BRKRST-2669-Cloud-Ready WAN For IAAS & SaaS With Cisco's NextGen SD-WAN

Cloud-Ready WAN For IAAS
& SaaS With Cisco’s Next-

Gen SD-WAN
Mosaddaq Turabi
Distinguished Engineer, Cisco SD-WAN BU
BRKRST-2669
Cisco Spark
Questions?  
Use Cisco Spark to communicate  
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco SD-WAN = Viptela
4
Session Objectives
By the end of this session you will learn how to address the
challenges for SaaS and IaaS deployments. You will also
learn how to configure, monitor and troubleshoot SaaS &
IaaS use cases using Cisco SD-WAN software
5
Agenda
• Introduction to Viptela design principles & architecture
• Challenges with SaaS deployments
• How to address these challenges with CloudExpress
• Key challenges with hybrid cloud IaaS deployments
• How to simplify hybrid cloud deployments with Cloud onRamp
Evolution of the WAN
Cloud Delivered Analytics
USERS
Cloud
SD-WAN … Use-Cases
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS
Presentation ID © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
USERS
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS
Transport Independent
0
WAN Fabric
Cloud delivered WAN with
1
operational simplicity & analytics
USERS
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS
Transport Independent
0
WAN Fabric
1
USERS
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS
Transport Independent Superior security architecture –

0 2
WAN Fabric cloud based & on-prem
1
3 Application QoE
USERS
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS

0 2
1
End-point flexibility: operational simplicity & analytics
4 • Physical or virtual Cloud Delivered Analytics
• Rich services or lite

• Branch, Agg, Cloud 3 Application QoE
USERS
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS

0 2
1
End-point flexibility: operational simplicity & analytics
4 • Physical or virtual Cloud Delivered Analytics
• Rich services or lite

• Branch, Agg, Cloud 3 Application QoE
USERS 5
Cloud
OnRamp
WAN DC
DEVICES IaaS Apps
INTERNET MPLS 4G
SaaS
vDC
THINGS

0 2
Cisco SD-WAN: Components vBond
vManage
vSmart
vBond
vEdge
ISR4k
ASR1k
ENCS
INTERNET MPLS 4G
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
vManage
vSmart
vBond
vEdge
ISR4k
ASR1k
ENCS
INTERNET MPLS 4G
Data Plane
(Physical or Virtual)
Data Center Campus Branch Home Office
vManage
vSmart
vBond
vEdge
ISR4k
ASR1k
ENCS
Policy, Security, Routing

Control Plane
(Containers or VMs)
CONTROL
Secure
Control Plane
INTERNET MPLS 4G
Data Plane
vManage
vSmart
vBond
MANAGEMENT vEdge
ISR4k
API ASR1k
Management Plane ENCS
(Multi-tenant or Dedicated) ANALYTICS

Control Plane
(Containers or VMs)
CONTROL
Secure
Control Plane
INTERNET MPLS 4G
Data Plane
Control Plane Orchestration

vManage
Orchestration Plane vSmart

vBond
MANAGEMENT vEdge
ISR4k
API ASR1k

Control Plane
(Containers or VMs)
CONTROL
Secure
Control Plane
INTERNET MPLS 4G
Data Plane
Control Plane Orchestration

vManage
Orchestration Plane vBond

vSmart
vBond
MANAGEMENT vEdge
ISR4k
API ASR1k

Control Plane
(Containers or VMs)
CONTROL
Secure
Control Plane
INTERNET MPLS 4G
Data Plane
True Enterprise Class Software Defined WAN
Application Traffic Per-Segment Secure Cloud Cloud Transport

