Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Inteligentní řízení WAN konektivity

666 views

Published on

Prezentace VMware z konference Virtualization Forum 2018
Clarion Congress Hotel Prague, 25.10.2018

Published in: Technology
  • Be the first to comment

Inteligentní řízení WAN konektivity

  1. 1. Confidential │ ©2018 VMware, Inc. NSX SD-WAN by VeloCloud The Cloud is the Network Oct 2018 Ondřej Číž Sr. System Engineer NSX ociz@vmware.com
  2. 2. 2Confidential │ ©2018 VMware, Inc. • Acquired by VMware in 2017 • 2,000+ Customers • 70,000+ Sites • World’s Two Largest Enterprise SD-WAN Deployments • Powers Global Tier 1 & Tier 2 Service Providers • Global Footprint: – 24x7x365 Worldwide Support – 70+ Countries • Robust Partner Ecosystem: NSX SD-WAN by VeloCloud At-a-Glance Company Background
  3. 3. 3Confidential │ ©2018 VMware, Inc. Note: All figures are rounded. Source: Frost and Sullivan, 2017 NSX SD-WAN by VeloCloud is the SD-WAN Market Leader NSX SD-WAN by VeloCloud leads the global SD-WAN market with a market share close to 30%, followed by Cisco Viptela and Silver Peak. The “Others” category includes Versa Networks, CloudGenix, Mushroom Networks, Aryaka, and multiple other SD-WAN vendors that each have annual revenues less than 10 million. NSX SD-WAN by VeloCloud leads the global SD-WAN market with a market share close to 30% NSX SD-WAN by VeloCloud 30% Cisco Viptela 14% Silver Peak 13% Citrix 10% Talari 7% Fatpipe 6% Others 20% SD-WAN MARKET: MARKET SHARES BY REVENUE, GLOBAL 2017
  4. 4. 4Confidential │ ©2018 VMware, Inc. With VMware NSX, VMware has Reinvented Cloud and Data Center Networking… Public CloudData Center
  5. 5. 5Confidential │ ©2018 VMware, Inc. Data Center SD-WAN Public Cloud Connecting Everything, from Data Center to Edge Critical Touch Point for our Customers
  6. 6. 6Confidential │ ©2018 VMware, Inc. Legacy Networks Cannot Support Today’s Edge Applications Run SlowCapex of $20K-$50K per Branch Private Line is 100X the Cost of Broadband Deployment Takes Months Branch 100s to 1000s Private Line (MPLS) Datacenter
  7. 7. 7Confidential │ ©2018 VMware, Inc. Simplified WAN Management Assured Application Performance Managed On-ramp to the Cloud NSX SD-WAN by VeloCloud Advantages Branch Edges Cloud Gateways SaaS / IaaS Zero-touch deployments, simplified operations, one-click service insertion Direct cloud access with performance, reliability and security Datacenter Edges Transport independent performance for the most demanding apps, leverages economical bandwidth SD-WAN Overlay Private /MPLS 3G/4G LTE Internet Broadband
  8. 8. 9Confidential │ ©2018 VMware, Inc. Global Gateways Regions 30 Orchestrators 63: 8 / 47 Gateways 440+: 122 / 179 99.99% Reliability SLA SSAE16 Type II Audited Datacenters Cloud Scale Redundancy
  9. 9. 10Confidential │ ©2018 VMware, Inc. Branch Site with NSX SD-WAN Edge by VeloCloud NSX SD-WAN Gateway by VeloCloud with Embedded ControllerPublic Internet Legacy Enterprise Data Center SD-WAN Enterprise Data Center with NSX SD-WAN Edge by VeloCloud Cluster Provider Edge Provider Edge Internet SAAS Private— MPLS Private Circuit “Site to site SD-WAN plus benefits of cloud gateways for SaaS” Enterprise Deployments – Over-The-Top Hub for SD-WAN to data center including private links Hosted gateways for SD-WAN to SaaS/IaaS Hub-less design for legacy data centers NSX SD-WAN Orchestrator by VeloCloud
