Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco 4000 Series ISRs Intent-based Networking for the WAN

Similar presentations


Presentation on theme: "Cisco 4000 Series ISRs Intent-based Networking for the WAN"— Presentation transcript:

1 Cisco 4000 Series ISRs Intent-based Networking for the WAN
Welcome. My name is (NAME) and I’m a (TITLE) at Cisco. I’d like to talk with you today about the changes impacting your branch offices, the challenges they introduce, and how the new Cisco ISR 4000 routers can help you get around any roadblocks those challenges might be creating for you. Let’s get started.

2 Intent-based Network Infrastructure
Cisco Live 2017 8/19/2019 The Network. Intuitive. Constantly learning, adapting and protecting. LEARNING DNA Center Analytics Policy Automation INTENT CONTEXT Intent-based Network Infrastructure A recap on the network intuitive – a new era of networking. Highlight that the network intuitive is about the end-to-end enterprise. The Network. Intuitive. A platform that is constantly learning / adapting / protecting (security) and is built on Cisco Digital Network Architecture (DNA) This continuous loop of defining intent, collecting context, learning, and then optimizing the network base on those insights is intent based networking. The combination of Cisco’s Intent based, secure infrastructure with DNA Center’s single point of policy definition, context collection, and learning will become a powerful new approach to building and scaling enterprise networks. SECURITY

3 Unprecedented demands on the network
Digital Disruption Lack of Business and IT Insights 63 million new devices online every second by 20201 Complexity Slow and Error Prone Operations 3X spend on network operations vs network2 Security Threats Unconstrained Attack Surface 6 months to detect breach3 1: Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking 2. McKinsey Study of Network Operations for Cisco – 2016 3. Ponemon Research Institute Study on Malware Detection, Mar 2016 There continues to be unpreceded demands being placed on the network. The trends of mobile, cloud and security putting pressure on the network still exist, but they have evolved to IoT, Hybrid Cloud and more sophisticated security threats. These three trends can be described in more detail as: 1. Digital Disruption: More devices, creating more data is challenging IT. How can IT manage more devices coming online when they lack business and IT insights into what is happening on the network? 1 million new devices online every hour by 2020, Mobile, IoT, Cloud, Artificial intelligence and machine learning , Explosion of data 2.Complexity: Networks have been built in silos over time and all the silos don’t necessarily work together. This means IT has to make changes to each silo separately and in most cases manually resulting in IT being Slow and Error Prone due to Manual Operations 3X more spending on network operations vs the network 80-95% network changes are done manually Constantly changing environnent – more users, devices and applications. 3. Security: The number of security attacks continues at a relentless pace and attacks are becoming more sophisticated and coming from both inside and outside of networks and IT is having a hard time keeping up with an unconstrained attack surface 3 months to detect a breach $4M the average cost of a breach Increased attack surface and more sophisticated threats

4 Top WAN Challenges Increasing complexity Poor user experience
Complexity with interconnecting multiple transport types In-house management of enterprise WAN networks Increasing complexity Poor user experience Need for better analytics and visibility into applications and resources delivered by the network Managing consistent user experience for on-site enterprise apps and off-prem cloud applications Difficult to secure Security requirements relating to web and internet applications Audit and compliance related to the network With these trends bring new challenges. A recent IDC survey conducted in Aug 2017 of over 1200 enterprises globally asked the question “What are the major WAN challenges that your organization faces?” and their top response were: Difficulty interconnecting multiple transport type and managing enterprise WAN network which leads to inefficient IT A need for better analytics and visibility and lack of consistency managing both on-prem and public cloud applications means a poor user and customer experience And one of the top responses: Not being able to keep up with security and compliance requirements, could lead to an inability to secure the network Source: Software-Defined WAN (SD-WAN) Survey, IDC, August, 2017

5 Customers are asking for…
How do I move workloads to Amazon AWS or Microsoft Azure and make my network ready for SaaS applications like Office 365 or Salesforce? How do I dramatically simplify my WAN architecture and make it easier to manage, operate and consume? How do I deliver secure connectivity and a better application experience in a hybrid WAN environment?

