Cisco The Future of SD-WAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so let me introduce myself Ramesh propaganda Ron product management for Cisco SD when I come in through the web tile acquisition which is where I met you guys last I was running product management there and we have an all-star crew today from Rohan - David - Hamza - Crowley - like a whole bunch of folks that'll be talking about Estevan and all the innovations there let me help just set up the problem and and kind of where we are and then I'll turn it off - Rohan - go through the rest of the details so back in 2016 and I'm not gonna go too far back just go back to 2016 it was really early stages I would say right the technology was was there early customers had deployed it that's the face that I would fall as the SD went up rising right like the first hundred customers who like really dived deep into the into the pool were able to see the value of that and they were able to deploy as well the genesis of SD van as we all know was really around how do I take expensive MPLS circuits add to broadband and build the fabric out of that and get the cost efficiencies and and the cost arbitrage that came with it along with that we saw a whole bunch of deployments around segmentation how do i do mergers and acquisitions how do i segment my network for line of business for compliance and so on and so forth so those were kind of the the early adopters of the technology really focused on on this along with kind of how do I bring business partners into the mix and give them access to the infrastructure so this was two years ago last year was was is the face I would call as divine maturing mainly because there were a couple of acquisitions the pioneers who actually jumped into the deep end of the pool were able to see the deployments work and available to scale it to like thousands of sites and in some cases as well and the focus at that time was okay now I got the cost arbitrage and the efficiency is there how do I get security to work how do I do a direct Internet access into office 365 and how do I have an on-ramp into into a wso Azure and and so forth so those so dia and DCA were really key topics of conversation amongst all of our customers dear and so we built a lot of technologies and innovations around that it was also the time that managed service providers large telcos in particular jumped in and said hey I have a managed service offering so if you are an enterprise customer you can actually get this as a service from me I'll give you the circuit I'll give you the managed capabilities on top you don't have to worry about your network irrespective whether it's hundred sites or thousands of sites and with that also came kind of virtualization I have a really cool technology in the form of s divine I'll bring security into the mix I'll bring elements of optimization and I'll offer everything in a virtualized form factor so that was last year fast forward to this year and I'm sure many of you have seen the stats around this in the next two years ninety percent of the enterprises are going to make a decision on sd1 it's not a it's no longer a question of if it's purely a question on on rent and that's one of the reasons why you saw Gartner as well issue the Magic Quadrant and it helps separate how I would call the men from the boys there are a few vendors who show up on the top right because they have the credibility and the deployments to show this year every single van conversation that we are having inside of Cisco and as Cisco you should expect us to be like in the in the in the table at least on on many of these van conversations every single one of those van conversation is an SD van conversation right across every vertical be it public sector or or our utilities retail manufacturing financials and and so forth so every single one of them is a van conversation and there are two things in particular that keep coming up time and again one is how do I use this opportunity to revamp my security architecture entirely and how do I build efficient on-ramps into the cloud so all the innovations that we will talk about today and show you in action are going to be revolving around what are we doing with respect to cloud what are we doing with respect to security while at the same time making sure that you get a really good view into how we are we migrating customers from their traditional network architecture to the architecture of today so those are the kind of the main topics that that we have I'm gonna turn this over to Rohan will problem and what we are doing about it as well thank you Ramesh before I get started quick introduction my name is Rohan Grover I'm part of the product management team in sd1 and I'm going to double click into few of the things that Ramesh was talking about specifically around the new innovations on security and multi cloud and there a clicker here so this picture should be fairly familiar to you guys we are we are in a world sorry this we're in a world where your traditional campus and branch is no longer the same we're in a world where you have mobility that is pervasive everywhere IOT devices are becoming the norm everyone wants to connect to everything at any point of time on any device and our traditional concept of where applications set is fundamentally changing there used to be a time when it was the data center and a private cloud it's no longer that you should he'll have that along with things like IAS and SAS and it is truly a multi cloud world with all the conversations we've had with our customers more than 85 to 90 percent of our customer base is looking to have applications in more than a single cloud right so everybody is looking at whether it's AWS or as you're obviously 65 or Salesforce there are multiple clouds now the Wang is really the the connecting fiber between all of these and and this connectivity is no longer through internet through MPLS circuits we are depending on internet connectivity