Cisco SD-WAN

Connect any user to any application without compromise

October 2019
Viptela Leads SD-WAN Transition in 2013

Applications
Public
MPLS/
Internet
Branch/Campus Private
Data Center

Internet Applications
extends to moving to cloud
branch edge
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

Primary Objective: More branch bandwidth and lower WAN costs

 Today Applications are Moving to Multiple
Clouds

Devices & Things

DC/Private Cloud

Campus & Branch Users WAN

SaaS

Mobile Users

IaaS
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Internet Connectivity Becomes Business
Critical
Campus
X2-5

DC/Private Cloud
Branches
Exposure to cyber
X100+ threats

Inconsistent user
experience
SaaS

Increasing complexity
Mobile
Users
X1000s

IaaS

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

More users, things and applications, everywhere

To help, IT is deploying SD-WAN
2018 Analyst Definition*
Branch router/CPE functionality
Operate autonomously during loss
of connection to controller
Support Hub & Spoke, Partial/Full Mesh
Summary of Basic
Centralized management: SD-WAN
Inventory, visibility, reporting,
Management, config changes, SW Capabilities
• Circuit Load Balancing
upgrades via
Zero-touch GUI
configuration
• Direct Internet Access
VPN (AES 256-bit encryption)
Direct Internet Access • Centralized
Dynamic traffic steering based Management &
on business or application policy Orchestration
Support for traffic shaping and QoS • Lower Circuit Costs
>100 well-known application profiles
included + custom template
capabilities
Self-serve granular configuration changes
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

*Gartner Critical Capabilities for WAN Edge Infrastructure, December

Introducing Cisco SD-WAN
Powered by Viptela

Cisco SD-WAN extended capabilities

Basic SD-WAN* Multi-layered Security

Summary of Basic
SD-WAN
Circuit Load Balancing Security &
Segmentation
Analytics &
Visibility

Capabilities*
Direct Internet Access
• Circuit Load Balancing
Centralized Management Application
• Direct& Internet Access
Orchestration Optimization
• Centralized
Circuit Cost Savings Voice SaaS/IaaS App Aware
Optimization Optimizatio Dynamic Routing
Management & n
Orchestration
• Circuit Cost Savings Enterprise Scale

Open and Multi-Tenant/

Programmable Multi-Domain

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

*Gartner Critical Capabilities for WAN Edge Infrastructure, December

Secure Cloud Scale SD-WAN Architecture
vManage
On-premise | Cloud | Multi-tenant

Automation | Network Insights | Analytics

Any Deployment Open | Programmable |
Scalable

Any Service
Branch Cloud Application Voice and Cloud
Security Security Quality of Collaboration OnRamp
Experience
5G/LTE
Any Transport Satellit Interne
e MPLS
t

GCP

Any Location Branch Colocation Cloud AWS

Azure

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Benefits of Cisco SD-WAN
Predictable app Right security, right Enterprise grade,
experience place simplified

Support for evolving Secure segmentation across Intent-based

business application entire network stack networking with multi-
strategy domain policy
Full edge security stack from
Cloud OnRamp for IaaS, branch to cloud and Proven deployments to
SaaS and Colocation colocations over 10,000+ sites

One user interface for Security and SD-WAN across branch, cloud, and co-
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

location
Business Value of Cisco SD-WAN

38% 58% 94%

Lower five-year cost Faster to implement policy/ Less unplanned

of WAN operations configuration changes downtime

Full IDC report available on www.cisco.com/go/sdwan

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential

$14.98M increased revenue per organization

Use cases for delivering a
predictable application
experience

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Why Backhauling Impacts Application
Performance

SaaS Single Path to Internet

• Datacenter
• Colocation
Data Center Branch/Campus provider
Corporate • Cloud security
Software Users
provider

SD-WAN Fabric

Colocation Cloud
Provider Security
Provider

A single
Ciscopath
© 2018 Cisco and/or its affi liates. All rights reserved. for all mission critical business applications
Confidential
Improving Application Experience

Internet
IaaS/SaaS FEC FEC Capabilities
Header Header

1 2 FEC
Header
FEC FEC 3 • Application SLA
Header Header

P 4 • TCP Optimization
TCP Internet
Internet
Optimized
Internet
Data Center (Secondary) Branch/Campus • Forward Error
Parity

1 2 1TCP Connection4 3
h2 1 Correction
App P3at 4 2
A 4 3 4 (Cubic)
MPLS 1
Path 2
4
P3
at h 2
1 • Pack Duplication
23 MPLS 4
1
(Primary)
4G
MPLS
LTE