  10. 10. 12Confidential │ ©2018 VMware, Inc. Business Policy Driven SD-WAN Automatic application recognition and categorization Simple business prioritization HIGH MEDIUM LOW Services catalog and network services insertion (on-premises, cloud) Dynamic path steering and on-demand remediation policy-based link assignment for security/compliance
  11. 11. 13Confidential │ ©2018 VMware, Inc. Dynamic Multi-Path Optimization in Action “Assured application performance over any type of link” NSX SD-WAN Enhancements MPLS Comcast Cable Excellent voice quality! • Sub-second steering without session drops • Aggregated bandwidth for single flows • Drives automation and optimization Continuous Link Monitoring Dynamic Per Packet Steering • Protects against concurrent degradation • Enables single link performance On Demand Remediation
  12. 12. 14Confidential │ ©2018 VMware, Inc. Assure Application Performance Video Conference over a WAN Link with 2% Packet Loss Without NSX SD-WAN by VeloCloud With NSX SD-WAN by VeloCloud
  13. 13. 15Confidential │ ©2018 VMware, Inc. 10x faster response time SD-WAN Solution – SaaS/Data Performance Dual 20Mbps Links / 50 MB Box File Transfer Without NSX SD-WAN by VeloCloud NSX SD-WAN by VeloCloud No Loss 22 sec 12 sec 2% Packet Loss 134 sec 13 sec
  14. 14. 16Confidential │ ©2018 VMware, Inc. Distributed Services Insertion On Premises Security Corporate / Regional Cloud Security Service NSX SD-WAN by VeloCloud Dynamic Multipath Optimization delivers application performance and reliability to cloud Automated tunneling eliminates site by site configurations Single-click Application-Aware Policies for granular service insertion Branch Site NSX SD-WAN Edge Hub NSX SD-WAN Gateway by VeloCloud Internet / web Virtual Branch Services NSX SD-WAN Edge by VeloCloud Hub Dynamic Multi-Path Optimization Datacenter
  15. 15. 17Confidential │ ©2018 VMware, Inc. Virtual Services Delivery Micro to Small Branch Small to Midsized Branch Large Branch/DC NSX SD-WAN Edge by VeloCloud • No local apps • Cloud or integrated security NSX SD-WAN Edge by VeloCloud Services Platform • No local apps • One networking VNF (e.g. NGFW) NSX SD-WAN by VeloCloud VNF • Local apps • Many VMs including network services CPE NSX / vSAN NGFW Analytics IoTGW AppX File SDWAN
  16. 16. 19Confidential │ ©2018 VMware, Inc. NSX SD-WAN Connectivity to NSX SDDCs SD-WAN Micro Branch Non VeloCloud NSX DataCenter CE Public Internet NSX SD-WAN by VeloCloud Regional Branch/Data Center VMware ESXi NSX SD-WAN Gateways by VeloCloud NSX SD-WAN Edge by VeloCloud NSX SD-WAN Edge by VeloCloud NSX SD-WAN Orchestrator by VeloCloud Internet NSX Branch NSX SD-WAN Edge by VeloCloud NG FW OS APP VMware NSX VMware ESXi NG FW OS APP VMware NSX VMware ESXi
  17. 17. 20Confidential │ ©2018 VMware, Inc. Thank You The Cloud is the Network
  18. 18. 21Confidential │ ©2018 VMware, Inc. Compelling Differentiators for Enterprise Faster Installs Less Money Faster Speed / Better Performance
  19. 19. Confidential │ ©2018 VMware, Inc. 22 Live Demo • Live Solution Demo of NSX SD-WAN Orchestrator by VeloCloud • Demo of Application Visibility and Control (AVC) capabilities • Demo of reporting and troubleshooting capabilities • Demo of endpoint management portal • Demo of provisioning an endpoint
  20. 20. 23Confidential │ ©2018 VMware, Inc. Collateral
  21. 21. 24Confidential │ ©2018 VMware, Inc. Simplify WAN Management – Business Policy Legacy WAN: ACL, IP address, subnets SD-WAN: App-level policy Legacy WAN: Need to put application in the right queue by marking and configuring QoS SD-WAN: App-awareness to choose the right queue Legacy WAN: Complex routing tuning and PBR to do split tunnel SD-WAN: App-aware split tunnel policy and single click Legacy WAN: Routing protocol tuning, probes, PBR SD-WAN: Dynamic path selection