6 What is the problem? The WAN is not working..
MPLS Data Center Branch WAN Users Internet Not enough bandwidth, low agility, costly to maintain, slow cloud apps

7 The Intent-based WAN is the solution
Data Center MPLS Public Cloud Intent-based WAN Branch SaaS SaaS Users Internet Supports more data, applications, SaaS and more internet usage Add picture of ISR where it says branch instead of a dot

8 Intent-based networking for the WAN
End-point flexibility Analytics & Assurance Network Services On-premise or cloud managed Transport Independence Intent-based WAN Internet SaaS Public Cloud Data Center Users Branch Securely connect any user to any application with the best experience

9 Journey to Intent-based WAN
We are here Centralized Management On-premise or cloud managed across all platforms Secure Connectivity SD-WAN or Hybrid WAN with integrated security Policy-based Automation Application aware policies for optimal user experience Analytics & Assurance Performance optimization with predictive and self-healing capabilities Intent-based WAN Constantly Learning Constantly Adapting Constantly Protecting Software subscription is the foundation

10 Cisco 4000 Series Integrated Services Routers (ISRs) Digital-Ready Branch Foundation
WAN and Application Assurance Software-defined WAN (SD-WAN) Application optimization Content caching Virtualization Cisco or third-party virtual network functions (VNF) and app hosting Proactive Security Secure connectivity Branch threat defense Visibility and analytics Unified Communications Voice with survivability High-quality video Session border controller Pay-as-You-Grow Investment Protection Physical Converged Virtual Third Party ASAv vWAAS vWLC VNF App Cisco Unified Computing System™ E-Series Cisco® Integrated Services Router That’s why we developed the ISR 4000. Use it to handle the massive flood of traffic and new mobile, cloud, and rich-media applications. These routers were engineered with the evolving nature of the branch in mind. They have a whole new architecture to address the new branch problems, while not giving up any of the existing services of previous-generation Cisco branch routers. And they make all of this available in a single, quick-to-deploy, easy-to-manage converged platform. One that is purpose-built to help you overcome the bandwidth constraints that have long been responsible for performance and reliability challenges at your branch and remote sites. The 4000s also bring virtualization to networking so IT can adopt services faster and repurpose resources as needs change. And they deliver additional compute power for local app survivability, data backup, and local analytics processing.

11 Cisco 4000 Series ISR Portfolio
New Platform Sept 2019 Cisco 4000 Series ISR Portfolio 4451 ISR Over 4 Gbps* Customers 4461 ISR Over 10 Gbps* 4431 ISR Over 4 Gbps* 4351 ISR Over 2 Gbps* 4331 ISR Over 2 Gbps* 4321 ISR Up to 1.5 Gbps* 4221 ISR Up to 1.2 Gbps* Award-Winning Architecture 4 to 10 Times Faster Cisco ONE™ Software *CEF performance for IMIX packet Delivering a High-Quality Experience Across All Branches In October 2014, we introduced the Cisco ISR 4000 Family. This family is built on the success of the Cisco ISR 4451-X which was introduced in mid-2013, with fully re-designed platform focused on the largest most demanding customers who needed to maximize speed, scale and services together to enable an optimal application experience. Today we have over 1000 customers, and have won multiple industry awards. But, as we see the impact of mobility and cloud, the need is growing across the board, even to smaller branch offices We are now expanding our Award Winning Architecture across all our customer sites, running from 35Mbps to 2Gbps to ensure a consistent experience everywhere. This is 4-10X faster than our previous generation. Because of Pay-as-you-grow, we have been able to consolidate 10 platforms down 6 give, making it much easier for you to select a platform that suits their needs today, and scales as they grow. In addition, you can purchase this technology to tradition bundles (like ISR-AX) or Cisco ONE Software that decouples hardware from software offering a subscription based OpEx model.

