Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Deliver at no compromises SD-WAN today
Can your WAN Keep Up?
Robert McGuckin, Systems Engineer
IPExpo Manchester 2019
• WAN Challenges
• Introduction to Cisco SD-WAN
• Cisco SD-WAN Security
• Cisco SD-WAN Portfolio and Licensing
• Why Cisco SD-WAN?
• What to do next?
Deliver at no compromises SD-WAN today
Can your WAN Keep Up?
Robert McGuckin, Systems Engineer
IPExpo Manchester 1029
The way we work has changed
WAN
Mobile Users
Campus & Branch Users
Devices & Things
PSOEN-2400
Applications moved to not one cloud, but many
Mobile Users
Campus & Branch Users
Devices & Things
WAN
DC/Private Cloud
SaaS
IaaS
PSOEN-2400
Campus
X2-5
Branches X100+
Mobile
Users
X1000s
Resulting in a highly complex and dynamic network
DC/Private Cloud
SaaS
IaaS
Internet connectivity becomes
business critical
PSOEN-2400
Campus
X2-5
Branches X100+
Mobile
Users
X1000s
DC/Private Cloud
SaaS
IaaS
The New Cloud EdgeEvery WAN device must be software defined and secure
Cloud Edge
PSOEN-2400
Campus
X2-5
Branches X100+
Mobile
Users
X1000s
DC/Private Cloud
SaaS
IaaS
The New Cloud EdgeEvery WAN device must be software defined and secure
Cloud Edge
Networking
Cloud
Security
PSOEN-2400
Campus
X2-5
Branches X100+
Mobile
Users
X1000s
DC/Private Cloud
SaaS
IaaS
The New Cloud EdgeEvery WAN device must be software defined and secure
Cloud Edge
Inconsistent user experience
Increasing complexity
Greater risk exposure
PSOEN-2400
The Hardware Based WAN of Yesterday Doesn’t Keep up with the Needs of Today
Branch
Branch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
The Hardware Based WAN of Yesterday Doesn’t Keep up with the Needs of Today
Branch
Branch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
The Hardware Based WAN of Yesterday Doesn’t Keep up with the Needs of Today
Cloud Providers
Branch
Cloud Applications
Branch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
The Hardware Based WAN of Yesterday Doesn’t Keep up with the Needs of Today
Cloud Providers
Branch
Cloud Applications
Branch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
InternetInternet
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
4G/LTE
MPLS
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
InternetInternet
Cloud ProvidersCloud Applications
BranchBranch
Branch
Branch
Branch
Branch
Data Center/HQ
4G/LTE
MPLS
PSOEN-2400
Cisco SD-WAN: Software ApproachReady for today’s WAN needs
InternetInternet
Cloud ProvidersCloud ApplicationsData Center/HQ
vEdge
vEdge
vEdge
ISR 4000ENCS
4G/LTE
MPLS
ISR 1100
PSOEN-2400
ASR 1000
vEdge Cloud /
CSR 1000v
Introduction to Cisco SD-WAN
Cisco vManageTransport
Independence
Data CenterCampus/
Branch
IaaS/
SaaS
End-point
flexibilityColocation
Network
ServicesFirewall/IPS/
URL Filtering
WAN
Optimization
Cloud
Security
Orchestration | Analytics | API’s
Cisco SD-WAN cloud first architecture
SD-WAN Fabric
InternetLTE
MPLS
PSOEN-2400
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN Solution PhilosophyMost Comprehensive Solution on the Market
Transport Independent Fabric
CellularMPLSBroadband
Delivery Platform
QoS
Application Policies
Security
Per-Segment
Topologies
Segmentation Svc Insertion
Cloud
Path
Application
SLA
Secure
Perimeter
Traffic
Engineering
SurvivabilityRouting
Analytics
Monitoring
Operations
Transport
Hub
Multicast
Cloud
Accel
APIs
3rd Party
Automation
vManage
4GMPLS
INTERNET
Data Center CoLo Campus BranchCloud
WAN Edge
vBond & vSmart Controllers
WAN Edge = Cisco ISRs or vEdge
PSOEN-2400
Cisco SD-WAN Key Components
APIs
3rd Party
Automation
vManage
4GMPLS
INTERNET
Data Center CoLo Campus BranchCloud
WAN Edge
Data Plane
• Physical of Virtual
• Zero Touch Provisioning
• On-Premise or Cloud
vBond & vSmart Controllers
MultiCloud
OnRamp
Application
QoE
Security
(+Cloud)
WAN Edge = Cisco ISRs or vEdge
PSOEN-2400
Cisco SD-WAN Key Components
APIs
3rd Party
Automation
vManage
4GMPLS
INTERNET
Data Center CoLo Campus BranchCloud
WAN Edge
• SDN Architecture
• Routing and Security Distribution
• Horizontal Scale, Low Complexity
Control Plane
Data Plane
• Physical of Virtual
• Zero Touch Provisioning