and internet connectivity is now becoming business critical and it's no longer a best-effort kind of transport anymore enterprises are looking at Internet as the way to access their applications across the multi cloud now this becomes important because when you are doing this you have to ensure the same level of reliability as well as security over the internet links that you expected over MPLS and you're talking about enterprises that have few campuses hundreds of branches and thousands of users there are all mobile right so this is a fairly complicated problem statement that we're trying to solve and all of these interconnections are making life harder for network administrator's not necessarily easier the cloud makes users lives easier it doesn't necessarily make the network at which it is life easier yes oh yeah I got a question no I'm listening intently though thank you wait so the new paradigm that we see is that there is certainly this gap between users devices IOT things and the multi cloud and this gap is creating a new paradigm called the cloud edge the cloud edge in our mind is where networking and security and cloud all come together right and this is going to become or this is currently the new battleground on on the wine side right and we need to figure out how we are going to protect the crowd cloud edge there's clearly a level of exposure now with internet becoming pervasive and business critical that didn't exist in the past security is fundamental to securing the cloud edge application experience MPLS provided you a guaranteed SLA and metrics because you were paying for that the internet is no longer that guaranteed purveyor of SaaS we have to make sure that the experience is consistent whether you're going over an MPLS circuit over there going over an Internet circuit and it has to be give you the same level of performance characteristics that MPLS used to give you and complexity of course you have to make sure that the van is intelligent enough to be able to take the best part with the most secure part to anywhere you want to go so let's dive into the security piece of this how do we do security today in a branch there's typically four ways of doing security in a branch and I'll go over all of them and there's pros and cons to each of them so the the traditional way of doing it is you want to get access to the Internet you basically go from your branch location backhaul it to your data center and then go to the Internet now this pros and cons here security is easier here because your security parameter is actually in your data center and you have all of your security appliances sitting there the user experience is not it's good when you're going to a SAS application or to the multi-cloud through a data center you're going to have performance implications the second way that we would do this is through cloud security let the security be handled directly by the cloud there are a number of vendors out there that say that we can handle your security you don't actually need security sitting in your branch you can do it all in the cloud now while that may be fairly simple there's not any effort required by the enterprise to do this a lot of large enterprises get very nervous when you talk about essentially outsourcing your security to the cloud right there's a level of control that they'll lose and they don't like it right so while this is doable this is probably not the model that a lot of enterprises are going to do the third model is you're really paranoid about security you want to deploy a unified threat management system in every branch right so this gives you a level of control that you didn't have with option two however this does get you a lot of complexities it is more expensive to have a dedicated UTM appliance sitting in every branch and management becomes the problem you have two different points of management for your routing and SD Van as well as for your security appliances lastly you could do all of this where you could deploy all of these in some form or fashion and a lot of intervals actually do this today like there's no one single answer here but again this increases complexity and this reduces control based on what you do in which branch so we believe that we actually have an answer that might be better than all of these the question really is how can I t maintain choice and control when you're connecting to a cloud force and a multi cloud kind of world so what we are really announcing today to begin with is a full stack security embedded within our routing portfolio with sd1 so we introduced as Devan the web tell our staff in the ISR iOS code base in July and now along with that we are embedding our core security functions which is application-aware firewalls IPS IDs URL filtering in the SD Wang iOS router itself you get a full star solution so that you can deploy this in one place and manage it consistently from one dashboard which is our we manage dashboard so one place to deploy security one place to manage it one place to monitor it so this is a I think a key innovation all of our install base already out there has millions of is ours they can be enabled with SD band today with the firmware upgrade and now you can add security to it so qualification here so this if I'm running the patellar stack on my is our router that's all I'm running right isn't that how that goes i turn on dipped Ella and then that's my my routing stack and now I'm adding your van ounce a day security to that so that's all gonna be within the depth Ella container if you will running on my is our that's all gonna be embedded in the iOS code along with the whipped Ella stack right so the mechanism of how we embedded it depends on what function you're talking about the IPS for example is a snort based IPS that's running in a container for snort so it can do all of the signature analysis and all that but it is all natively in built into the iOS image that is running SD man okay so it's