SLA Engineering Topologies Perimeter Path Accel Hub
APPLICATION POLICIES
Routing Security Segmentation QoS Multicast Svc Insertion Survivability
SERVICES DELIVERY PLATFORM
Broadband MPLS Cellular
ZERO TOUCH ZERO TRUST
TRANSPORT INDEPENDENT FABRIC
Analytics
Application Traffic Per-Segment Secure Cloud Cloud Transport
SLA Engineering Topologies Perimeter Path Accel Hub
APPLICATION POLICIES
Monitoring
Routing Security Segmentation QoS Multicast Svc Insertion Survivability
SERVICES DELIVERY PLATFORM
Operations Broadband MPLS Cellular
ZERO TOUCH ZERO TRUST
TRANSPORT INDEPENDENT FABRIC
Cloud Adoption
TECCRS-2004
Shifts in Enterprise Workloads
Traditional On-Premise Data Centers
Public/Hybrid Cloud
IaaS
Public/Hybrid Cloud Cloud Applications
IaaS SaaS
Cloud Ready WAN
Data
Center
Small Office
Home Office Secure
SD-WAN
Fabric
Branch Campus
Cloud Ready WAN
IaaS
Cloud
Data Center
Data
Center
Small Office
Home Office Secure
SD-WAN
Fabric
Branch Campus
Cisco Cloud onRamp
Cloud Ready WAN
IaaS SaaS
Cloud
Applications
Cloud
Data Center
Data Data
Center Center
Small Office Small Office

Home Office Secure Home Office Secure
SD-WAN SD-WAN
Fabric Fabric
Branch Campus Branch Campus
Cisco Cloud onRamp
Cloud Ready WAN
IaaS SaaS
Cloud
Applications
Cloud
Data Center
Data Data
Center Center
Small Office Small Office

Home Office Secure Home Office Secure
SD-WAN SD-WAN
Fabric Fabric
Branch Campus Branch Campus
Cisco Cloud onRamp Cisco CloudExpress
Cisco SD-WAN for SaaS –
CloudExpress
13
SaaS Adoption & Key Challenges
SaaS Adoption
SaaS adoption in Enterprise is
growing at higher than expected
rate
SaaS spend in 2018 will

grow by 21%
SaaS Adoption Secuirty

SaaS adoption in Enterprise is Enterprise customers highlighted
growing at higher than expected security as a top roadblock for
rate SaaS adoption
SaaS spend in 2018 will 30% of enterprise

grow by 21% customers
SaaS Adoption Secuirty Performance

SaaS adoption in Enterprise is Enterprise customers highlighted Enterprise customers highlighted
growing at higher than expected security as a top roadblock for application performance & latency as
rate SaaS adoption second roadblock for SaaS adoption
SaaS spend in 2018 will 30% of enterprise 25% of enterprise

grow by 21% customers customers
How are customers accessing SaaS today?
No DIA
Users have to back-haul via
private MPLS for internet access
No DIA Single DIA

Users have to back-haul via SaaS applications can take the DIA
private MPLS for internet access path from branch
No DIA Single DIA Dual DIA 

Users have to back-haul via SaaS applications can take the DIA Dual DIA paths for SaaS, providing
private MPLS for internet access path from branch additional bandwidth and availability
Cloud Applications
Regional
Data Center
ISP1
SD-WAN
ISP2 Fabric
User Remote Site Data Center

MPLS
Viptela vEdge Router
Cloud Applications
Which way is cloud?

1. Direct Internet Access
2 2. Regional Breakout
3. Data Center Backhaul
Regional
Data Center
1 3
ISP1
SD-WAN
ISP2 Fabric
User Remote Site Data Center

MPLS
Viptela vEdge Router
Optimize SaaS with SD-WAN for No DIA
SD-WAN solutions can leverage the best path Best Performing?
for SaaS from branch to datacenter based on

performance metrics such as loss, jitter and ISP2
delay
Regional
Hub
Sub-optimal optimization as it won’t address
the performance issues from datacenter to
SaaS
MPLS
MPLS 4G
INET
ISP1
How does CloudExpress work for SaaS?
Performance visibility
Performance visibility DNS resolution
Performance visibility DNS resolution Path selection
Direct Internet Access
Internet • Local DIA or Regional Internet Exit