12 Benefits of Upgrading to the 4000 Series ISRs
Intent-based networking capabilities Features ISR G1 ISR G2 ISR 4000 Digital-ready infrastructure Network Functions Virtualization Cisco IOS® XE Native Application Hosting UCS E integrated compute Policy-based Automation Cisco DNA Center Cisco SD-WAN Cisco Smart Licensing Analytics and Assurance DNA Assurance Application Visibility and Control Intelligent path selection Optimization WAN optimization Security Cisco Umbrella Cisco Stealthwatch Enterprise Encrypted Traffic Analytics WAN MACSec Performance Pay-as-you-grow performance Subscription Flexible Subscription

13 Deploy branches faster at lower cost
Leverage internet for public cloud and Internet access MPLS Private Cloud 3G/4G-LTE Secure VPN overlay for private and virtual public cloud access Colocation Branch Internet Seamless extension to the cloud enables business policy to follow workloads Public Cloud Lets take a deeper dive into some of the the technologies behind the case study. Cisco SD-WAN can help to: Deploying new branches fasters eliminating delays if MPLS connectivity is not available. Having transport independence means you can leverage any type of connectivity available at your remote locations. In some cases alternate transport can also be cheaper that your existing connectivity. Secure VPN overlay ensures that your data is encrypted and is a major component of the WAN fabric. SD-WAN is helpful when the business is expanding or merges with a new business and there is a need to bring up new locations quickly.

14 Easier to deploy, manage and operate
Cisco DNA Center Cloud and on-prem management and operations with a single WAN fabric across all end-points Simplified workflows for easier configuration, monitoring and troubleshooting. Advanced analytics and assurance for application service level agreement Using SD-WAN also makes it easier to deploy, manage and operate your WAN: A centralized managed WAN fabric makes it is easier to configure, manage and monitor your WAN. You can view all your end-points in a single user interface. It doesn’t matter where those end-points are located (even in the cloud) you an see them in a single screen. Zero-touch -deployment makes it easy to bring up remote sites without needs IT experts onsite. Viptela will be merged with DNA Center in the near future.

15 Save time rolling out new branches and services
DNA Virtualization Components Hardware optimized for NFV Purpose-built compute platform for the branch Central Orchestration and Management DNA Center Cisco & 3rd party VNFs Rich Network Services NFV Infrastructure Software (NFVIS) ISR 4K + UCS-E SW Intelligence over HW Platform Freedom of Choice Network services you can trust ISRv, NGFWv, WAN optimization, wireless LAN controller, Windows, and 3rd party VNFs Simple to design, provision and scale Centrally orchestrate and manage network services across the enterprise using DNA Center Flexibility and freedom of choice Common infrastructure software for any place in the branch, cloud and colocation Lets take a deeper dive into some of the the technologies behind the case study. How to Save time rolling out new branches and services – Cisco Enterprise NFV. Automated, software-based network services in minutes on any platform Apply consistent network policies through the entire enterprise network to the cloud Network services anywhere in the network (branch, colocation, public cloud) on any platform More information here: Check out Jay’s series of blogs on ENFV:

16 Service containers create an opportunity to access more than WAN connectivity
Seamless transition to Cloud IOSd Control Plane WAAS Customer and 3rd Party Applications Linux OS Platform-Specific Data Plane KVM/LXC Virtual Ethernet Scalable service offerings for all branch sizes Reduced costs – no branch hardware changes and no physical cabling All 4000 Series ISRs have spare CPU cores. Full applications can run inside the router, inside virtual machines (VMs) with no impact to router performance. Apps can be provided by Cisco, partner, or customer. They come as .ova files ready to be installed on the router.

17 Deliver a consistent user experience for Cloud apps
DC Offload Internet and public cloud traffic to reduce backhauling Branch Public Cloud Centralized security and policy management reduces risks associated with internet access at the branch SD-WAN SAAS SaaS/ Office 365 Users Internet WAN optimization reduces latency of application, video and content over the WAN Direct Internet Access Cloud applications are challenging traditional WAN’s that have been designed on MPLS. SD-WAN can help to improve the performance of cloud applications by using the internet for WAN. DIA is primary use case which helps to: Reduce bandwidth requirements at your headquarters Reduce network hops and latency due to direct routing, and better optimization from Internet-based content delivery network (CDN) solutions. Improve the response times of cloud applications.

