WWW.GTRI.COM
© 2016 Global Technology Resources, Inc.
All rights reserved.
Software Defined WAN 101
Mani Ganesan - Cisco
Michael Edwards - GTRI
Agenda
• What is SD-WAN ?
• IWAN Architecture Overview
• Transport Independence
• Intelligent Path Control
• Application Optimization
• Secure Connectivity
• Orchestration & Automation
• Closing
2
Digital Innovation Overwhelming the Branch
3
BRANCH
OS
Updates
HD
Video
Mobile
Apps
Online
Training
Social
Media
Guest
Wi-Fi
MORE
USERS
MORE
APPS
MORE
THREATS
80%
Of employee and
customers are served
in branch offices*
20-50%
Increase in enterprise
bandwidth per year
through 2018**
30%
Of advanced threats will
target branch offices by
2016 (up from 5%) ***
Omnichannel
Apps
SaaS Enterprise
Apps
Digital
Displays
* Tech Target, Branch Office Growth Demands
New Devices., 2013
** Gartner, Forecast Analysis: Worldwide
Enterprise Network Services, Q2 2015 Update
*** Gartner: “Bring Branch Office Network Security
Up to the Enterprise Standard, Jeremy
D’Hoinne, 26 April. 2013.
58% OF IT BUDGETS SPENT
ON WAN CONNECTIVITY
4
Source: IDG
What If Your WAN Can…
5
Hours Minutes
Pinpoint Application Issues Instantly
Improve Your Application Performance
1x 2x -20x
Increase WAN Utilization
Deliver More Bandwidth for Lower Cost
Backhaul
Local &
Cloud
Consistent Security Policies
Ensure Security Over Any Connection
By Device System
Simplify Operations
Reduce Network Complexity
Internet as an Extension of Enterprise WAN
6
Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
Improved Internet Performance
ONUG - Software Defined-WAN Requirements
Branch
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
MPLS (IP-VPN)
Internet
CSR1000-AX
1) Physical or Virtual* devices
2) Zero Touch Deployment
7) L2/3 Interoperability
8) Management Dashboard
9) Open North-bound API
3) Dynamic Traffic Engineering
5) HA and Resilient WAN
6) App Visibility, Prioritization and
Steering
4) Active-Active Architecture
APIC
Prime
10) FIPS 140-2 w/ Cert Management
Optimized
Secure Transport
Direct
Internet
Access
WWW.GTRI.COM
© 2016 Global Technology Resources, Inc.
All rights reserved.
SD-WAN and beyond with
Cisco IWAN
8
SD-WAN and Beyond with Cisco Intelligent WAN
ApplicationsUsers/Devices
Private
(MPLS)
Public
(Internet/4G LTE)
Hybrid
(MPLS, Internet)
SMART
• Intelligent Path Control
• Application Optimization
• Advanced Content Caching
SECURE
• Secure Direct Internet Access
• Advanced Threat Defense
• Robust Data Encryption
SIMPLE
• SD-WAN Policy Management
• Deployment Automation
• Open APIs
Transport
Independence
Application
Optimization
Secure
Connectivity
Intelligent
Path Control
Technology Blocks
Intelligent WAN: Leveraging the Internet
Secure WAN Transport and Cloud Access
10
Optimized
Secure Transport
Branch
Direct Cloud
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
1. IWAN Secure transport for private
and virtual private cloud access
2. Leverage local Internet path for
public cloud and Internet access
 Increase WAN transport capacity and
app performance cost effectively!
 Improve application performance
(right flows to right places)
MPLS (IP-VPN)
Internet
Intelligent WAN (IWAN) Architecture
Enterprise
11
MPLS
Unified
Branch
3G/4G-LTE
Internet
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
Application
Optimization
Enhanced Application
Visibility and Performance
Secure
Connectivity
Comprehensive
Threat Defense
Intelligent
Path Control
Application
Aware Routing
Transport
Independence
Simplified
Hybrid WAN
Management Automation
Cisco Intelligent WAN
Enabling the Next-Generation
Branch
Mani Ganesan - Cisco
WWW.GTRI.COM
© 2016 Global Technology Resources, Inc.