- Per-VPN behavior
• All traffic or policy based
- 6-tuple or DPI matching
INET
NAT • Secure Access
- Port-Address Restricted NAT
Regional - Local Firewall
Data Center Regional Firewall
-
NAT
INET • For optimal quality of experience toward
SD-WAN
INET
Fabric SaaS applications use Cloud onRamp
MPLS
Data Center
Remote Site
Cloud onRamp for SaaS 
Direct Internet Access
• Detect application performance

through one or more Direct
Internet Access circuits
• vEdge routers chose best
Loss/
Latency performing path
Regional - Per-Application, Per-VPN
! Data Center
ISP1
• Automatic failover in case of
performance degradation
SD-WAN
Fabric • Fully automated
ISP2
Remote Site Data Center
Quality Probing
Cloud onRamp for SaaS 
Direct Internet Access and Gateways
• Detect application performance

through DIAs and gateways
- Customer/SP owned and
operated
ISP2 - Security, performance, reliability
Loss/
Latency • vEdge routers chose best performing
Regional path
! Data Center
- Per-Application, Per-VPN
ISP1
SD-WAN
• Automatic failover in case of
Fabric performance degradation
MPLS
Remote Site Data Center • Fully automated
Quality Probing
Cloud onRamp for SaaS Quality Probing
• DNS resolution for the configured

DNS Server(s)
Cloud onRamp SaaS applications
• Periodic quality probes toward the
Loss/ configured Cloud onRamp SaaS
Latency
applications
Best !
Performing ISP1 ISP2 • vQoE score is determined based on
loss and latency reported by the
IF IF quality probes
• vEdge router determines best
VPN0
performing DIA circuit toward Cloud
DNS Query onRamp SaaS applications based
Quality Probe
on vQoE scores
vEdge Router
(remote site)
Cloud onRamp for SaaS (GW) Quality Probing
DNS Server(s)
• DNS resolution for the configured
Cloud onRamp SaaS applications
Best
DNS Server(s) Performing ISP2 • Periodic quality probes toward the
configured Cloud onRamp SaaS
IF applications
Loss/
Latency • vQoE score for DIA and gateway
ISP1
! VPN0 - Composite metric of quality probes
and BFD for gateway
vEdge
IF Router
(gateway)
• vEdge router determines best
MPLS 4G performing path toward Cloud
VPN0
INET onRamp SaaS applications based
on vQoE scores
vEdge Router
(remote site) DNS Query Quality Probe BFD
SaaS applications & vQoE scores
The vQoE value ranges from 0 to 10, with 0 being the worst
quality and 10 being the best.
vQoE = desired metrics / actual metrics * 10
vQoE score is computed for each remote site application and

per path
vQoE
• Every site where SaaS application is

Score Color enabled, is classified as performing Good,
8-10 Green Average or Bad
5-8 Yellow
• Sites are color coded based on the
0-5 Red
performance
Cloud onRamp for SaaS Application Traffic Steering
DNS Server(s) • Host initiates communication with the

Cloud onRamp SaaS application
NAT
• vEdge router forwards host DNS query
Best ! along the best performing path
Performing ISP1 ISP2
Loss/ - Identified with DPI
Latency
• vEdge router identifies application
IF IF
using DPI
Cache Table VPN0
dstIP/dstPort -> SaaS App - Decision is cached
DPI
- Cache expedites subsequent
forwarding decisions
Host
vEdge Router • Application is forwarded along best
performing path
DNS Query Best performing path
Cloud onRamp for SaaS (GW) Application Traffic Steering
DNS Server(s)
• Host initiates communication with the Cloud

onRamp SaaS application
NAT
• Remote site vEdge router forwards host
Best DNS query along the best performing path
ISP2 Performing - DIA or gateway
Cache Table
dstIP/dstPort -> SaaS App - Identified with DPI
Loss/ IF
Latency • vEdge router identifies application using
VPN0
! DPI
ISP1 - Decision is cached
Cache Table DPI vEdge - Cache expedites subsequent forwarding
dstIP/dstPort -> SaaS App Router decisions
IF (gateway) - Repeated on remote site vEdge and
VPN0 gateway vEdge
MPLS 4G • Application is forwarded along best
Host
DPI INET performing path
vEdge Router
(remote site) DNS Query Best performing path
Cloud Express Integration with Cloud Security
3rd Party Integration
Cisco Cloud Security
• vEdge router intercepts client DNS

queries
- Deep Packet Inspection
• DNS queries are forwarded to Cisco
POP1 POP2
Umbrella DNS servers either
unconditionally or based on the policies
Regional • Cisco Umbrella enforces security policy
Data Center
DIA ISP A
compliance based on DNS resolution
• Cisco Umbrella can act as proxy for
ISP B application traffic with full Unified Threat
SD-WAN
Management capabilities
Remote Site Fabric Data Center
DNS or Application Traffic