  22. 22. 25Confidential │ ©2018 VMware, Inc. • Aggregation: Provides greater bandwidth and uptime • Dynamic Multipath Optimization: Sub-second packet steering to provide better performance and automated failover (no dropped calls on outages) • Link Remediation and Correction: High quality voice performance NSX SD-WAN by VeloCloud – Performance over Dual Circuits NSX SD-WAN Enhancements MPLS Cable Quality Scores
  23. 23. 26Confidential │ ©2018 VMware, Inc. Link Remediation and Correction – Improve voice/circuit quality over broadband and struggling circuits SD-WAN Solution – Performance Over A Single Circuit NSX SD-WAN Enhancements Time Warner Cable 74.143.12.114 Quality Scores
  24. 24. 27Confidential │ ©2018 VMware, Inc. • Use multiple transport as the WAN • Reduce Capex by 5X; deploy in days • Guarantee Real-time App Performance • Strong Cloud-based Security The Cloud is the Network Cloud Services Cloud Network NSX SD-WAN Gateways by VeloCloud DatacenterBranch 100s to 1000s MPLS+Broadband+LTE NSX SD-WAN Edge by VeloCloud Hub NSX SD-WAN Edge by VeloCloud Hub
  25. 25. 28Confidential │ ©2018 VMware, Inc. Large Insurance/On-Premises Challenge: • Deploying tens of thousands of sites with a transport-independent overlay • Complexity in managing PKI • Future ready for Internet as WAN Solution: • Secure zero-touch activation and group policies to eliminate box-by-box config • Device certificates anchored to CA running inside VCO • Application aware Dynamic Multipath Optimization Hub in Data-Center Hosted NSX SD-WAN Orchestrator by VeloCloud Branch Edges
  26. 26. 29Confidential │ ©2018 VMware, Inc. Hospitality/Cloud Access Challenge: • Complexity of installing On-Prem Orchestrator • Backhaul all traffic to regionalized firewall except Microsoft Lync and Box • Multiple WAN management tools Solution: • Leveraged Hosted NSX-SD-WAN by VeloCloud Service • Policy aware forwarding to distributed firewalls and SaaS traffic to Hosted NSX-SD-WAN Gateway by VeloCloud • Single pane of glass for SD-WAN Management NSX-SD-WAN Gateway by VeloCloud Hub in Data-Center Hosted NSX SD-WAN Orchestrator by VeloCloud Branch Edges
  27. 27. 30Confidential │ ©2018 VMware, Inc. SP Managed NSX-SD-WAN Gateway by VeloCloud Distributed Retail/Managed SD-WAN Challenge: • Ensure QoS for large number of distributed sites including International • Single point of contact to manage transport • Complex NxN tunnels to integrate CWS • Isolate corporate and guest Solution: • Managed SD-WAN from Tier 1 SP with Mid-Mile + Last-Mile Benefits • Bring first 1000 tunnels for 500 sites down to 2 Tunnels • Corporate wide segmentation Regional Sites International Sites
  28. 28. 31Confidential │ ©2018 VMware, Inc. • NSX SD-WAN by VeloCloud Resellers: – WWT, SHI, CDW, (can often work with any reseller for sell through) – Purchased through partner, supported by NSX SD-WAN by VeloCloud – Leverage NSX SD-WAN by VeloCloud Public Gateways – Self-managed offering • NSX SD-WAN by VeloCloud Direct Purchase: – Can buy directly from NSX SD-WAN by VeloCloud if 150+ sites – Self-managed offering only • NSX SD-WAN by VeloCloud Resellers + Support: – Cincinnati Bell, AT&T, Lightstream, Airespring, Pomeroy – Leverage NSX SD-WAN by VeloCloud Public Gateways – Managed and self-managed offerings • NSX SD-WAN by VeloCloud Managed Service Providers – AT&T, Sprint, Windstream, Vonage, Earthlink, Cincinnati Bell – Leverage private network (no NSX SD-WAN by VeloCloud Public Gateways) – Typically managed service (some offer self-managed Purchase Options