App Aware Routing Policy Path1: 10ms, 0% loss

App A path must have Path2: 200ms, 3%
loss
latency <150ms & loss <2%
Path3: 140ms, 1%
loss
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
SaaS Optimization

SaaS Optimization via Multipath

Up to 40% faster
Data Center Branch/Campus Office 365
Corporate
Software Users
Performance

SD-WAN Fabric

Colocation Cisco Cloud

Provider SD-WAN Security
Provider

Increased reliability
© 2018 Cisco and/or its affi liates. All rights reserved. and utilization of best path for SaaS applications
Cisco Confidential
Extended SD-WAN to IaaS

VPC VPC VNe VNe VPC VPC VNe VNe

t t t t
VPC VNe
t Cloud onRamp to IaaS VPC VNe
t

Transit Transit
VPC Hub VNet VPC Hub VNet

• Cisco WAN Edges deployed

SD-WAN in a Transit Hub, acting as SD-WAN
Fabric Fabric
virtual aggregation routers
vManage • Partial extension of SD-WAN vManage
Fabric
Branch Branch
• Automated deployment
process with vManage
Internet connection Connect to IaaS cloud
to IaaS cloud via co-location

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Use cases for deploying the right
security in the right place

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
How SD-WAN exposes new security
challenges
Internal & External Threats
Internet
IaaS/SaaS
External
NO SECURITY
• Exposure to malware & phishing
due to direct internet and cloud
access

BASIC/NO SECURITY
Data Center Branch/Campus • Data breaches
Corporate
Software Users
• Guest access liability
Internal
• Untrusted access (malicious
insider)
SD-WAN Fabric
• Compliance (PCI, HIPPA, GDPR)
WAN Edge Existing Security Stack in
• Lateral movements (breach
Device DMZ
propagation)

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Benefits with integrated security
everywhere
PRO CON

Internet Consistent
user and Lacks
IaaS/SaaS ONLY device visibility and
Cloud protection in control over
Security all locations internal traffic
and scales and threats
on-demand
Visibility into Decrypting
Data Center Branch/Campus all traffic and traffic for
ONLY protects malware
Corporate On-Prem against detection
Software Users
Security internal and increases
external edge device
threats footprint
Best balance Complex &
SD-WAN Fabric of security costly
Ciscoto
On-Prem and user deploy
integrated
and
and
& Cloud
Cloud experience manage
solution
using
for direct eliminates
different
WAN Existing Security Separate Separate Cloud
Security internet solutions
these cons or
Edge Device Stack in DMZ Security Appliance Security Service
access vendors
Cisco SD-WAN
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Deploying Cisco SD-WAN Security

Full Edge Security Stack

Internet
IaaS/SaaS
On-Prem Cloud
Security Security
Mitigate Internal & Mitigate External
External Threats Threats at Scale

Data Center Branch/Campus

Corporate
Software Users

• Enterprise firewall and intrusion prevention

SD-WAN Fabric
Single Management Console
© 2018 Cisco and/or its affi liates. All rights reserved.
embedded for internal threats plus URL filtering
and malware sandboxing for external threats
• End-to-end segmentation to stop breach
propagation, enforce regulatory compliance, and
promote network (and application) layer security
• Zero-trust authentication and full payload
encryption between edge routers
• Integrated connectivity and cloud-delivered
security with 100% business uptime
Cisco Confidential • Secure Internet Gateway protects users and
devices and protects data sent to and from the
cloud
Use cases for needing enterprise
grade functionality, simplified

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
SD-WAN Management
Cisco vManage

Single Monitoring
Dashboard

• Configuration:
OnRamp, Security,
Devices, Policies,
Templates
• Lifecycle management
• Role based access/
Multi-tenant

One management dashboard for branch, co-location, cloud and

Security
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
SD-WAN Analytics

Real-Time Information

• Future planning and

what-if scenarios
• Recommendations for
predictable app
performance
• Benchmarking

Cisco vAnalytics

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Cisco SD-WAN is Open and Programmable

Enterprises Managed Services

OSS/BSS Integration
Learning and Multi-Tenant
hands-on content

Sandbox Partners

Code Exchange Dev Center

Ecosystem Exchange

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Interconnecting Multi-Domain Networks

SD-Access SD-WAN ACI

Cisco DNA Center Cisco vManage Cisco APIC

API API
Users Integration Integration Applications
(Consumers) (Providers)
Users & Devices Hybrid Cloud Data &
Vertical • Identify and onboard • Application Applications
Integrated everything experience
Solutions • Automate resources
• Authenticate and • Secure internet and and workloads
authorized access cloud access • Prevent data
breaches

