cisco sd-wan - ibm...cisco enterprise service automation (esa) on dna-center network services...

March 2018

Intent-based networking for the branch and WANCisco SD-WAN

PSS EN Spain

Carlos Infante

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

0

20

40

60

80

100

120

Aug-1

2

Oct-

12

Dec-1

2

Feb

-13

Apr-

13

Jun

-13

Aug-1

3

Oct-

13

Dec-1

3

Feb

-14

Apr-

14

Jun

-14

Aug-1

4

Oct-

14

De

c-1

4

Feb

-15

Apr-

15

Jun

-15

Aug-1

5

Oct-

15

Dec-1

5

Feb

-16

Apr-

16

Jun

-16

Aug-1

6

Oct-

16

Dec-1

6

Feb

-17

Apr-

17

Jun

-17

SD-WAN

Source: Google, SD-WAN searches 5yrs ending August 2017

Google Trends

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Unprecedented demands on the network

Digital Disruption

Lack of Business

and IT Insights

63 million new devices online every second by 20201

Complexity

Slow and Error Prone

Operations

3X spend on network operations vs network2

Security

Unconstrained

Attack Surface

6 months to detect breach3

1. Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking

2. McKinsey Study of Network Operations for Cisco – 2016

3. Ponemon Research Institute Study on Malware Detection, Mar 2016

http://www.gartner.com/reprints/cisco-v6-us1?id=1-3YQCDRO&ct=170425&st=sb

http://www.ponemon.org/blog/new-ponemon-study-on-malware-detection-prevention-released


The branch and WAN cannot keep up…

• Delays enabling new connectivity

• Inconsistent application performance

• Difficult to manage multiple network devices

• Increasing bandwidth demands

• Support non-traditional devices

• Can’t use the internet for SaaS

Complex to operate

Difficult to secure

Poor user experience


Cisco SD-WANIntent-based networking for the branch

Branc

h

Greater agilitySimplify the deployment and operation of

your WAN and get faster performance

using less bandwidth

Advanced threat protectionSecurely connect your users to applications and

protect your data from the WAN edge to the cloud

Better user experienceDeploy applications in minutes on any platform

with consistent application performance

40% WAN OpEx Savings

3.24h Time to detection

4x Improved Application Experience

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

What defines Enterprise Class SD-WAN

APPLICATION POLICIES

SERVICES DELIVERY PLATFORM

TRANSPORT INDEPENDENT FABRIC

Broadband CellularMPLS

ZERO TOUCH ZERO TRUST

QoSSecurity Segmentation Svc Insertion SurvivabilityRouting Multicast

Per-Segment

Topologies

Cloud

Path

Application

SLA

Secure

Perimeter

Traffic

Engineering

Transport

Hub

Cloud

Acceleration

Analytics

Monitoring

Operations


Cisco SD-WAN Architecture

Data Center Campus Branch Public Cloud

Cloud managed and

controlled fabric

End-point flexibility(Physical or Virtual)

Application quality

of experienceControl | Management | Analytics

Internet MPLS 4G LTETransport

Independence

Integrated Security


Intent-based networking for the branch and WAN

Transport independence

Centralized cloud managed fabric

End-point flexibility

Application quality of experience

Integrated security

Inten

tContext

Securit

y

Learnin

g


The Network. Intuitive.Constantly learning, adapting and protecting.

Intent-based Network Infrastructure

DNA Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

Turns business intent to business results

Constantly learning, adapting and protecting.