  29. 29. 32Confidential │ ©2018 VMware, Inc. • Pricing is monthly or annual OpEx/subscription price. • Pricing based on aggregate bandwidth needed at each location. • Hardware, software, gateways, support, included in subscription price. • Subscription tiers: – 10 Mbps – 50 Mbps – 100 Mbps – 500 Mbps – 1 Gbps • CapEx purchase available upon request for 200+ sites. Still includes small software license component. Pricing Options
  30. 30. 33Confidential │ ©2018 VMware, Inc. Assured Application Performance
  31. 31. 34Confidential │ ©2018 VMware, Inc. NSX SD-WAN Enhancements Assured Application Performance Over Any Link MPLS, Internet broadband and LTE circuits • App Quality Score • Error Correction • TCP Optimization • Single or Multi- Link Capability Performance and action drill down• Link Detection • Performance Monitoring Continuous Monitoring Dynamic Per Packet Steering On Demand Remediation
  32. 32. 35Confidential │ ©2018 VMware, Inc. Dynamic Multi-Path Optimization (DMPO) In Action NSX SD-WAN Enhancements MPLS Comcast Cable
  33. 33. 36Confidential │ ©2018 VMware, Inc. Segmentation for Enterprise and Retail
  34. 34. 37Confidential │ ©2018 VMware, Inc. Branch 1 Branch 2 Retail Store Media NSX SD-WAN Orchestrator And Controller NSX SD-WAN Edge PCI Network Datacenter SBC Outcome Driven Segmentation Simple Enterprise Wide Segment Creation Segment Aware Topology Isolation and Overlapping IP Segment Aware Policies On-Premises and Cloud
  35. 35. 38Confidential │ ©2018 VMware, Inc. PCI DSS 3.2 Certified SD-WAN The first and only solution to offer PCI-Certified Cloud- Delivered SD-WAN All NSX SD-WAN by VeloCloud components are PCI Compliant Retailers benefit from NSX SD-WAN by VeloCloud PCI AOC to simplify PCI Audit NSX SD-WAN by VeloCloud is a PCI DSS (v3.2) Level 1 Service Provider Ensure PCI compliance in a simple, efficient, and cost-effective manner
  36. 36. 39Confidential │ ©2018 VMware, Inc. • Multi-tenant • TLS 1.2 • Role-based access control / Radius • 2-Factor authentication • Event and firewall logs / APIS • Built-in certification server • IPsec with AES 256 • PKI • Local access control • Segmentation for hosted controller Orchestration Data Plane PCI DSS 3.2 Certified SD-WAN AOC* Summary
  37. 37. 40Confidential │ ©2018 VMware, Inc. Zero-Touch Deployment Agility
  38. 38. 41Confidential │ ©2018 VMware, Inc. IT Admin adds a new NSX SD-WAN Edge by VeloCloud in the customer account. IT Admin generates an activation key and emails it to the installer. NSX SD-WAN Edge by VeloCloud with factory default config is shipped to the remote site. Office Admin powers up the device and connects it to the Internet. Office Admin plugs in the device and connects to the Internet through NSX SD- WAN Edge by VeloCloud WLAN/LAN. Office Admin clicks on activation link in the email. Edge is activated. 1. Create Config and Send Key 2. Device Ships 3. Install, Authenticate and Pull Config Simple and Quick Deployment – Pull Activation No site by site link knowledge required No tracking by S/N required No IT visit required No pre-staging, nor security risk if device lost