TECCRS-2004 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
3rd Party Cloud Security
RGN RGN
POP1 POP2 1 2
IPSec Tunnels
GRE/IPSec Tunnels
DIA Regional
ISP A
Data Center
ISP B
SD-WAN SD-WAN
Remote Site Fabric Remote Site Fabric
Data Center
Data Traffic
TECCRS-2004 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuration
Configure settings for CloudExpress
Enable CloudExpress
Enable NAT
Set DNS on VPN 0
Select SaaS Applications and VPN
STEP 1: Service VPN In Which Application Runs
Identify the DIA Sites
Identify the DIA sites
STEP 2:
Identify client sites for CloudExpress
Identify Sites That You Want SaaS Optimization Enabled
STEP 2:
Identify sites that will be used as gateways
STEP 3: Identify Sites That You Want SaaS
Optimization Enabled
Monitor SaaS Performance
Sites Experiencing Bad Quality
Sites Experiencing Average Quality
Sites Experiencing Good Quality
AppQoE
Troubleshooting
Troubleshooting Application Metrics
Local /Gateway
End To End Metrics
Troubleshooting OMP Metrics
Metrics From Gateway To SaaS
Troubleshooting CloudExpress on Local Exit
Metrics To SaaS From Local Exit
Troubleshooting CloudExpress on Gateway Exit
Remote Exit Information
Demo
44
Hybrid Cloud (IaaS) & SD-WAN –  
Cloud OnRamp
45
IaaS Adoption & Key
Trends
New use cases

accelerate adoption
• Multi-Cloud adoption
• Container-based applications
• Serverless Compute
• Machine learning / AI
• IoT
IaaS spend in 2018 will grow by 22% CAGR
Hybrid Cloud Connectivity - Today
IaaS Inet
instance
Public Cloud Provider 1

Region 1
DC Branch
IaaS
instance
Inet
Internet MPLS/Internet

Region 2
Branch
IaaS
instance
Inet DC

Region 1
Challenges with Hybrid Cloud Migrations
User
Traffic trombones through DC
experience
Branch to cloud IaaS is extension of DC

connectivity
Resiliency Multi-Transport access
DIA : Protecting branch users &

Security branch router
Operational Consistency across multi-cloud

model deployments
Challenges with Hybrid Cloud Migrations
Cisco Cloud ready WAN
User
Traffic trombones through DC
experience Cloud connectivity consumable
through a single pane
Branch to cloud IaaS is extension of DC Transport independent any-to-

connectivity any connectivity
End-to-end VPN
Resiliency Multi-Transport access segmentation/isolation
Visibility into IaaS application

usage
DIA : Protecting branch users &
Security branch router
Consistent policy across
branch, DC and Cloud sites
Operational Consistency across multi-cloud

model deployments
What is Cloud onRamp ?
Cloud onRamp is Cisco’s SD-WAN capability to simplify
hybrid cloud connectivity by extending WAN fabric to public
cloud
49
Presentation ID
Public Cloud Providers - Terminology
Description AWS Azure
Virtual Private Cloud/IaaS instance Virtual Private Cloud (VPC) VNET
Redundancy construct Availability Zone Availability Set
Private Circuit Direct Connect Express Route
Internet Gateway IGW Internet Gateway
IPSec VPN Gateway VGW VPN Gateway
Security Security Groups / ACLs Network Security Groups (NSG)
Public Cloud Connectivity Options
Option 1: Internet connection to
Public cloud
vEdge
Internet
Public Cloud
Provider
IaaS/PaaS
Internet only for connectivity.
Option 1: Internet connection to Option 2: Direct Connect to Public
Public cloud Cloud through SP
vEdge
vEdge
SP
Internet
Carrier PE
Public Cloud Public Cloud

Provider Provider
IaaS/PaaS IaaS/PaaS
MPLS carrier (MSP) offers direct connect

into public cloud provider
Option 1: Internet connection to Option 2: Direct Connect to Public Option 3: Direct Connect to Public
Public cloud Cloud through SP Cloud through “meet-me” locations
vEdge
vEdge
vEdge
Internet MPLS
SP
Internet
Carrier PE Colo vEdge
Public Cloud Public Cloud Public Cloud