• On-Premise or Cloud
vBond & vSmart Controllers
MultiCloud
OnRamp
Application
QoE
Security
(+Cloud)
WAN Edge = Cisco ISRs or vEdge
PSOEN-2400
Cisco SD-WAN Key Components
APIs
3rd Party
Automation
vManage
4GMPLS
INTERNET
Data Center CoLo Campus BranchCloud
WAN Edge
• SDN Architecture
• Routing and Security Distribution
• Horizontal Scale, Low Complexity
Control Plane
Data Plane
• Physical of Virtual
• Zero Touch Provisioning
• On-Premise or Cloud
• Single pane of glass
• Monitoring and Troubleshooting
• RBAC and APIs
Management Plane
vBond & vSmart Controllers
MultiCloud
OnRamp
Application
QoE
Security
(+Cloud)
WAN Edge = Cisco ISRs or vEdge
PSOEN-2400
Cisco SD-WAN Key Components
APIs
3rd Party
Automation
vManage
4GMPLS
INTERNET
Data Center CoLo Campus BranchCloud
WAN Edge
• SDN Architecture
• Routing and Security Distribution
• Horizontal Scale, Low Complexity
Control Plane
Data Plane
• Physical of Virtual
• Zero Touch Provisioning
• On-Premise or Cloud
vAnalytics• Single pane of glass
• Monitoring and Troubleshooting
• RBAC and APIs
Management Plane Analytics
• Machine Learning
• Carrier Performance
• Bandwidth Forecasting
vBond & vSmart Controllers
MultiCloud
OnRamp
Application
QoE
Security
(+Cloud)
WAN Edge = Cisco ISRs or vEdge
PSOEN-2400
Cisco SD-WAN Key Components
Cisco SD-WAN Security
4GMPLS
INTERNE
T
SD-WAN exposes new security challenges
Outside-in threats
Exposed connections as traffic is no
longer backhauled to the
data center
Internal threats
Traffic throughout the fabric must be
secure from threats, segmented,
and private
Inside-out threats
Threats inside the network
inevitably lead to inside-out traffic to
malicious infrastructures
Branch
Corporate
Software
Critical
Infrastructure
Data
Center
Data
Cen
ter E
dg
e
SaaS
Internet
Cloud Edge
IoT Mobile
devices
Users
(guests)
WA
N E
dg
e
Remote
Devices Users
IaaS
PSOEN-2400
vBond & vSmart Controllers
SD-WAN Fabric
Challenges balancing security and user experience
BranchData Center
SaaS/IaaS/
Private Cloud
Cloud
SecurityFirewall/IPS UTM
Pro: Security is simple
Con: Poor user experience
1. Continue Backhauling
PSOEN-2400
Challenges balancing security and user experience
BranchData Center
SaaS/IaaS/
Private Cloud
Cloud
SecurityFirewall/IPS UTM
Pro: Security is simple
Con: Poor user experience
1. Continue Backhauling
Pro: Improves user experience
Con: Limited control
2. DIA via Cloud Security
PSOEN-2400
Challenges balancing security and user experience
BranchData Center
SaaS/IaaS/
Private Cloud
Cloud
SecurityFirewall/IPS UTM
Pro: Security is simple
Con: Poor user experience
1. Continue Backhauling
Pro: Improves user experience
Con: Limited control
2. DIA via Cloud Security
Pro: Improves user experience
Con: Complex to manage
3. DIA via UTM
PSOEN-2400
Challenges balancing security and user experience
BranchData Center
SaaS/IaaS/
Private Cloud
Cloud
SecurityFirewall/IPS UTM
Pro: Security is simple
Con: Poor user experience
1. Continue Backhauling
Pro: Improves user experience
Con: Limited control
2. DIA via Cloud Security
Pro: Improves user experience
Con: Complex to manage
3. DIA via UTM
Pro: Efficient traffic flows for experience
Con: Difficult to maintain policy
4. Security Everywhere
PSOEN-2400
Combining best of breed in security and SD-WAN
Enterprise Firewall+1400 layer 7 apps classified
Intrusion Protection SystemMost widely deployed IPS engine in
the world
URL-FilteringWeb reputation score using 82+ web
categories
Simplified Cloud SecurityEasy Deployment for Cisco Umbrella
Cisco SD-WAN
Cisco
Security
Hours instead of weeks and months
PSOEN-2400
Cisco SD-WAN Portfolio
Cisco SD-WAN Edge Platform Options
ISR 1000 ISR 4000 ASR 1000
• 2.5-200Gbps
• High-performance
service w/hardware
assist
• Hardware & software
redundancy
• Up to 2 Gbps
• Modular
• Integrated service
containers
• Compute with UCS E
• 200 Mbps
• Next-gen connectivity
• Performance flexibility
Branch Services
Public Cloud
vEdge 2000
• 10 Gbps
• Modular
vEdge 1000
• Up to 1 Gbps
• Fixed
vEdge 100
• 100 Mbps
• 4G LTE & Wireless
vEdge Appliances
Virtualization
ENCS 5100 ENCS 5400
• Up to 250Mbps • 250Mbps – 2GB
vEdge 5000