18 Steps to securing the network edge
Stop threats at the edge Protect users wherever they work Control who gets onto your network Simplify network segmentation Find and contain problems fast Zone-based Firewall & ASAv Software-Defined Access Cisco Umbrella & ETA ISE & TrustSec Snort IPS Gain visibility into behavior from within the network. Stop threats from spreading within your organization. Apply threat-centric visibility and control to your firewall for truly effective protection at the perimeter. Protect all users regardless of location or device, and whether they are employees or guests. Find, stop and remove malicious content with effective tools that are simple to use. Stop the wrong people from accessing your network. You can never be 100% secure, but if you have the right security in place you can limit number and size of attacks that will happen to your network. No matter the use case, Cisco has a solution for every part of your network. There are multiple steps to securing your network. Lets walk through each step and what is needed.

19 Branch Convergence with Cisco UCS E-Series on 4000 Series ISRs
From this To this Router Wireless Security WAN Op Voice Traditional Branch IT Apps Server Switch Automation Central controller and SDN app Virtualization VNF and app hosting data assurance Application Experience WAAS and Akamai Connect Connection Unified Voice, video, Communications Anywhere Wired and 3/4G LTE Branch IT Simplicity Pervasive Security Customer Experience Insights Security Branch and DIA Security Malware, firewall, IPS/IDS, and cloud Broadest Network and Branch Services on an Integrated Compute Blade Branch convergence with UCS-E delivers the following: broadest network and branch services on a price- and performance-optimized footprint. It will migrate you from a multi-vendor, standalone appliance branch environment to a digital branch foundation, savings CapEx right away and enable digital capabilities. One that allows you to have: Superior applications experience delivering five 9s SLA for mission critical apps, whether on-premises, in the cloud (SaaS), or as virtual desktop infrastructure (VDI) with ubiquitous connectivity: wired and wireless (3/4G LTE) Branch IT simplicity starting with platform independence so you can virtualize any app, anywhere: as virtual machine on a router-integrated compute blade (e.g. network services like virtual WAN optimization and business apps like Pos, CRM, ERP, HRMS) or as virtual network function (e.g. virtual routing) on the UCS-E series blade. IT can spin up sites and services in minutes via SDWAN capabilities such as orchestration and automation (IWAN APP and ESA on APIC-EM) Pervasive security with comprehensive branch network threat defense for the entire attack continuum: before, during, and after using a suite of security: firewall, intrusion prevention, advanced malware protection, and cloud security. The addition of Stealthwatch Learning Network (SLN) enhances the network layer with Domain Name System protection, an integral part of Internet security for enterprises with DIA use case. With a scalable, pay-as-you-grow model of the ISR 4000 Series and the modular UCS E-Series, your investment today is protected with license portability through Cisco ONE.