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Broadest Set of SD-WAN Platforms

Branch Services vEdge Appliances

ISR 1000 ISR 4000 ASR 1000 vEdge 100 vEdge 1000 vEdge 2000 vEdge 5000
• 200 Mbps • Up to 2Gbps • 2.5-200Gbps • 100Mbps • Up to 1Gbps • 10Gbps • ~30Gbps
• Next-gen • Modular • High-performance • 4G LTE & • Fixed • Modular • Modular
connectivity • Integrated service service w hardware Wireless
• Performance containers assits
flexibility • Compute with UCS • Hardware &
E software
redundancy

Virtualization Public Cloud

ENCS 5100 ENCS 5400

Up to 250Mbps
© 2018 Cisco and/or its affi liates. All rights reserved.
Up to 250Mbps
Cisco Confidential
 Cisco DNA SD-WAN Licensing
Use Case Based Packaging

Cisco DNA Essentials Cisco DNA Advantage Cisco DNA Premier

Simplified management and security Advanced SD-WAN with enhanced security Advanced SD-WAN security will mitigate
protection for the cost-conscious for feature-rich & valued branch deployment the most sophisticated threats to your
customer models business
End to end direct Internet Visibility and control to defeat
Automated cloud security at scale
access security direct Internet/cloud access threats

Optimized SaaS application Keep consistent controls and

Improved application experience visibility when users roam outside
experience
the WAN
Multi-domain Orchestration
Simplify operations
across domains

Basic voice optimization Enhanced voice optimization

Common SD-WAN architectures Network analytics and visibility

Up to 50 Device Overlay
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Cisco DNA SD-WAN Licensing
Capability Based Packaging

Cisco DNA Essentials Cisco DNA Advantage Cisco DNA Premier

Simplified management & security Advanced SD-WAN with enhanced security Advanced SD-WAN security will mitigate
protection for the cost-conscious for feature-rich & valued branch deployment the most sophisticated threats to your
customer models business
Enterprise firewall with Talos- Cisco AMP with SSL proxy Cisco Umbrella Insights®
powered IPS and app controls URL filtering Cisco Threat Grid®
Cisco Umbrella DNS Monitoring Cisco Umbrella app discovery

Application-based SLA Cloud OnRamp for IaaS, SaaS, and

Basic WAN & path optimizations Colo AppQoE & WAAS RTU

Single centralized management Integrated border plus orchestration

console in the cloud or on-prem for campus, branch & DC

Forward Error Correction (FEC)

Integrated voice/UC gateways
Packet duplication
Flexible topology & dynamic
routing (hub/spoke, partial/full vAnalytics
mesh) Cisco DNA Advantage

Up to 50 Device Overlay Cisco DNA Essentials Cisco DNA Essentials

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Global Customers Across All
Verticals
Finserv Healthcare/Pharma Manufacturing
FinServ Healthcare / Pharma Manufacturing

Retail Technology Other Industries

Retail Technology Other Industries

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Fast track to SD-WAN with Cisco
Services
Proven infrastructure simplifies
implementation complexity
SD-WAN quick Expert technology guidance
start service scales innovation and
accelerates results

Cisco’s experience and best

practices reduces risk
cisco.com/c/en/us/products/routers/service-listing.html

Fixed price | Predefined scope for design | Implementation and validation

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Why Cisco SD-
WAN?
Predictable Application
Experience
No matter where you applications are hosted
Cisco SD-WAN delivers the best user experience,
securely across any cloud.
Right Security, Right
v Place
Protect all users, devices and applications by
deploying the right security, on-premise and
cloud delivered, in the right place, quickly.

Simplicity at Enterprise Scale

Delivering Intent-based Networking with best
of breed technologies across every domain
with consistent policy and assurance
integration

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential *Gartner Critical Capabilities for WAN Edge Infrastructure, December
2018
Case Studies

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Background
• Needed to improve global network
capacity and performance at a lower cost
• Increasing bandwidth and security burden
on WAN impacted sales, R&D,
manufacturing and contact center
globally
• Demand growing 10-25% annually

Benefits of Cisco SD-WAN

• Optimizes traffic and performance across

National •
the WAN
Traffic distributed over lower-cost Internet
Instruments •
connections vs MPLS
Reduced MPLS spending by 25% while
increasing bandwidth 30.75%
© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Fortune 500
Enterprise Case Study National Food
Food distributors play a key role in the food and beverage industry, serving as the intermediary
between the manufacturer and their respective retail, restaurant, and foodservice customers. 
Distributor