Provider Provider Provider
IaaS/PaaS IaaS/PaaS IaaS/PaaS
MPLS carrier (MSP) offers direct connect Enterprise collocated with public cloud
into public cloud provider carriers in “meet me” locations
Cloud onRamp
Key Components
vEdge Cloud Router: A

virtualized version of the vEdge
router. Available on the AWS and
Azure marketplace SD-WAN
Fabric
vManage Cloud onRamp for

IaaS: vManage application that
orchestrates connectivity to IaaS
instances across multiple cloud
and multiple regions. Provides
visibility into cloud instances
SD-WAN and Public Cloud
VPC VPC VNET VNET
VPC VPC VNET VNET
Cloud
Data Center
SD-WAN
Fabric
Campus
Remote Site
Branch
SD-WAN and Public Cloud
VPC VPC VNET VNET
VPC VPC VNET VNET
Cloud How to provide security,

Data Center
segmentation, QoS and
reliability to the cloud
SD-WAN workloads?
Fabric
Campus
Remote Site
Branch
Cloud onRamp for IaaS – Attached Compute
• vEdge Cloud routers are instantiated in

Amazon VPCs or Microsoft Azure VNETs
Compute Compute - Posted in marketplace
VPC/VNET VPC/VNET - Use Cloud-Init for ZTP
• One vEdge Cloud router per VPC/VNET

Cloud - Redundancy is handled through cloud provider
Data Center
• vEdge Cloud routers join the fabric, all
fabric services are extended to the IaaS
SD-WAN
Fabric instances, e.g. multipathing,
segmentation and QoS
Campus
Remote Site - For multipathing, can combine AWS Direct
Connect or Azure ExpressRoute with direct
Internet connectivity
Branch
Cloud onRamp for IaaS – Gateway VPC/VNET
AZ1
R
VGW
AZ2
Host VPC
AZ1
R
VGW
AZ2
Host VPC
AWS Region
• Fully automated through

AZ1
R vManage wizard
VGW
AZ2 IGW
AZ1 INET
Host VPC vEdge GW
MPLS
AZ2 VGW Direct

vEdge GW Connect
AZ1 Gateway VPC

R
VGW vManage instantiated and

AZ2 managed
Host VPC
AWS Region
vManage
Standard IPSec + BGP
• Fully automated through

AZ1
R vManage wizard
VGW
• Greatly simplifies brownfield
AZ2 IGW
AZ1 INET integration
Host VPC vEdge GW
- No changes are required on
MPLS host VPCs
AZ2 VGW Direct
vEdge GW Connect
AZ1 Gateway VPC

R

AZ2 managed
Host VPC
AWS Region
vManage
BGP <-> OMP • Fully automated through

AZ1
R vManage wizard
VGW
AZ2 IGW
Host VPC vEdge GW
MPLS host VPCs
AZ2 VGW Direct
vEdge GW Connect • Multipathing, segmentation,
AZ1 Gateway VPC QoS
R

AZ2 managed
Host VPC
AWS Region
vManage
BGP <-> OMP • Fully automated through

AZ1
R vManage wizard
VGW
AZ2 IGW
Host VPC vEdge GW
MPLS host VPCs
AZ2 VGW Direct
vEdge GW Connect • Multipathing, segmentation,
AZ1 Gateway VPC QoS
R
VGW vManage instantiated and • Fast failover

managed
AZ2 - Speed of BGP convergence
Host VPC
AWS Region
vManage
Cloud onRamp for IaaS Dashboard
• Centralized provisioning wizard on vManage
• No need to operate marketplace
Cloud onRamp – 3 Simple Steps
1
Discover Applications
1 2
Discover Applications Provide GW Information
1 2 3
Discover Applications Provide GW Information Map Applications to Segments
Cloud onRamp for IaaS 
How it works
Public Cloud (AWS & Azure) connectivity solution consumable through the vManage platform
vManage
Platform
MPLS
Branch
Public Cloud Provider 1 Region 1

Internet
DC
How it works
vManage Public cloud credentials

added to vManage
Platform
MPLS
Branch

Internet
DC
How it works
IaaS instances are

discovered from users vManage Public cloud credentials
added to vManage
account in a region. User Platform
selects instances to
operate on
IaaS instances
MPLS
Branch