  39. 39. 42Confidential │ ©2018 VMware, Inc. 1. Device PLUGGED in 2. Device calls home to REDIRECTOR 4. Config Pushed and Device ACTIVATED Simple and Quick Deployment – Push Activation Installer powers up Device Connects to Internet (dynamic IP) without any customization Edge calls home to REDIRECTOR and authenticates REDIRECTOR pre-populated with association to partner Enterprise or Partner pushes config “Pull” email can also activate activate.velocloud.net 3. Device Redirected to PARTNER VCO STAGING Edge is redirected to the Partner VCO in staging mode Edge assigned to Enterprise account Independent installer – no contact needed Staging mode prior to activation Many of the same benefits, plus:
  40. 40. 43Confidential │ ©2018 VMware, Inc. Architecture for Cloud Migration
  41. 41. 44Confidential │ ©2018 VMware, Inc. Cloud Scale VPN HUB Edge Cluster Cloud Scale VPN • Enables both simple and secure access with integrated PKI • Enterprise-wide and Cloud • Automated VPN to third-party cloud applications • Virtual NSX SD-WAN Edge by VeloCloud automates VPN to IaaS • Scalable any-any connectivity • Dynamic branch-branch tunnels • One-click enablement SaaS Exit CLOUD SCALE VPN and Cloud Regional Exit
  42. 42. 45Confidential │ ©2018 VMware, Inc. Connectivity to IaaS Over The Top Internet Only Over The Top Hybrid Virtual Edges Cloud Gateways IPSec MPLS Internet
  43. 43. 46Confidential │ ©2018 VMware, Inc. O365 on a Single Link (Brownout condition) from Branch in Thailand to Gateway in Singapore Optimized Performance for Cloud Apps – Office 365 NSX SD-WAN by VeloCloud Non-SDWAN
  44. 44. 47Confidential │ ©2018 VMware, Inc. NSX SD-WAN by VeloCloud Enables O365 Branch Microsoft Network“Microsoft Endpoint” “O365 Tenant Location” • Simplifies hybrid network for local Internet breakout • Provides direct to Internet / Microsoft endpoint • With SD-WAN performance and availability benefits NSX SD-WAN by VeloCloud Cloud Delivered SD-WAN
  45. 45. 48Confidential │ ©2018 VMware, Inc. Granular Security for O365 Other Web traffic Office365 Non-inspected O365 “Microsoft Endpoint” Branch NSX SD-WAN Edge by VeloCloud • Supports recommended policy to “trust Office365” • Enables granular network level bypass of cloud security for Office365 NSX SD-WAN by VeloCloud Internet
  46. 46. 49Confidential │ ©2018 VMware, Inc. WAN Management Simplification
  47. 47. 50Confidential │ ©2018 VMware, Inc. • Zero-touch provisioning • Group business-level policies • Automatic link profiling All-In-One Orchestration Multi-tenant managed IT portal * Enterprise wide * Site drill down: link and usage discovery CLI
  48. 48. 51Confidential │ ©2018 VMware, Inc. Routing Capabilities
  49. 49. 52Confidential │ ©2018 VMware, Inc. MPLS Branch Router: Ip prefix HUB permit seq 5 10.0.0.0/24 Ip prefix HUB permit seq 10 10.0.10.0/24 Ip prefix HUB permit seq 15 10.0.20.0/24 Ip prefix LEGACY permit 20.0.0.0/24 <additional prefixes from other sites learnt via overlay> Route-map SD_WAN Match ip prefix HUB Deny Route-map UNDERLAY Match ip prefix LEGACY deny Router BGP 100 Neighbor 10.1.0.4 route-map SD_WAN out Neighbor 10.2.0.4 route-map UNDERLAY out CPE: show ip ospf interface ethernet 0 Ethernet0 is up, line protocol is up Internet Address 10.10.10.1/24, Area 0 Process ID 1, Router ID 192.168.45.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 172.16.10.1, Interface address 10.10.10.2 Backup Designated router (ID) 192.168.45.1, Interface address 10.10.10.1 Branch Router: Interface gig1/0 Ip ospf cost 9 Intelligent Routing After Before Branch HubLegacy Site R2 Uplink Branch Hub R1 R4 R3 OSPF Preferred Path Default Path R1 R2 R3 R4 Abstraction For Transit Hub Self Learning For Visibility/Troubleshooting Self Adjust For Path Influence MPLS Internet MPLS