Comprehensive threat protectionIntegrated security

4G/LTE

Corporate

Data Center

Campus

Small Office

Home Office

Branch

Cloud

Data Center

MPLSInternetMeet industry compliance with end-to-end

segmentation

Talos threat intelligence protects all

users devices

Reduce attack surface with cloud and

on-prem security

RouterVPN 3

VPN 3

VPN 1

VPN 2IPSec

Tunnel

VPN 4Cloud

Security


Best of breed trusted security services

Cloud-delivered security

First layer of defense against

threats at branch offices

Visibility and enforcement

at the DNS layer

Umbrella Branch ASAv

Multilayered protection

Integrated approach that consolidates

security services in a single platform

Optimized for DC, designed for NFV

NGFWv

Advanced defense for

end-to-end protection

Harden virtual services and

enable secure access

On-premise or cloud management

Cloud Security Traditional Firewall Next Gen Firewall

Secure Overlay | Trustworthy Systems | Encrypted Traffic Analytics*

*ISR 4400 – 2HCY17

Reduce risk


Cloud-first management and operations with a single WAN fabric across all end-points

Easier to deploy, manage and operateCentralized cloud managed fabric

Cisco DNA Center

Viptela vManage

Simplified workflows for easier configuration, monitoring and troubleshooting.

Advanced analytics and assurance for application service level agreement


Simplify migration to the cloudApplication quality of experience

Secure branch to cloud connectivity protects data in motion

IaaS/SaaS

Data

Center

Small Office

Home Office

CampusBranch

Cloud

Applications

Secure

SD-WAN

Fabric

Cloud

Providers

Agile workflows simplifies extending the enterprise to IaaS or SaaS

Analytics determines the optimal path for the best application experience


Deploy branches faster at lower costTransport independence

Leverage internet for public cloud and Internet access

Secure VPN overlay for private and virtual public cloud access

3G/4G-LTE

Branch

Private Cloud

Colocation

Public Cloud

MPLS

Internet

Seamless extension to the cloud enables business policy to follow workloads


Reduce complexity for remote sitesSingle rich services branch platform

Application hosting

Cloud Based Security

SD-WANUnified Communications

Application Optimization

Branch

Easy to deploy and manage

services on-demand

On-demand physical and virtual

form factors

Best of breed trusted network

services


Deploy rich services across on any platformEnd-point flexibility

ISR 1000 ISR 4000 ASR 1000

• 2.5-200Gbps

• High-performance

service w/hardware

assist

• Hardware & software

redundancy

• Up to 2 Gbps

• Modular

• Integrated service

containers

• Compute with UCS E

• 200 Mbps

• Next-gen connectivity

• Performance flexibility

Branch Services

Public Cloud

vEdge 2000

• 10 Gbps

• Modular

vEdge 1000

• Up to 1 Gbps

• Fixed

vEdge 100

• 100 Mbps

• 4G LTE & Wireless

SD-WAN

Branch virtualization

ENCS 5100 ENCS 5400

• Up to 250Mbps • 250Mbps – 2GB


Cisco SD-WANOpen and Programmable

3rd Party VNF’s

Cisco IOS XE

DevNet Cisco Developer Program

Program your network stronger, simpler, and faster

– build and develop with Cisco APIs

Improve security and reliability with an open

and programmable network operating system

Customizable for ’best of breed’ virtual network

functions

Easier to integrate with third-party solutions

What Is Enterprise NFV?

Freedom of choiceHardware platform

Hardware and software independenceVirtualization layer

Consistent, trusted network services across all the platformsVirtual network functions (VNFs)

Centralized Orchestration and ManagementSDN Applications

Cisco 4000 Series ISR + UCS® E-Series

Cisco® UCS C-Series

Enterprise Network Compute System(ENCS)

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco Enterprise Service Automation (ESA) on DNA-CenterNetwork Services Orchestrator (NSO)

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router(ISRv)

Virtual Firewall(ASAv)

Virtual WAN Optimization

(vWAAS)

Virtual Wireless LAN Controller (vWLC)

Third-Party VNFs

What Enterprise NFV Can Do For You

Gives you flexible deployment options

Simplify day to day operations

Quickly roll out new services and locations

Simple and easy to design, provision, manage the trusted

services that are critical to your business

cisco sd-wan - ibm...cisco enterprise service automation (esa) on dna-center network services...

Documents