Internet
DC
How it works
IaaS instances are

discovered from users User defines vEdge gateway vManage Public cloud credentials
parameters and maps IaaS added to vManage
account in a region. User
instances to VPN segments Platform
operate on in the overlay
IaaS instances
MPLS
Branch
vEdge GW

Internet
DC
How it works
IaaS instances are

vManage invokes IaaS instances

instantiation of vEdge MPLS
instances in users
accounts & connects IaaS
instances to vEdge GW Branch
VPN segments
vEdge GW

Internet
DC
How it works
IaaS instances are


instances in users
VPN segments
vEdge GW

Internet
DC
How it works
IaaS instances are


instances in users
VPN segments IaaS instances
vEdge GW

Internet
New instances can
be discovered and
mapped to VPN DC
segments later
Cloud onRamp for IaaS  
AWS solution detail
Architectural advantages – Cloud onRamp

Standard IPSec overlay
+ BGP to vEdge GW
• Share transport (Direct connect and Internet) &
vEdge Gateways across multiple spoke VPCs in a
AZ1 region
R
• Share one gateway VPC for all host VPCs in a
VGW
region.
AZ2 IGW
AZ1 • Leverage AWS components (IGW, VGW, VPC
AWS Region Host VPC vEdge GW router) for redundancy.
• Utilize dynamic routing for fast failover times.

Host VPC
AZ2
VGW Direct
vEdge GW • Gateway VPC can host firewall for security
Connect
compliance.
AZ1
Transit VPC • End – End security and segmentation
R
VGW
vManage instantiated
and managed
AZ2
Configuration
 
Cloud onRamp – Discover Applications
Cloud onRamp – GW Information
Cloud onRamp – Map Application to Segments
Cloud onRamp – Dashboard
Monitoring & Troubleshooting
Cloud onRamp – Monitoring & Troubleshooting
SD-WAN value proposition
IaaS instances
IaaS instances
vEdge GW Branch

Region 1
MPLS
IaaS instances
Branch
IaaS instances
vEdge GW
Internet
Region 2
DC
IaaS instances
IaaS instances
vEdge GW
DC
Public Cloud Provider 2 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Region 1
1. Direct branch to cloud
connectivity
2. Consistent Policy management
IaaS instances
& network visibility for branch &
cloud
IaaS instances
vEdge GW Branch

Region 1
MPLS
IaaS instances
Branch
IaaS instances
vEdge GW
Internet
Region 2
DC
IaaS instances
IaaS instances
vEdge GW
DC
Region 1
connectivity
IaaS instances
cloud
IaaS instances
vEdge GW Branch

Region 1
MPLS
IaaS instances
Branch
IaaS instances
vEdge GW
Internet
Region 2
DC
3. Resilient & hybrid access
IaaS instances from cloud
4. Application steering
IaaS instances
vEdge GW
DC
Region 1
connectivity
IaaS instances
cloud
IaaS instances
vEdge GW Branch

Region 1
MPLS
IaaS instances
Branch
IaaS instances
vEdge GW
Internet
5. Multi-cloud Region 2
solution DC
3. Resilient & hybrid access
IaaS instances from cloud
4. Application steering
IaaS instances
vEdge GW
DC
Region 1
Cisco SD-WAN for IaaS and SaaS
69
Manage the Cloud IaaS WAN like a Branch
Cloud Provider Cloud Provider
Region 1 Region 2
• Cloud becomes an extension of

Virtual Private Cloud Virtual Private Cloud
the Enterprise WAN
• Leverage SD-WAN technology

Viptela
Cloud GW
Viptela
Cloud GW • Hybrid Transport
• Topology driven VPN Segmentation
• Application visibility for steering
Private (MPLS)
• Centralized configuration and

Internet
policy management across on

premise and cloud end-points
Branch Data Center
vEdge vEdge
Enterprise DC
Private Cloud
Region 1 Region 2

the Enterprise WAN

Viptela
Cloud GW
Viptela
Secure
Automated
Full-Mesh
Data Plane Private (MPLS)