All rights reserved.
Transport-Independence
Virtualizing the Enterprise WAN
1
3
Simplifies WAN Design
Dynamic Full-Meshed
Connectivity
Proven Robust Security
Flexible Secure IWAN Over Any Transport
SecureFlexible
• Easy multi-homing with several
providers
• Single routing control plane over
the top of provider networks
• Consistent design over all
WAN transport types
• Scalable Hub-n-spoke with
dynamic full mesh topology
• Industry Certified security
compliance
• Scalable high-performance
cryptography in hardware
ISR
WAN
Internet
MPLS
ASR 1000
ASR 1000
Transport-Independent
Data CenterBranch
14
IWAN Transport Independence
Consistent deployment models simplify operations
Internet MPLS
Branch
DMVPN DMVPN
IWAN HYBRID
Data Center
ISR
ASR 1000 ASR 1000
ISP A SP B
4G/LTE
Branch
DMVPN
IWAN HYBRID/LTE
Data Center
ISP C SP B
ASR 1000
MPLS
Branch
MPLS
DMVPN
IWAN Dual MPLS
Data Center
ISR
ASR 1000 ASR 1000
SP A SP B
DMVPN
MPLS
DMVPN
ISR
ASR 1000
15
Intelligent Path Control
Improving Application Delivery and WAN Efficiency
23
Getting the Most Out of Your WAN Investment
Benefits of Intelligent Path Control
Data Center
Branch
ASR 1000
ASR 1000
ISR
MPLS
Internet
Enabling
Hybrid WANs
Efficient Distribution of
Traffic Based Upon Load
or Path Preference
Application Best Path
Based on Quality
Protection From
Carrier Black Holes
and Brownouts
Lower
WAN Costs
Full Utilization
of WAN Bandwidth
Improved
Application
Performance
Higher Application
Availability
24
Intelligent Path Control with PfR
Voice and Video Use-Case
Branch
MPLS
Internet
Virtual Private
Cloud
Private Cloud
• PfR monitors network performance and routes applications
based on policy
• PfR load balances traffic based upon link utilization levels
to efficiently utilize all available WAN bandwidth
Other traffic is load
balanced to maximize
bandwidth Voice/Video will be rerouted if
the current path degrades
below policy thresholds
Voice/Video take the best
delay, jitter, and/or loss path
25
SP1 (MPLS) ISP (FTTH)
• Protect voice and
video quality
Latency < 150 ms
Jitter < 20 ms
• Protect Email applications
from WAN congestion
Loss < 5%
• Voice and video preferred
path SP1
• Email preferred path ISP
• Increase utilization
by load sharing
Multimedia and Critical Data Policy
Business App
Best-Effort Traffic
High Delay
Detected
SP1 (MPLS) ISP (DSL)
Voice and Video
High Jitter
Detected
Email
Best-Effort Traffic
Protecting Critical Applications While Increasing Link Efficiency
• Protect transactional
business app from brownouts
delay < 250ms
• Preferred path SP1 (MPLS)
• Increase WAN bandwidth
efficiency by load-sharing
traffic over all WAN paths,
MPLS + Internet
Business App and Load-Balancing Policy
27
Load Balancing
Maximizing Link Utilization to Increase Available Bandwidth
• Traffic distributed across all paths to efficiently use all WAN bandwidth
• Load Balancing based upon link utilization levels
• External links can have different bandwidth capacities
MPLS = 1.5Mbps
Internet = 15Mbps
ISR
WAN
Internet
MPLS
ASR 1000
ASR 1000
Data Center
50% T1 = 750kbps
50% 15Mbps = 7.5Mbps
28
Application Optimization
32
Today’s Network is an IT Blind Spot
• Static port classification is no
longer enough
• More and more apps are opaque
• Increasing use of encryption
and obfuscation
• Application consists of multiple
sessions (video, voice, data)
• What if user experience is not
meeting business needs?