20 IOT: Fog and Edge Computing
Bandwidth Demands Offload local traffic to reduce backhauling Content Source Small Fault Radius due to Localized Impact of Fault Edge Cloud Budget Content Source Reduction of Latency (“Latency is Money”) Reduced Operational Complexity (Handle it locally from anywhere) Edge Cloud Maintain Local Security (The need of the Hour) User Suffering Local Compute Coupled with Performance Delivers Fog and Edge Computing Branch convergence with UCS-E delivers the following: broadest network and branch services on a price- and performance-optimized footprint. It will migrate you from a multi-vendor, standalone appliance branch environment to a digital branch foundation, savings CapEx right away and enable digital capabilities. One that allows you to have: Superior applications experience delivering five 9s SLA for mission critical apps, whether on-premises, in the cloud (SaaS), or as virtual desktop infrastructure (VDI) with ubiquitous connectivity: wired and wireless (3/4G LTE) Branch IT simplicity starting with platform independence so you can virtualize any app, anywhere: as virtual machine on a router-integrated compute blade (e.g. network services like virtual WAN optimization and business apps like Pos, CRM, ERP, HRMS) or as virtual network function (e.g. virtual routing) on the UCS-E series blade. IT can spin up sites and services in minutes via SDWAN capabilities such as orchestration and automation (IWAN APP and ESA on APIC-EM) Pervasive security with comprehensive branch network threat defense for the entire attack continuum: before, during, and after using a suite of security: firewall, intrusion prevention, advanced malware protection, and cloud security. The addition of Stealthwatch Learning Network (SLN) enhances the network layer with Domain Name System protection, an integral part of Internet security for enterprises with DIA use case. With a scalable, pay-as-you-grow model of the ISR 4000 Series and the modular UCS E-Series, your investment today is protected with license portability through Cisco ONE.

21 Transforming customer experiences for all industries
Retail Guest Wifi eCatalogs Mobile Point-of-Sale Education 24/7 eLearning eBooks on iPad Web conferencing Finance Digital signage Remote expert Mobile banking Healthcare Online health portal Telemedicine Remote monitoring Here are more examples how the intent-based WAN is transforming the customer experience in different industries. In retail, stores drive greater revenue per square foot through personalized in-store experience with location-based promotions, online concierge, and eCatalogs, translating to anywhere point-of-sale – all by allowing guest wi-fi for its employees and customers. In education, educators increase registration through eLearning and enhance learning comprehension with video content delivered anytime, anywhere, on any devices. Students use smartphones to find their ways around campus, access and manage their courses, and collaborate with faculty and other students in team projects. In finance, the use of cloud/SaaS enables digital signage to deliver current, in-branch offers and promotions, mobile banking to customers while service reps leverage hd-videos for teleconferencing and training, to maintain consistent quality of service, and also deliver innovative services, such as virtual advisors – extending the business beyond the 9-5 hours of operations and the proximity of a physical branch. In healthcare – use of cloud/SaaS enables convenience access to patient’s eHealth record, innovative services like teledoc or telemedicine, and the wayfinding of the use of guest wi-fi.

22 Reducing appliance sprawl in the branch
From this To this To deliver this WAN Optimization Security Switch Wireless Voice Traditional Branch IT Apps Server Router 18K 14K 10K 6K 2K 0K Multiple Hardware Vendors ISR + UCS-E 80% Power Cooling Savings Deployment Costs Hypervisor Capital Hardware Capital Shipping Costs HW Options Cisco ISR 4000 with UCS E-Series Over time IT has added more and more devices in the branch as business needs have changed. This has created ‘branch sprawl.’ Each device requires its own maintenance and operations leading to higher operational costs and IT takes longer to make changes. Moving towards a single solution (physical or virtual) helps to simplify the branch but it also helps to reduce overall capex costs related to equipment costs and opex costs related to heating power and cooling. E,.g. ENCS comes with a purpose built hypervisor for NFV so you don’t need to pay extra for a hypervisor from vmware that is built for applications.

23 ISR4461 Router 3 x Network Interface Modules (NIM) 4 x Front Panel GE
4 RJ45/SFP GE Interfaces PoE available on 2 Interfaces 3 x Network Interface Modules (NIM) Larger & more powerful than EHWICs Up to 8 ports per module DSPs directly on modules Management Interface Connects router’s control plane directly to a management network. Dual Redundant Power Supply 650/ 1000W Power Supply DC and AC Power Supplies 3 x Extended Service Modules SM-X modules, Compatible with ISR G2 Up to 10Gb connection to system Faster & more powerful than SMs The 4th SM module only supports double Wide SM Module