  50. 50. 53Confidential │ ©2018 VMware, Inc. Service Insertion
  51. 51. 54Confidential │ ©2018 VMware, Inc. Distributed Services Insertion On Premises Security Corporate / Regional Cloud Security Service NSX SD-WAN by VeloCloud Dynamic Multipath Optimization delivers application performance and reliability to cloud Automated tunneling eliminates site by site configurations Single-click Application-Aware Policies for granular service insertion Branch Site NSX SD-WAN Edge Hub NSX SD-WAN Gateway by VeloCloud Internet / web Virtual Branch Services NSX SD-WAN Edge by VeloCloud Hub Dynamic Multi-Path Optimization Datacenter
  52. 52. 55Confidential │ ©2018 VMware, Inc. Virtual Services Delivery Micro to Small Branch Small to Midsized Branch Large Branch/DC NSX SD-WAN Edge by VeloCloud • No local apps • Cloud or integrated security NSX SD-WAN Edge by VeloCloud Services Platform • No local apps • One networking VNF (e.g. NGFW) NSX SD-WAN by VeloCloud VNF • Local apps • Many VMs including network services CPE NSX / vSAN NGFW Analytics IoTGW AppX File SDWAN
  53. 53. 56Confidential │ ©2018 VMware, Inc. NSX Synergy
  54. 54. 57Confidential │ ©2018 VMware, Inc. • From NSX-SD-WAN Hub by VeloCloud integrated with NSX in the Datacenter • Extends NSX-SD-WA by VeloCloud segmentation to NSX routing domain NSX SDDC with On Premise NSX SD-WAN • IPSec Connectivity from NSX-SD-WAN Gateway by VeloCloud to NSX in the Datacenter (Hubless design) • NSX SD-WAN Managed private network to NSX (SP partner Gateway design) NSX SD-WAN Connectivity to NSX SDDCs NSX SDDC with Cloud NSX SD-WAN
  55. 55. 58Confidential │ ©2018 VMware, Inc. NSX SD-WAN Connectivity to NSX SDDCs SD-WAN Micro Branch Non VeloCloud NSX DataCenter CE Public Internet NSX SD-WAN by VeloCloud Regional Branch/Data Center VMware ESXi NSX SD-WAN Gateways by VeloCloud NSX SD-WAN Edge by VeloCloud SNSX D-WAN Edge by VeloCloud NSX SD-WAN Orchestrator by VeloCloud Internet NSX Branch NSX SD-WAN Edge by VeloCloud NG FW OS APP VMware NSX VMware ESXi NG FW OS APP VMware NSX VMware ESXi
  56. 56. 59Confidential │ ©2018 VMware, Inc. Extend Segments to NSX SD-WAN segments map to SDDC segments Branch 1 Branch 2 Retail Store Media NSX SD-WAN Orchestrator And Controller NSX SD-WAN Edge PCI Network Datacenter SBC
  57. 57. 60Confidential │ ©2018 VMware, Inc. Deployment Flexibility
  58. 58. 61Confidential │ ©2018 VMware, Inc. • Cloud or on-premises orchestrator and controllers • Controller functions: route reflector, VPN control, link measurements Incremental and Interoperable SD-WAN Rollouts NSX SD-WAN by VeloCloud Orchestrator NSX SD-WAN by VeloCloud Controllers NSX SD-WAN Edge by VeloCloud NSX SD-WAN Edge by VeloCloud NSX SD-WAN by VeloCloub Hub Cluster OSPF, BGP BGP Route Learning and Distribution OSPF, BGP OSPF, BGP Co-exist Replace Legacy Internet MPLS
  59. 59. 62Confidential │ ©2018 VMware, Inc. Internet MPLS • Use VRRP to make VCE the default gateway when is it up • Provide failover/redundancy with existing CE • Use routing protocol (OSPF or BGP) to direct traffic to the VCE when it is up • Provide failover/redundancy with existing CE • VCE is the default gateway for the branch traffic • Deploy VCE in HA pair to meet the redundancy/availability requirement Branch Deployment Options CE E-BGP L2 SW VRRP Co-exist (L2) Co-exist (L3) CPE Replacement Internet MPLS E-BGP/OSPF E-BGP L3 SW E-BGP/OSPF Internet MPLS E-BGP L2/3 SW
  60. 60. Confidential │ ©2018 VMware, Inc.

×