33
Branch
Private
Cloud
Make Your IWAN Application Aware
Application Visibility and Control (AVC)
DC/Headquarters
Public
Cloud
Cisco AVC
Application Performance
Visibility
• Application inspection with
existing routers
• Rich data collection using
NetFlow v9/IPFIX
• Easy to integrate into many
reporting tools
Smart Capacity
Planning
• Better use of costly
bandwidth
• Per-branch and per-
application level reporting
Business Objective
Enforcement
• Service Level monitoring per
application
• Better Analytics to adjust
network policies to maintain
compliance
AVC
AVC
34
What applications, how much bandwidth, flow direction?
(NBAR2 and Flexible Netflow)
Basic Monitoring
Performance Collection & Exporting
Integrated performance monitoring and advanced metrics for different type of applications and use cases
HTTP HTTP
Voice and Video Performance
(Media Monitoring)
Unified
Monitoring
30% of traffic is
voice and video
Critical Applications Performance
(Application Response Time)
40% of traffic is
critical applications
AVC
35
Private
Cloud
Add WAN Optimization with WAAS + Akamai
Speed and Bandwidth Benefits on Top of the IWAN
Branch DC/POP
Application
Optimization
• Improved Application
performance, delay mitigation,
less bandwidth
• Twice as many Citrix users over
same WAN, 70% faster
• Typical ROI in less than one year,
65% BW cost savings
Content Caching
& Prepositioning
Simple and Scalable
• Works with existing branch
routers
• Scale out optimizations
resources with AppNav
• Native HA resiliency
vWAAS
AppNav-XE
Controller
CSR
WAVE,
vWAAS
WAN
Improving Application Performance
• Reduces WAN bandwidth
usage, while accelerating
applications
• Intelligent caching of internal
and Internet content
• Prepositioning of data and rich
media before it is needed
37
WAAS and Akamai Connect Synergy
AKAMAI Connect
Transparent
Cache
Dynamic URL Cache
Akamai
Connected Cache
Content
Pre-positioning
CISCO WAAS
LZ
Compression
TCP
Optimization
Data
De-duplication
Application Specific
Acceleration
38
IWAN Secure Connectivity
45
Intelligent WAN: Secure Connectivity
Securing the network and users
Secure WAN
Transport
Branch
MPLS (IP-VPN)
Internet
Secure
Internet
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
Two areas of concern
1. Protecting the network from outside threats with data privacy over provider networks
2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,…
46
Securing the IWAN Transport
IPSec VPN and Access Control
• Step 1: Authenticate hardware and software
Trust Anchor Module verification
• Step 2: Secure Transport
Proven IPsec VPN overlay
Strong Cryptography: IKEv2 + AES-GCM 256
F-VRF to isolate provider networks
• Step 3: Access Control
IOS Zone-based Firewall or ACLs protection
Role based access to router w/ logging
Minimize exposure
Provider assigned addressing to hide routers
Don’t put tunnel addresses into DNS
MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
47
* RFC 6379 Suite B ** Not supported on older RP1 based ASR 1000s
Cisco Router Security Certifications
FIPS Common Criteria NG Strong Crypto
140-2, Level 2 EAL4 AES-GCM-256*
Cisco ISR 890 Series   
Cisco ISR 1900 Series   
Cisco ISR 2900 Series   
Cisco ISR 3900 Series   
Cisco ISR 4000 Series   
Cisco ASR 1000 Series   **
48
MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
Add Network Integrated Threat Defense
IOS Zone-Based Firewall
• Control the Perimeter:
• External and internal protection: internal network is no longer trusted
• Protocol anomaly detection and stateful inspection
• Communicate Securely:
• Call flow awareness (SIP, SCCP, H323)
• Prevent DoS attacks