Internet

Branch Data Center
vEdge vEdge
Enterprise DC
Private Cloud
Region 1 Region 2

the Enterprise WAN

VPN
1
Viptela
Cloud GW
Viptela
Secure
Automated
Full-Mesh

Internet

Branch VPN Data Center VPN
1 1
vEdge vEdge
Enterprise DC
Private Cloud
Line of
Business A
Region 1 Region 2

the Enterprise WAN

VPN VPN
2 1
Viptela
Cloud GW
Viptela
Secure
Automated
Full-Mesh

Internet

Branch VPN VPN Data Center VPN VPN
1 2 1 2
vEdge vEdge
Enterprise DC
Private Cloud
Line of Line of
Business A Business B
Easily Expand Access to SaaS Services
Region 1 Region 2

the Enterprise WAN

VPN VPN
2 1
Viptela
Cloud GW
Viptela
Secure
Automated
Full-Mesh

Internet

1 2 1 2
vEdge vEdge
Enterprise DC
Private Cloud
Line of Line of
Easily Expand Access to SaaS Services
Region 1 Region 2

the Enterprise WAN

VPN VPN
2 1
Viptela
Cloud GW
Viptela
Secure
Automated
Full-Mesh
Data Plane Private (MPLS) CloudExpress

Internet
SaaS
1 2 1 2
vEdge vEdge
Enterprise DC
Private Cloud
Line of Line of
Demo
Complete Your Online  
Session Evaluation
• Give us your feedback and receive
a Cisco Live 2018 Cap by
completing the overall event
evaluation and 5 session
evaluations.
• All evaluations can be completed
via the Cisco Live Mobile App.
Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Global.
73
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation ID
Continue Your Education
• Demos in the Cisco campus

• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
75

BRKRST-2669-Cloud-Ready WAN For IAAS & SaaS With Cisco's NextGen SD-WAN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKRST-2669-Cloud-Ready WAN For IAAS & SaaS With Cisco's NextGen SD-WAN

Uploaded by

Copyright:

Available Formats

Cloud-Ready WAN For IAAS

& SaaS With Cisco’s Next-

Cloud Delivered Analytics

DEVICES IaaS Apps

Cloud Delivered Analytics

DEVICES IaaS Apps

DEVICES IaaS Apps

DEVICES IaaS Apps

Transport Independent Superior security architecture –

DEVICES IaaS Apps

Transport Independent Superior security architecture –

• Rich services or lite

DEVICES IaaS Apps

Transport Independent Superior security architecture –

• Rich services or lite

DEVICES IaaS Apps

Transport Independent Superior security architecture –

Policy, Security, Routing

Policy, Security, Routing

Control Plane Orchestration

Orchestration Plane vSmart

Policy, Security, Routing

Control Plane Orchestration

Orchestration Plane vBond

Policy, Security, Routing

Application Traffic Per-Segment Secure Cloud Cloud Transport

Routing Security Segmentation QoS Multicast Svc Insertion Survivability

SERVICES DELIVERY PLATFORM

Broadband MPLS Cellular

ZERO TOUCH ZERO TRUST

TRANSPORT INDEPENDENT FABRIC

Routing Security Segmentation QoS Multicast Svc Insertion Survivability

SERVICES DELIVERY PLATFORM

Operations Broadband MPLS Cellular

ZERO TOUCH ZERO TRUST

TRANSPORT INDEPENDENT FABRIC

Traditional On-Premise Data Centers

Traditional On-Premise Data Centers

Public/Hybrid Cloud Cloud Applications

Traditional On-Premise Data Centers

Cisco Cloud onRamp

Small Office Small Office

Branch Campus Branch Campus

Cisco Cloud onRamp

Small Office Small Office

Branch Campus Branch Campus

Cisco Cloud onRamp Cisco CloudExpress

SaaS spend in 2018 will

SaaS Adoption Secuirty

SaaS spend in 2018 will 30% of enterprise

SaaS Adoption Secuirty Performance

SaaS spend in 2018 will 30% of enterprise 25% of enterprise

No DIA Single DIA

No DIA Single DIA Dual DIA

User Remote Site Data Center

Which way is cloud?

User Remote Site Data Center

SD-WAN solutions can leverage the best path Best Performing?

for SaaS from branch to datacenter based on

Performance visibility DNS resolution

Performance visibility DNS resolution Path selection

Internet • Local DIA or Regional Internet Exit

• Detect application performance

No DIA Single DIA Dual DIA 