24 Case study Casual bakery-café chain increases customer satisfaction
Business Objectives Upgrade network to meet demand for increased bandwidth Increase customer satisfaction Enable business applications Solutions ISR 4000 routers and app hosting on UCS E-Series blade compute servers deployed in over 1300 stores Provides customer WiFi, private employee WiFi and support for applications such as POS services, IP telephony, streaming music, digital signage, etc. Business Outcomes Enables performance, scalability and reliability of applications Increases security, data protection and PCI Compliance Reduces technology debt, complexity and footprint Increases visibility and analytics Improves quality of service and support providing a better user experience for both customers and employees Let’s start with a case study on Panera Bread and how they are transforming the customer experience at their stores. Challenge Due to the demanding expectations of their customer segments; i.e. Millennials, Panera Bread had to rebuild out technical capabilities. The vision is to reduce latency; increase demand; and improve the overall customer experience. Solution ISR UCS E-Series - Provide support for enterprise infrastructure and mission critical transaction processors; e.g. FirstData, Paytronix, etc. UCS E integrated into the routers provide edge application delivery and services to the café Supports intelligent Akamai caching capabilities to improve performance and cache Apple iOS upgrades for iPOS. UCS E hosts iPOS and iBOH applications within the café to assure performance, resiliency, and availability/recovery within the café. Network Router supporting POS/PCI Network; Vendor Integration Network (Innovation) Business Outcomes Improves End-User Experience for Team Members and Customers Target Marketing and Presence Analytic Big Data in the cloud Reduces technology debt, complexity, and foot print Improves Quality of Service & Support by having greater visibility and management capabilities Flexibility - Future-Proofed sustainable investment, Scalable Product Family to support multiple service availability and capacity tiers Modular Technology Design supports technical architecture that adapts to change Security - Improves Security, Protects Data, and PCI Compliance Increased Access More capacity to support wired and wireless End-Point devices Greater WiFi Access Point coverage to support Customer & Business demands Private Business WiFi Network for Mission Critical Applications, Increased Bandwidth for better Customer WiFi experience Cisco Confidential

25 Routing software subscription offers
Enterprise Agreement (EA) Eligible Cisco ONE Advantage Software (support included) Single SKU 3/5 Year Subscription DNA Advantage Single SKU 3/5 Year Subscription Single SKU 3/5 Year Subscription DNA Essentials Cisco ONE Advantage Cisco ONE Advantage DNA Advantage DNA Advantage DNA Essentials DNA Essentials DNA Essentials

26 Benefits of software subscription
Access to ongoing innovations Access to ongoing innovations Software portability Software portability Investment protection Reducing truck rolls makes it easier to keep up with the business Confidence to move to Intent-based WAN Branch, Co-location, Cloud or Data Center Flexibility to move between platforms and deployments Simple software upgrades to scale up or down Pay-as-you-grow software upgrades Simplify the move to the Intent-based WAN Investment protection – vEdge to ISR License portability – physical to virtual Access to ongoing innovation or Pay as you grow.

27 ISR 4000 - Open and Programmable
Program your network stronger, simpler, and faster – build and develop with Cisco APIs DevNet Cisco Developer Program Improve security and reliability with an open and programmable network operating system Cisco IOS XE Customizable for ’best of breed’ virtual network functions 3rd Party VNF’s Cisco is committed to making all its products Open and Programmable. As Cisco DNA becomes a platform, Cisco is making it easier for third parties to integrate with out products, and also makes it easier for developers to build custom applications on top of our products. Cisco has 3rd party certification program for 3rd party virtual network functions (VNF’s) if customers want to bring along their own VNF’s.

28 What You Gain Complete Proven Solution One Size Does Not Fit All
Freedom of choice based on budget and expertise Digital-Ready Foundation Business Priority Digital-ready branch for the digital transformation Open Architecture Software-defined + Extensible = Agility Complete Proven Solution One trusted partner for branch, WAN, and cloud

29 Learn more cisco.com/go/isr4000
I appreciate your time today. Do you have any questions for me? If you’d like even more information, please visit cisco.com/go/isr.

30


Download ppt "Cisco 4000 Series ISRs Intent-based Networking for the WAN"

Similar presentations


Ads by Google