• Flexible:
• Split Tunnel-Branch direct Internet access
• Internal FW— addresses regulatory compliances
• Integrated:
• No need for additional devices, expenses and power
• Works with other IWAN Services: CWS, WAAS, UCS -E,…
• Manageable:
• APIC-EM, Prime, CLI, SNMP, CCP, and CSM
51
Intelligent WAN—Direct Cloud Access
Branch
MPLS (IP-VPN)
Internet
Direct
Internet
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
• Leverage Local Internet path for Public Cloud and Internet access
• Improve application performance (right flows to right places)
Solutions
On Premise – Zone Based Firewall
Cloud Based – Cloud Web Security
CWS
ISR-AX
ZBFW
55
Secure Internet Access with Cisco
Cloud Web Security (CWS) with ISR-4000 and ISR-G2 Series Routers
Secure Public
Cloud and Internet
Access
ISR Connector to
CWS Firewall towers
Web Filtering,
Access Policy,
Malware Detect
WAN1
(IP-VPN)
CWS
Private
Cloud
Public
Cloud
Branch
WAN2
(Internet)
IWAN IPsec VPN
for Private Cloud
TrafficIOS Firewall to
protect Internet
Edge
Internet
60
Orchestration and Automation
61
Network-Wide Abstractions Simplify the Network
Applications
SecurityOrchestration Automation Collaboration
SOUTHBOUND ABSTRACTION LAYER
REST API
CATALYST® CISCO NEXUS® ASRISR WIRELESSASA OTHER
SDN Ideal:
Controller as the
Application Platform
The SDN
Ideal:
Controller as
the Application
Platform
Virtualization
64
IWAN SD-WAN Automation with APIC-EM
`
 Cisco® APIC-EM centralized policy expression
and distribution
 Distributed policy enforcement
 Automated application and topology discovery
 Application and network performance monitoring
 Adaptive path selection and QoS to sustain policy
 Performance analytics collected network-wide
and reported centrally
MC
Branch
MC
Large Site
MC
Campus
Data Center
or POP
4G
LTE
Internet
Data Center
or POP #2...n
MPLS
(IP-VPN)
IWAN Domain
ControllerPolicy Rendering
Policy Distribution
and Domain Control
Distributed Policy
Enforcement
IWAN APP
Policy Expression
66
Cisco IWAN Management Portfolio
Covering a broad range of requirements and preferences
• Customer wants advanced
provisioning, life cycle
management, and
customized policies
• System-wide network
consistency assurance
• Lean IT OR IT Network team
Cisco
Prime
Infrastructure
• Customer needs
customizable IWAN with
end-to-end monitoring
• One Assurance across
Cisco portfolio from Branch
to Datacenter
• IT Network team
Enterprise Network
Mgmt and Monitoring
Ecosystem Partners
IWAN App
• Customer wants
considerable automation
and operational simplicity
• Requirements consistent
with prescriptive IWAN
Validated Design
• Lean IT organization
Prescriptive
Policy Automation
• Customer looking for
advanced monitoring and
visualization
• QoS/ PfR/ AVC configuration,
Real-time analytics and
network troubleshooting
• IT Network team
Application Aware
Performance Mgmt
Advanced
Orchestration
67
IWAN App
Demo
68
GTRI SDN Solutions
• GTRI’s Virtualization and Advanced Networking Professional Services
(PS) practice has expertise with SDN vendor solutions.
• GTRI has top-tier partner status with the most relevant long-term
vendors in the IT virtualization market.
• GTRI offers an SDN readiness assessment service to assess your
infrastructure, your applications, and the benefits to your business
gained from using SDN.
• GTRI has a SDN test bed where we can learn and teach SDN solutions
and help validate solutions prior to deployment.
• GTRI is performing SDN deployments and we will freely share the
latest vendor and industry information with you.
© 2016 Global Technology Resources, Inc. All Rights Reserved.