• ~30 Gbps
• Modular
vEdge Cloud / CSR1000vISRv
PSOEN-2400
Cisco SD-WAN Licensing
Routing Offer Details
Policy Based Automation
Cisco DNA Essentials
Cisco DNA Advantage
Cisco DNA Premier
Analytics and Assurance
• Network ---optimization analytics
• Application trending and forecasting
Secure Connectivity
• Unlimited segmentation
• SD-WAN and advanced WAN
topologies
• Limited segmentation
• Cloud connectivity
• All types of connectivity
• Secure VPN overlay
• L3-L4 firewall, App Aware FW
• IPS/IDS with Talos Signatures
• URL-Filtering
• Basic application visibility
• On-prem or cloud managed
• Zero touch deployment
• Branch virtualization with Cisco VNF
orchestration
• Day 0 and Day 2 provisioning
• Lifecycle management
Centralized Management
• Advanced network and application
visibility
• WAN Optimization
• Application aware policies using
path control, bandwidth optimization
• Cloud OnRamp
• Forwarding Error Correction
• Contextual insights with assurance
• Encrypted traffic analytics
PSOEN-2400
Subscription
TiersTerm Bandwidth
Term
flexibility: 3/5
years
Bandwidth
choice :
10M- 10G
Cisco DNA
Essentials to
Advantage and
Premier tiers
WAN Solutions that Grows with Your Business
PSOEN-2400
Why Cisco SD-WAN?
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
1Cloud delivered WAN with
operational simplicity & analytics
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
1Cloud delivered WAN with
operational simplicity & analytics
2Superior security architecture –
cloud based & on-prem
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
1Cloud delivered WAN with
operational simplicity & analytics
2Superior security architecture –
cloud based & on-prem
3 Application QOE
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
1Cloud delivered WAN with
operational simplicity & analytics4 End-point flexibility:
• Physical or virtual
• Rich services or lite
• Branch, Agg, Cloud
2Superior security architecture –
cloud based & on-prem
3 Application QOE
Cisco SD-WAN Value Proposition
PSOEN-2400
Apps
SD-WANCloud
Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
0 Transport Independent
WAN Fabric
1Cloud delivered WAN with
operational simplicity & analytics4 End-point flexibility:
• Physical or virtual
• Rich services or lite
• Branch, Agg, Cloud
2Superior security architecture –
cloud based & on-prem
3 Application QOE
5
Cisco SD-WAN Value Proposition
PSOEN-2400
For YourReferenceProven Solution Across Many Verticals
Customer Industry Challenge Solution
Retail High cost, slow change, limited flexibility 60-70% cheaper broadband at high bandwidth, centralized control, full visibility.
FinancialNeeded more bandwidth and guaranteed network uptime for a
new teller application
Dollar cost averaged the bandwidth cost down using a mix of transport (MPLS, Broadband,
LTE). Traffic now uses the optimal network path to avoid downtime and slowdowns.
Tech
Slow performance and MPLS outages provided an expensive
and poor user experience
Monthly savings reduced the cost per Mbps by more than 80%. Diverse circuits improve
the reliability of the global network, with more than half of Agilent’s sites doubling WAN
redundancy.
Healthcare
With an MPLS contract renewal approaching, Cigna wanted the
flexibility to change carriers without a massive technology
shift
Gained back control of its control plane and created the Cigna Service Provider Agnostic
Network.
Healthcare Security and high network cost
Satisfied strict security and audit requirements and provided greater flexibility for
partnerships and secure clinical solutions. Cost reductions with the removal of remote site
voice equipment and expensive PRIs, aging WAN acceleration equipment and maintenance.
Energy
Scale to support evolving field operations, and support cloud
and support cloud migration and application SLAs
SLAs
Provided 30-60% savings in overall bandwidth costs. Enabled faster response to
faster response to acquisitions, divestitures and policy changes.
Learn More
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stand No P500
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank You