIA) now considered a viable alternative for enterprise networking Significant WAN traffic now destined outside the Enterprise yet backhauled to centralized internet PoPs via costly MPLS 3
Today s Enterprise WAN Architecture Dual Layer 3 VPN Corporate Data Center Branch Active MPLS (IP-VPN) Private Cloud Back-up MPLS (IP-VPN) Virtual Private Cloud Public Cloud General 4
New Enterprise WAN Architecture Hybrid WAN ( SD-WAN ) Corporate Data Center Branch Active MPLS (IP-VPN) Private Cloud Active Virtual Private Cloud Public Cloud General 5
New Enterprise WAN Architecture ISE Step 1: Hybrid WAN Keep security status quo Stateful firewall IDS / IPS Web Security Antivirus DNS logging URL Black listing URL logging Netflow Collection Full Packet Capture Web Proxy logging Corporate Data Center Branch MPLS (IP-VPN) Private Cloud Virtual Private Cloud Public Cloud General 6
New Enterprise WAN Architecture Cisco IWAN Solution Corporate Data Center Branch MPLS (IP-VPN) Private Cloud - Enterprise CPE hubs: DMVPN - PfR routes on performance - AVC for traffic policy - WaaS for app acceleration (DMVPN) Virtual Private Cloud Challenges - Complex solution need for automation - Need for cloud management and a smart UI need for portal Public Cloud General 7
New Enterprise WAN Architecture Cisco IWAN Solution with SP Cloud Management Corporate Data Center Branch MPLS (IP-VPN) Private Cloud - Enterprise CPE hubs: DMVPN - PfR routes on performance - AVC for traffic policy - WaaS for app acceleration (DMVPN) Virtual Private Cloud SP Solution - vms platform for virtualization, SDN, and cross domain management - Q3 2016 launch delivers IWAN automation and visualization Public Cloud General 8
Our Vision Service Provider Cloud SP Apps and Services 3 rd party VNFs vutm 3 rd party Apps vrouter Email sec Web proxy svc Cisco SPARK e.g. Enterprise SMB Cisco Applications 9 & VNFs
CPE / vcpe Landscape One size doesn t fit all! Cloud delivered Premise delivered Network Functions on CPE L3 Classic Virtualized Network Functions in the Cloud Routing Encryption Load balancing L3 CPE + Embedded x86 L3 CPE + Cloud Managed X86 on Premise (ucpe / vbranch) FW L2 CPE IDS/IPS Web Security L3 Classic L3 CPE + Embedded x86 L3 CPE + Cloud Managed X86 on Premise L2 CPE (vbranch) 10
New Enterprise WAN Architecture Step 1: Hybrid WAN Keep security status quo Stateful firewall IDS / IPS Web Security ISE Antivirus DNS logging URL Black listing URL logging Netflow Collection Full Packet Capture Web Proxy logging Corporate Data Center Branch MPLS (IP-VPN) Private Cloud Virtual Private Cloud Public Cloud General 11
Future Enterprise WAN Architecture Step 2: Lower Latency, Lower Cost WAN, New Approach to Security Branch MPLS (IP-VPN) Private Cloud Stateful firewall IDS / IPS Web Security ISE Antivirus DNS logging URL Black listing URL logging Netflow Collection Full Packet Capture Web Proxy logging? Virtual Private Cloud Public Cloud General 12
Reducing WAN Costs The Cisco-on-Cisco Use Case e.g. Cisco: 16 IPoPs serving ~450 branch offices Stateful firewall IDS / IPS Web Security ISE Antivirus DNS logging URL Black listing URL logging Netflow Collection Full Packet Capture Web Proxy logging? Corporate Data Center MPLS (IP-VPN) Private Cloud Virtual Private Cloud Public Cloud 13
Reducing WAN Costs The Cisco-on-Cisco Use Case Stateful firewall IDS / IPS Web Security ISE Antivirus DNS logging URL Black listing URL logging Netflow Collection Full Packet Capture Web Proxy logging Corporate Data Center MPLS (IP-VPN) ASA SourceFire AV WSA DDOS NAM SIEM Netflow Collection 14
5-Year IWAN TCO Enterprise Comparison Use Case: 200 Branches WAN costs B + Network security costs = Total costs 15
5-Year TCO Enterprise Comparison Use Case: 200 Branches 16
Cisco VMS is the Profitable Path to NFV / SDN Delivering automation and virtualization for service agility VMS Platform Branch vcpe Cloud PoP SP Data Center Public Cloud Virtual Private Cloud 17
Cisco Virtual Managed Services Next-Generation Service Platform Cisco VMS 18
Service Provider Business Facing its Own Transition Battle for Apps Efficiently and Quickly Deliver New Managed Services Delivering Secure and Flexible Hybrid Cloud Management Connecting Explosion of Devices to the Network Fulfilling Security and Data Sovereignty Requirements 4/5 s of workloads moved to cloud by 2019 78% of enterprises pursuing multi-cloud strategy Over 507.5 ZB of data per year by 2019 via IOT $18B new telco opportunity with 75% enterprises interested Cisco GCI, VNI, MOI STL Partners 2016 Study 19
Industry Trends are Creating Incredible Market Opportunities Service Orchestration Orchestration Efficiency with automation & self-service fulfillment Network Functions Virtualization SDN Virtual Managed Services NFV Flexibility due to transformation of solution architectures & operations Cloud Agile service delivery via cloud-enabled solutions Cloud Managed Services Software Defined Networking Dynamic market services via tight application & network interaction Convergence of multiple disruptive technologies has created massive market opportunity 20
VMS Vision & Market Focus SP Cloud Consortium Cloud Xxxx Cloud AWS, MS Azure For Service Providers who need a simple, agile, & secure means of connecting Enterprises & SMBs to a rich catalog of value added business (& IOT) services, VMS is the answer. Fixed Wired line Large Company Fixed Wired Line SMB Company SP VMS Vision Multi store Mobile line LTE LTE LTE LTE Event LTE IoT(M2M) Cisco VMS is a flexible platform that provisions & operates both Cisco and non- Cisco physical & virtual functions. Example SP VMS Targets 1 Enterprise Managed Business Services (Initial VMS Focus: IWAN, VBRANCH, CVPN) Unlike the current limited-scope offerings in today s market, VMS, built on Cisco s strong brand and industry leading IT portfolio, enables Service Providers to rapidly create & monetize next-generation business services. 2 3 Small Medium Business Services (ie: SMB-UTM) IOT Managed Services (ie: M2M, per Enterprise Vertical Services) 21
VMS - Service Provider Benefits Web-based Service Interface automates service ordering AND activation Enterprise-grade Network & Security Services extended to multiple markets 78% Lower OPEX 010100100 010100100 Plug & Play Install reduces or eliminates truck rolls Source: ACG Research: Business Case for Virtual Managed Services Sept 2014 Automated Service Lifecycle Management dramatically reduces operating costs 200% Improved ROI 22
Cisco VMS Progress to Date June 2016 VMS Services Customers VMS Platform CLOUD VPN Site-to-Site IPsec VPN Firewall Web Security Remote Access DT Deployments of CloudVPN: Croatia, Hungary, Slovakia, Plus more underway Telstra Deployment of CloudVPN: Australia (runs on CIS) Orchestration (NSO) Lifecycle Mgmt (ESC) Controllers Data Platform Data Collection & Metrics Engine Integration Layer APIs User Interface (optional) 23 CISCO CONFIDENTIAL SHARED UNDER NDA ONLY
Cisco VMS Roadmap CloudVPN with vce Q3CY16 Cloud Managed IWAN Q3CY16 Cloud Managed vbranch 1HCY17 (Target) Secure convergence of tenant IPSec & MPLS network. MPLS sites also gain added Managed Security benefits. DMVPN cloud orchestrated transport between enterprise hub and branches Distributed virtualized branch platform and orchestration for ENCS 54xx, ISR4K+UCS-E, UCS-C New VMS Service Packages SMB/UTM: Comprehensive Small/Medium Business offer with Unified Threat Management and more. On-going development IVPN: Next generation L2 and L3 VPN architecture. FTD: Firepower Threat Defense, Enterprise class Unified Threat Management Cisco VMS Platform Evolution Modularization of VMS System (2HCY16) Modular, API-driven, open evolution of the Cisco VMS platform to enable rapid new service development & integration agility 2016 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
VMS CloudVPN Secure, cloud-based Hub-and-spoke inter-office connectivity with remote access providing additional security packages including web security, firewall SP CloudVPN needs / problems: Enhance agility and deploy new services Lower hardware provisioning expenses Minimize the need for hardware upgrades Offer service catalog with latest security technologies and services Elasticity for service scaling CloudVPN solution: Secure site-to-site VPN connection between customers sites using IPsec tunnels over. Secure Connectivity options Constant Intelligent Security through Firewall and web security options AnyConnect Remote Access VPN capabilities Advanced Web Security with real-time Advanced Malware Protection (AMP) Business Benefits Enhances agility to deploy new services Operational efficiency with Zero touch deployment and automated provisioning Enable business to comply with regulatory requirements with strong encryption of data in motion Enable Zero touch provisioning tenants self or SP managed solution. Installation and deployment simplicity Branch Branch CPE ISR 800, 1900, 2900, 3900, 4000 Series VPN Managed WAN Managed Security CloudVPN (IPSec) vrouter (CSR1Kv) Intrusion Preventio n (IPSv) Web Security (WSAv) Firewall (ASAv) Remote Access 25 CISCO CONFIDENTIAL SHARED UNDER NDA ONLY