85
FREE SDN Technology Review
• We are offering a FREE 3-hour (~1/2 day) SDN technology review
for your company
• Bring your networking, security, DevOps, and other technology
teams together
• Review SDN capabilities within your existing networked systems
• Discuss SDN architecture and design options
• Review network automation and network programmability potential
• Engage in conversation on securely deploying IPv6 and using SDN for
security
WWW.GTRI.COM
© 2016 Global Technology Resources, Inc.
All rights reserved.
Q&A
Thank you for attending!
info@gtri.com | 877.603.1984 | @gtri_global

Software-Defined WAN 101

  • 1.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. Software Defined WAN 101 Mani Ganesan - Cisco Michael Edwards - GTRI
  • 2.
    Agenda • What isSD-WAN ? • IWAN Architecture Overview • Transport Independence • Intelligent Path Control • Application Optimization • Secure Connectivity • Orchestration & Automation • Closing 2
  • 3.
    Digital Innovation Overwhelmingthe Branch 3 BRANCH OS Updates HD Video Mobile Apps Online Training Social Media Guest Wi-Fi MORE USERS MORE APPS MORE THREATS 80% Of employee and customers are served in branch offices* 20-50% Increase in enterprise bandwidth per year through 2018** 30% Of advanced threats will target branch offices by 2016 (up from 5%) *** Omnichannel Apps SaaS Enterprise Apps Digital Displays * Tech Target, Branch Office Growth Demands New Devices., 2013 ** Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2015 Update *** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
  • 4.
    58% OF ITBUDGETS SPENT ON WAN CONNECTIVITY 4 Source: IDG
  • 5.
    What If YourWAN Can… 5 Hours Minutes Pinpoint Application Issues Instantly Improve Your Application Performance 1x 2x -20x Increase WAN Utilization Deliver More Bandwidth for Lower Cost Backhaul Local & Cloud Consistent Security Policies Ensure Security Over Any Connection By Device System Simplify Operations Reduce Network Complexity
  • 6.
    Internet as anExtension of Enterprise WAN 6 Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Internet Performance
  • 7.
    ONUG - SoftwareDefined-WAN Requirements Branch Private Cloud Virtual Private Cloud Public Cloud MPLS (IP-VPN) Internet CSR1000-AX 1) Physical or Virtual* devices 2) Zero Touch Deployment 7) L2/3 Interoperability 8) Management Dashboard 9) Open North-bound API 3) Dynamic Traffic Engineering 5) HA and Resilient WAN 6) App Visibility, Prioritization and Steering 4) Active-Active Architecture APIC Prime 10) FIPS 140-2 w/ Cert Management Optimized Secure Transport Direct Internet Access
  • 8.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. SD-WAN and beyond with Cisco IWAN 8
  • 9.
    SD-WAN and Beyondwith Cisco Intelligent WAN ApplicationsUsers/Devices Private (MPLS) Public (Internet/4G LTE) Hybrid (MPLS, Internet) SMART • Intelligent Path Control • Application Optimization • Advanced Content Caching SECURE • Secure Direct Internet Access • Advanced Threat Defense • Robust Data Encryption SIMPLE • SD-WAN Policy Management • Deployment Automation • Open APIs Transport Independence Application Optimization Secure Connectivity Intelligent Path Control Technology Blocks
  • 10.
    Intelligent WAN: Leveragingthe Internet Secure WAN Transport and Cloud Access 10 Optimized Secure Transport Branch Direct Cloud Access Private Cloud Virtual Private Cloud Public Cloud 1. IWAN Secure transport for private and virtual private cloud access 2. Leverage local Internet path for public cloud and Internet access  Increase WAN transport capacity and app performance cost effectively!  Improve application performance (right flows to right places) MPLS (IP-VPN) Internet
  • 11.