Challenge Solution Result

• Cloud: Trying to connect all of • vEdge, vManage, vSmart • Security

their sites to the cloud without
• The solution is a combination of • Ease of deployment
being vulnerable to a single
Viptela and extending into
point of failure • Can give more to their
Amazon Web Services (AWS)
• Bandwidth and scale: Need for development, interlock customers
more bandwidth to deal with locations, and customer facing • Can be more agile in terms
growth in applications such as applications of capital planning
Office 365
• Viptela solution extends the WAN • Food distributor feels they
• Security to the cloud and brings in have a partner in terms of
different types of transport support and ongoing growth
• Agility: Want to be agile,
flexible, able to move wherever • Viptela can extend a branch to
the market is going, which could the cloud just as the data center
be away from data centers and would extend a branch to the
to the public cloud cloud

Source: Viptela’s Website – Transcript of AWS Reinvent Interview

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 • REI’s retail SD-WAN deployment (retail)
Additional
• Taking SD-WANSD-WAN Customer
Even Wider at Case
Acadia Heathcare Studies:
(healthcare)
Public Blogs
• First American Title And Viptela: A Story of Resilience (insurance,
financial, retail)
• Migrating to Healthcare Cloud Apps With Acadia and Viptela (healthcare,
SaaS)
• Enabling The Most Remote Offices With Viptela (77 Energy) (energy)

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
 Reece Group delivers always connected workplace with Cisco SD-WAN
(engineering, retail)
•
Additional SD-WAN
ONUG 2018: Mckesson’s Customer
Global SD-WAN Case
Transformation Studies:
(healthcare)
•Customer Videos
FutureWAN’18: SD-WAN in Retail (REI Case Study) (retail)
• FutureWAN’18: Acadia Healthcare SD-WAN Case Study (healthcare, SaaS)
• FutureWAN’17: First American Title Insurance Case Study (insurance, retail,
financial)
• FutureWAN’17: Kindred Healthcare Case Study (healthcare)
• ONUG 2017: SD-WAN at Acadia Healthcare (Healthcare)

© 2018 Cisco and/or its affi liates. All rights reserved. Cisco Confidential
Featured Quotes: SDWAN
“With Cisco’s SD-WAN advanced security, we can instantly turn any customer’s entire network into a
fortified wall across any cloud environment, ” Bill Thompson, Practice Manager, World Wide
WWT Technology. “This is a significant step toward adopting an Enterprise Architecture with integrated
security, Software Defined WAN, and cloud services; all managed via a single policy controller.”

“Cisco SD-WAN on ISR routers drive a reliable foundation to quickly integrate SD-WAN and its ability
Bank (Anonymized) to simplify management and improve real-time access to critical cloud-based business applications” --
US Banking Institution

“SD-WAN on Cisco’s ISR4K routers creates a robust, trusted platform on which to quickly realize
Portugal Telecom security and performance benefits with a simple software upgrade.” – Rui Pereira, Altice Portugal

“Bringing the WAN edge securely to the Internet is now possible with the new security features of
Datacom Cisco SD-WAN delivered as a single consolidated solution." -Hussein Omar, Network Solutions
Architect, Datacom

“With Cisco SD-WAN, we’ve reduced our MPLS spending by 25 percent while increasing bandwidth by
National Instruments 3,075 percent.” --Luis Castillo, Global Network Team Manager, National Instruments

“Optimal Office 365 performance is achieved by enabling local Internet breakouts for key Office 365
scenarios from users in the branch directly into Microsoft’s global network. Modern SD-WAN solutions,
Microsoft like Cisco’s SD-WAN, make it easier for customers to implement this setup, support multiple DIA links
and dynamically choose the best one, improving the Office 365 user experience.” - Konstantin
Ryvkin, Partner Architect, Microsoft
“Customers want more secure connections, usually with multiple cloud environments, so CDW sees
CDW Cisco’s new integrated security features for SD-WAN as an important differentiator.”- Will Kerr,
Technical Architect, CDW
“Verizon's Virtual Network Services offerings, leveraging Cisco’s SD-WAN products, are deployed in tens
of thousands of customer locations, enabling digital transformation and helping businesses accelerate
© 2018 Cisco Verizon
and/or its affi liates. All rights reserved. Cisco Confidential
their move to the cloud while reducing IT complexity and controlling cost.” - Shawn Hakl, Senior Vice
President, Verizon