VMS Cloud VPN with vce L2vCE provides secure convergence of tenant s IPsec & MPLS network sites. MPLS sites also gain added Managed Security benefits. SP vce needs: Expand CloudVPN service to support customers on MPLS network. Maintain MPLS network integrity and security, as well as SP domain separation. Ability to offer network integration of customer branch offices across CloudVPN and MPLS Networks SP vce solution: Existing CloudVPN Service terminates IPSec on vrouter Terminate MPLS network at SP MPLS PE.1Q Trunk transports Private (terminated MPLS) and Public tenant (IPsec) VLANs. vrouter has route information for tenant IPsec and MPLS sites Business Benefits Enhances agility to deploy new services. Simplified integration of Cloud Services for and MPLS network customers. Enable business to comply with regulatory requirements with strong encryption of data in motion. Branch Branch Branch Branch CPE ISR 800, 1900, 2900, 3900, 4000 Series MPLS VPN Network VPN Managed WAN Managed Security CloudVPN (IPSec) Other Networks vrouter (CSR1Kv).1Q VLANs Intrusion Prevention (IPSv) SP Managed Network Web Security (WSAv) Firewal l (ASAv) Remote Access 26 CISCO CONFIDENTIAL SHARED UNDER NDA ONLY
VMS IWAN A DMVPN cloud per transport between branch and enterprise hub All security implemented at hub before going out to Visibility, control and optimization (AVC) Intelligent Path Allocation Network Diversity Public Cloud Reduced Access Costs Virtual Private Cloud Branch ISR4K ISR branch today Evolving to Virtual Branch Inet and MPLS DMVPN MPLS Private Cloud 27
vbranch Solution Overview and Benefits Solution to deploy feature-rich services in the branch environment using virtualization technology WAN opt (WAASv) Firewall (ASAv) vbranch @ Enterprise Branch Office ENCS w/ NFVIS vrouter ISRv SP Infrastructure VMS vbranch Management platform MPLS VPN (MPLS) Enterprise Headquarters vbranch solution benefits:! Services run virtualized in branch eliminates additional HW for new services, easily enabling new SP revenue opportunities! Operational efficiency by zero touch deployment & automated provisioning - minimizing truck-rolls! No change for current branch service delivery model - Service capability remains in the branch! Enables tenant self-managed or SP managed operations! Suited to overlay VPNs MPLS, IWAN, IVPN! Enables SW based value-added services besides VNFs 28
Cisco VMS Platform Evolution UI Framework Platform Customizations CloudVPN NSO ESC IWAN - VBRANCH NSO ESC MSEG - CloudVPN NSO ESC VMS NG Platform: API VMS Driven 1.x Design & 2.x Platforms: each layer A single bundle of usecase(s) Package and platform Library in Reusable & Function one releasable Packs software Modular package Component Design for proper sub-component evolution Non-modular code with Platform low for reusability Simultaneous Use-Case Delivery to end customers Mainly packaged service builds CAT INV OPER N Service Integration Framework BSS OSS Monitor Manage Consume N Service APIs CloudVPN Platform Integration Framework (API Core Normalization) Service APIs N Service Package Package Library Function Packs Orchestration Platform Service Life Cycle Manager Network Services Orchestrator Platform Integrations DP APIs Data Platform (Producer / Storage) Skyfall SA Skyfall SA Skyfall SA Virtual Machine Life Cycle Manager 29
Use Case Overlay; Service Packs UI Framework CAT INV OPER Service Integration Framework (Business Logic) BSS OSS Monitor Manage Platform Customizations Platform Integrations API + = Contract Function Use Case To be overlaid on the platform Platform Integration Framework (API Core Normalization) UI Service APIs Function Pack Function Packs DP APIs Micro Service Service APIs Orchestration Platform Function Pack Package Library Service Life Cycle Manager Network Services Orchestrator Data Platform (Producer/Storage) Monitoring Extension Virtual Machine Life Cycle Manager 30
Cisco VMS 2017 Future Considerations Continue to drive Cisco VNF Library into the market Continued development of CloudVPN, IWAN and vbranch Introduce CloudFirewall, ivpn, UTM, SMB Offer Enable open development on VMS Platform CloudFirewall ivpn UTM SMB Offer Cloud-based firewall. Customer configurable. Next generation L2 and L3 VPN architecture. Enterprise grade, global scale. Service Package content is based on committed development only Enterprise class Unified Threat Management. Comprehensive Small/Medium Business offer. Security, Collaboration, and more 31
Thank you for attending today! For more information, please visit: http://cisco.com/go/vms