    Intelligent WAN (IWAN)Architecture Enterprise 11 MPLS Unified Branch 3G/4G-LTE Internet Private Cloud Virtual Private Cloud Public Cloud Application Optimization Enhanced Application Visibility and Performance Secure Connectivity Comprehensive Threat Defense Intelligent Path Control Application Aware Routing Transport Independence Simplified Hybrid WAN Management Automation
  • 12.
    Cisco Intelligent WAN Enablingthe Next-Generation Branch Mani Ganesan - Cisco
  • 13.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. Transport-Independence Virtualizing the Enterprise WAN 1 3
  • 14.
    Simplifies WAN Design DynamicFull-Meshed Connectivity Proven Robust Security Flexible Secure IWAN Over Any Transport SecureFlexible • Easy multi-homing with several providers • Single routing control plane over the top of provider networks • Consistent design over all WAN transport types • Scalable Hub-n-spoke with dynamic full mesh topology • Industry Certified security compliance • Scalable high-performance cryptography in hardware ISR WAN Internet MPLS ASR 1000 ASR 1000 Transport-Independent Data CenterBranch 14
  • 15.
    IWAN Transport Independence Consistentdeployment models simplify operations Internet MPLS Branch DMVPN DMVPN IWAN HYBRID Data Center ISR ASR 1000 ASR 1000 ISP A SP B 4G/LTE Branch DMVPN IWAN HYBRID/LTE Data Center ISP C SP B ASR 1000 MPLS Branch MPLS DMVPN IWAN Dual MPLS Data Center ISR ASR 1000 ASR 1000 SP A SP B DMVPN MPLS DMVPN ISR ASR 1000 15
  • 16.
    Intelligent Path Control ImprovingApplication Delivery and WAN Efficiency 23
  • 17.
    Getting the MostOut of Your WAN Investment Benefits of Intelligent Path Control Data Center Branch ASR 1000 ASR 1000 ISR MPLS Internet Enabling Hybrid WANs Efficient Distribution of Traffic Based Upon Load or Path Preference Application Best Path Based on Quality Protection From Carrier Black Holes and Brownouts Lower WAN Costs Full Utilization of WAN Bandwidth Improved Application Performance Higher Application Availability 24
  • 18.
    Intelligent Path Controlwith PfR Voice and Video Use-Case Branch MPLS Internet Virtual Private Cloud Private Cloud • PfR monitors network performance and routes applications based on policy • PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth Other traffic is load balanced to maximize bandwidth Voice/Video will be rerouted if the current path degrades below policy thresholds Voice/Video take the best delay, jitter, and/or loss path 25
  • 19.
    SP1 (MPLS) ISP(FTTH) • Protect voice and video quality Latency < 150 ms Jitter < 20 ms • Protect Email applications from WAN congestion Loss < 5% • Voice and video preferred path SP1 • Email preferred path ISP • Increase utilization by load sharing Multimedia and Critical Data Policy Business App Best-Effort Traffic High Delay Detected SP1 (MPLS) ISP (DSL) Voice and Video High Jitter Detected Email Best-Effort Traffic Protecting Critical Applications While Increasing Link Efficiency • Protect transactional business app from brownouts delay < 250ms • Preferred path SP1 (MPLS) • Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet Business App and Load-Balancing Policy 27
  • 20.
    Load Balancing Maximizing LinkUtilization to Increase Available Bandwidth • Traffic distributed across all paths to efficiently use all WAN bandwidth • Load Balancing based upon link utilization levels • External links can have different bandwidth capacities MPLS = 1.5Mbps Internet = 15Mbps ISR WAN Internet MPLS ASR 1000 ASR 1000 Data Center 50% T1 = 750kbps 50% 15Mbps = 7.5Mbps 28
  • 21.
  • 22.
    Today’s Network isan IT Blind Spot • Static port classification is no longer enough • More and more apps are opaque • Increasing use of encryption and obfuscation • Application consists of multiple sessions (video, voice, data) • What if user experience is not meeting business needs? 33
  • 23.
