The session covers how Cisco SD-WAN can be used to extend the WAN connectivity to AWS. We show how the Viptela-based SD-WAN solution accelerates the path to cloud migration while maintaining the application SLA using the policy-based app fabric model. We cover Viptela's cloud-first network management, orchestration, and overlay technologies with industry-leading routing platforms, services, and SD-WAN capabilities from Cisco. We also cover how a customer deployed Cisco SD-WAN and the benefits they achieved, how a customer extended Cisco SD-WAN fabric to AWS, and the benefits of consistent security and segmentation, policy, network visibility, and connectivity options across branch, campus, data center, and cloud. This session is brought to you by AWS Partner, Cisco.

1. Manan Shah / Linus Aranha
April, 2018
Extending Cisco SD-WAN fabric to
the AWS Cloud

2. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Introduction to Cisco SD-WAN
• Key challenges with hybrid cloud deployments
• How to simplify hybrid cloud deployments with Cloud onRamp
• Demo of Cloud onRamp - IaaS for AWS
Agenda

3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN
Apps
SD-WAN
Cloud
Use-Cases…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent- based
NetworkInfrastructure
DNACenter
AnalyticsPolicy Automation
I N T EN T C O N T EX T
S EC U RI T Y
L EA RN I N G
Cloud delivered WAN with
operational simplicity & analytics1
Superior security architecture –
cloud based & on-premises
2
Transport Independent
WAN Fabric
0
5
Application QOE3
End-point flexibility:
• Physical or virtual
• Rich services or lite
• Branch, Agg, Cloud
4

4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN – Components
Data Center Campus Branch Home Office
Control Plane
(Containers or VMs)
Data Plane
(Physical or Virtual)
Management Plane
(Multi-tenant or Dedicated)
Orchestration Plane
vManage
vSmart
vBond
vEdge
ISR4k
ASR1k
ENCS
vOrchestrator
vMonitor
API
4GINTERNET MPLS
CONTROL
ANALYTICS
MANAGEMENT
Policy, Security, Routing
On-boarding, life cycle management

5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hybrid-Cloud & SD-WAN

6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New use cases accelerate
adoption
• Hybrid-Cloud adoption
• Container-based applications
• Serverless Compute
• Machine learning / AI
• IoT
IaaS Adoption &
Key Trends
44
IaaS spend in 2018 will grow by 22% CAGR

7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hybrid Cloud Connectivity - Today
Branch
MPLS/Internet
Branch
DC
Internet
IaaS
instance
Inet
IaaS
instance
Inet
IaaS
instance
Inet DC
Public Cloud Provider 1
Region 1
Public Cloud Provider 1
Region 2
Public Cloud Provider 2
Region 1

8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Challenges with hybrid Cloud Migrations
Traffic trombones through DC
IaaS is extension of DC
Multi-Transport access
DIA : Protecting branch users
& branch router
Consistency across multi-
cloud deployments
User
experience
Branch to cloud
connectivity
Resiliency
Security
Operational
model
Cloud connectivity
consumable through a single
pane
Transport independent any-
to-any connectivity
End-to-end VPN
segmentation/isolation
Visibility into IaaS application
usage
Consistent policy across
branch, DC and Cloud sites
Cisco Cloud ready WAN

9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is Cloud onRamp ?
Cloud onRamp is Cisco’s SD-WAN capability
to simplify hybrid cloud connectivity, by
extending WAN fabric to public cloud

10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp
vManage Cloud onRamp for
IaaS: vManage application that
orchestrates connectivity to IaaS
instances across multiple cloud
and multiple regions. Provides
visibility into cloud instances.
vEdge Cloud Router: A
virtualized version of the vEdge
router. Available on the AWS and
Azure marketplace.
Key Components
SD-WAN
Fabric

11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – 3 Simple Steps
1
Discover Applications
2
Provide GW Information
3
Map Applications to
Segments

12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for IaaS
How it works
Internet
Branch
DC
MPLS
Public Cloud connectivity solution consumable through the vManage platform
vManage
Platform
Public cloud
credentials added to
vManage
vManage invokes
instantiation of vEdge
instances in users
accounts & connects
IaaS instances to vEdge
GW VPN segments
IaaS instances are
discovered from users
account in a region.
User selects instances
to operate on
New instances can
be discovered and
mapped to VPN
segments later
Public Cloud Provider 1 Region 1
IaaS instances
IaaS instances
vEdge GW
User defines vEdge
gateway parameters and
maps IaaS instances to
VPN segments in the
overlay

13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for IaaS
AWS solution detail
Direct
Connect
VGW
AZ1
AZ2
R
Architectural advantages – Cloud onRamp
• Share transport (Direct connect and
Internet) & vEdge Gateways across multiple
spoke VPCs in a region
• Share one gateway VPC for all host VPCs in
a region.
• Leverage AWS components (IGW, VGW, VPC
router) for redundancy.
• Utilize dynamic routing for fast failover
times.
• Gateway VPC can host firewall for security
compliance.
• End – End security and segmentation
VGW
Standard IPSec
overlay + BGP to
vEdge GW
vEdge GW
vEdge GW
AZ1
AZ2
R
Host VPC
vManage instantiated
and managed
Transit VPC
IGW
AWS Region
VGW
AZ1
AZ2
Host VPC

14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Demo

16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configuration

17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Discover Applications

18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – GW Information

19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Map Applications to Segments

20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Dashboard

21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Monitoring &
Troubleshooting

22. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Monitoring & Troubleshooting

23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Monitoring & Troubleshooting

24. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp – Monitoring & Troubleshooting

25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud onRamp for IaaS
SD-WAN value proposition
Branch
Internet
Branch
DC
MPLS
IaaS
instances
Public Cloud Provider 1
Region 1
DC
IaaS
instances
vEdge GW
IaaS
instances
Public Cloud Provider 1
Region 2
IaaS
instances
vEdge GW
IaaS
instances
Public Cloud Provider 2
Region 1
IaaS
instances
vEdge GW
1. Direct branch to cloud
connectivity
2. Consistent Policy
management & network
visibility for branch & cloud
3. Resilient & hybrid access
from cloud
4. Application steering
5. Multi-cloud
solution