an iOS image now I've just got more connect more elements that you have you've got more elements in addition to the SD ban capabilities that we announced in July but it's not a thing is that what you were saying yeah is it's a unit is one image it's what I always image yeah is it an integration of FTD or just components of that or we work very closely with our security team we have the Best of Breed security assets and all of this is in conjunction with our security team and we have taken elements of the firewalls the containers the IPS ideas along with the threat management with talos so when you when you integrate these security capabilities in an ISR and whether you buy any of these in any form factor whether it's an ISR and appliance you get the Talos threat detection capabilities along with this that's one of the key differentiators we believe for our solution where this is by far the largest read database in in the world and you get this is fully functional as if I were running fire power appliances yes obviously there's limitations on scale yeah and would that be the major France then in the sense of why why would I correct so we'll talk a little bit about deployment models like there are clearly this is not the answer when you're running security in a campus or the headend and you need dedicated security appliances because the scale and performance matters okay in a branch deployment and depending on the size of the branch and the number of users this is a clearly viable solution it reduces capex it reduces management and and really this is also intersection of net ops and say cops right we also have to look at your organizational capabilities and how you're set off steam and the top steam is going to work together to to make this a reality those organization boundaries are going away and we're seeing that going away but it is going to be a while before SEC ops and I talk actually talk to each other right so I'm being told that I'm going to run out of time fairly quickly go through these double click into this for the next hour and a half so the second piece that we are announcing is integration with our umbrella stack for cloud security so it's not just your embedded branch security that we're talking about we're also adding elements from cloud security stack which is Cisco umbrella and integrating that with D is ours so now you get a system that is fully secure wherever your users are connected in the branch or whether they are roaming around and connected through Starbucks or some other place right mobility the last piece of this is the multi cloud piece today we already have solutions for cloud on-ramp where we can connect and accelerate performance to 14 SAS applications using our cloud on-ramp which is a shipping feature for the last year what we're announcing is we partnered with office 365 and we added enhancement show that capability so that we can get you better performance by reaching to the closest a 365 location from where your branches so you don't have the performance penalty of essentially going across the world or going across the country to go to a file location we will make sure that you reach the key nearest location to your deployment and we actually have a demo that will show you this 40% performance improvement of turning this feature on versus doing the traditional way of backhauling from your data center so the next hour or so will show you a demo of this closest is defined by I'm saying yes there's a well there's a latency and jitter the parameters that we monitor okay so you're going to see a fairly double click on this so I'm going to go over this side very quickly when we talk about embedded branch security what we're talking about is enterprise firewalls we recognize 1,400 applications so this is application of where firewalls we have the IPS which I just talked about the snot base IPS the most widely deployed IPs on the planet URL filtering with 80 web categories as well as the cloud security with umbrella and who really is going to talk about this in extensive detail so I'm going to move forward from Cisco standpoint we believe that we are going to give you the right security in the right place and there's a lot of different places where you want to deploy security starting from your data center private cloud SAS is and this is just kind of giving you a quick cheat sheet on where we believe certain elements of security should be deployed now when you are talking about multi-factor authentication which is our duo acquisition and we are not talking about integration we do it today but duo is clearly something that you would use in mobile users and devices and things and and that is something that needs to be done alongside the brand security and the cloud security that I am talking about to get you a full-fledged stack then you have the rest of the capabilities that I am talking about today which is firewall yes URL filtering and cloud so depending on where you are in the network you need a pervasive security stack and cisco has all of the elements to give you that and as I just mentioned we now have a common security architecture that spans across both our whipped Ella as well as my rock e-portfolio all of them powered by our Talos architecture right so whether you are using a SD Bank security stack by capella or by Meraki you have a common security architecture all of it using the best of breed security assets in Cisco this is the demo that we are actually going to show you regardless of how you are reaching to a SAS application specifically o365 we will provide you the fastest and best power to get there

Info

Channel: Tech Field Day

Views: 7,222

Rating: undefined out of 5

Keywords: Tech Field Day, TFD, Networking Field Day, NFD, Networking Field Day 19, NFD19, Cisco, SD-WAN, Automation, Security, IOS, IOS-XE, SaaS, Office, Office365, Office 365, WAN, IWAN

Id: Iv38HDMHX_A

Channel Id: undefined

Length: 18min 6sec (1086 seconds)

Published: Tue Nov 13 2018