    Branch Private Cloud Make Your IWANApplication Aware Application Visibility and Control (AVC) DC/Headquarters Public Cloud Cisco AVC Application Performance Visibility • Application inspection with existing routers • Rich data collection using NetFlow v9/IPFIX • Easy to integrate into many reporting tools Smart Capacity Planning • Better use of costly bandwidth • Per-branch and per- application level reporting Business Objective Enforcement • Service Level monitoring per application • Better Analytics to adjust network policies to maintain compliance AVC AVC 34
  • 24.
    What applications, howmuch bandwidth, flow direction? (NBAR2 and Flexible Netflow) Basic Monitoring Performance Collection & Exporting Integrated performance monitoring and advanced metrics for different type of applications and use cases HTTP HTTP Voice and Video Performance (Media Monitoring) Unified Monitoring 30% of traffic is voice and video Critical Applications Performance (Application Response Time) 40% of traffic is critical applications AVC 35
  • 25.
    Private Cloud Add WAN Optimizationwith WAAS + Akamai Speed and Bandwidth Benefits on Top of the IWAN Branch DC/POP Application Optimization • Improved Application performance, delay mitigation, less bandwidth • Twice as many Citrix users over same WAN, 70% faster • Typical ROI in less than one year, 65% BW cost savings Content Caching & Prepositioning Simple and Scalable • Works with existing branch routers • Scale out optimizations resources with AppNav • Native HA resiliency vWAAS AppNav-XE Controller CSR WAVE, vWAAS WAN Improving Application Performance • Reduces WAN bandwidth usage, while accelerating applications • Intelligent caching of internal and Internet content • Prepositioning of data and rich media before it is needed 37
  • 26.
    WAAS and AkamaiConnect Synergy AKAMAI Connect Transparent Cache Dynamic URL Cache Akamai Connected Cache Content Pre-positioning CISCO WAAS LZ Compression TCP Optimization Data De-duplication Application Specific Acceleration 38
  • 27.
  • 28.
    Intelligent WAN: SecureConnectivity Securing the network and users Secure WAN Transport Branch MPLS (IP-VPN) Internet Secure Internet Access Private Cloud Virtual Private Cloud Public Cloud Two areas of concern 1. Protecting the network from outside threats with data privacy over provider networks 2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,… 46
  • 29.
    Securing the IWANTransport IPSec VPN and Access Control • Step 1: Authenticate hardware and software Trust Anchor Module verification • Step 2: Secure Transport Proven IPsec VPN overlay Strong Cryptography: IKEv2 + AES-GCM 256 F-VRF to isolate provider networks • Step 3: Access Control IOS Zone-based Firewall or ACLs protection Role based access to router w/ logging Minimize exposure Provider assigned addressing to hide routers Don’t put tunnel addresses into DNS MPLS Internet Branch ASR 1000 ASR 1000 ISP A ISP C Data Center 47
  • 30.
    * RFC 6379Suite B ** Not supported on older RP1 based ASR 1000s Cisco Router Security Certifications FIPS Common Criteria NG Strong Crypto 140-2, Level 2 EAL4 AES-GCM-256* Cisco ISR 890 Series    Cisco ISR 1900 Series    Cisco ISR 2900 Series    Cisco ISR 3900 Series    Cisco ISR 4000 Series    Cisco ASR 1000 Series   ** 48
  • 31.
    MPLS Internet Branch ASR 1000ASR 1000 ISP A ISP C Data Center Add Network Integrated Threat Defense IOS Zone-Based Firewall • Control the Perimeter: • External and internal protection: internal network is no longer trusted • Protocol anomaly detection and stateful inspection • Communicate Securely: • Call flow awareness (SIP, SCCP, H323) • Prevent DoS attacks • Flexible: • Split Tunnel-Branch direct Internet access • Internal FW— addresses regulatory compliances • Integrated: • No need for additional devices, expenses and power • Works with other IWAN Services: CWS, WAAS, UCS -E,… • Manageable: • APIC-EM, Prime, CLI, SNMP, CCP, and CSM 51
  • 32.
    Intelligent WAN—Direct CloudAccess Branch MPLS (IP-VPN) Internet Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud • Leverage Local Internet path for Public Cloud and Internet access • Improve application performance (right flows to right places) Solutions On Premise – Zone Based Firewall Cloud Based – Cloud Web Security CWS ISR-AX ZBFW 55
  • 33.
    Secure Internet Accesswith Cisco Cloud Web Security (CWS) with ISR-4000 and ISR-G2 Series Routers Secure Public Cloud and Internet Access ISR Connector to CWS Firewall towers Web Filtering, Access Policy, Malware Detect WAN1 (IP-VPN) CWS Private Cloud Public Cloud Branch WAN2 (Internet) IWAN IPsec VPN for Private Cloud TrafficIOS Firewall to protect Internet Edge Internet 60
  • 34.
  • 35.
    Network-Wide Abstractions Simplifythe Network Applications SecurityOrchestration Automation Collaboration SOUTHBOUND ABSTRACTION LAYER REST API CATALYST® CISCO NEXUS® ASRISR WIRELESSASA OTHER SDN Ideal: Controller as the Application Platform The SDN Ideal: Controller as the Application Platform Virtualization 64
  • 36.
    IWAN SD-WAN Automationwith APIC-EM `  Cisco® APIC-EM centralized policy expression and distribution  Distributed policy enforcement  Automated application and topology discovery  Application and network performance monitoring  Adaptive path selection and QoS to sustain policy  Performance analytics collected network-wide and reported centrally MC Branch MC Large Site MC Campus Data Center or POP 4G LTE Internet Data Center or POP #2...n MPLS (IP-VPN) IWAN Domain ControllerPolicy Rendering Policy Distribution and Domain Control Distributed Policy Enforcement IWAN APP Policy Expression 66
  • 37.
    Cisco IWAN ManagementPortfolio Covering a broad range of requirements and preferences • Customer wants advanced provisioning, life cycle management, and customized policies • System-wide network consistency assurance • Lean IT OR IT Network team Cisco Prime Infrastructure • Customer needs customizable IWAN with end-to-end monitoring • One Assurance across Cisco portfolio from Branch to Datacenter • IT Network team Enterprise Network Mgmt and Monitoring Ecosystem Partners IWAN App • Customer wants considerable automation and operational simplicity • Requirements consistent with prescriptive IWAN Validated Design • Lean IT organization Prescriptive Policy Automation • Customer looking for advanced monitoring and visualization • QoS/ PfR/ AVC configuration, Real-time analytics and network troubleshooting • IT Network team Application Aware Performance Mgmt Advanced Orchestration 67
  • 38.
  • 39.
    GTRI SDN Solutions •GTRI’s Virtualization and Advanced Networking Professional Services (PS) practice has expertise with SDN vendor solutions. • GTRI has top-tier partner status with the most relevant long-term vendors in the IT virtualization market. • GTRI offers an SDN readiness assessment service to assess your infrastructure, your applications, and the benefits to your business gained from using SDN. • GTRI has a SDN test bed where we can learn and teach SDN solutions and help validate solutions prior to deployment. • GTRI is performing SDN deployments and we will freely share the latest vendor and industry information with you. © 2016 Global Technology Resources, Inc. All Rights Reserved. 85
  • 40.
    FREE SDN TechnologyReview • We are offering a FREE 3-hour (~1/2 day) SDN technology review for your company • Bring your networking, security, DevOps, and other technology teams together • Review SDN capabilities within your existing networked systems • Discuss SDN architecture and design options • Review network automation and network programmability potential • Engage in conversation on securely deploying IPv6 and using SDN for security
  • 41.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. Q&A Thank you for attending! info@gtri.com | 877.603.1984 | @gtri_global