Mais conteúdo relacionado
Semelhante a Inteligentní řízení WAN konektivity (20)
Mais de MarketingArrowECS_CZ (20)
Inteligentní řízení WAN konektivity
- 1. Confidential │ ©2018 VMware, Inc.
NSX SD-WAN
by VeloCloud
The Cloud is the Network
Oct 2018
Ondřej Číž
Sr. System Engineer NSX
ociz@vmware.com
- 2. 2Confidential │ ©2018 VMware, Inc.
• Acquired by VMware in 2017
• 2,000+ Customers
• 70,000+ Sites
• World’s Two Largest Enterprise SD-WAN Deployments
• Powers Global Tier 1 & Tier 2 Service Providers
• Global Footprint:
– 24x7x365 Worldwide Support
– 70+ Countries
• Robust Partner Ecosystem:
NSX SD-WAN by VeloCloud At-a-Glance
Company Background
- 3. 3Confidential │ ©2018 VMware, Inc.
Note: All figures are rounded. Source: Frost and Sullivan, 2017
NSX SD-WAN by VeloCloud is the SD-WAN Market Leader
NSX SD-WAN by VeloCloud leads the global SD-WAN market with a market share close to 30%, followed by Cisco Viptela and Silver Peak. The
“Others” category includes Versa Networks, CloudGenix, Mushroom Networks, Aryaka, and multiple other SD-WAN vendors that each have annual
revenues less than 10 million.
NSX SD-WAN by
VeloCloud leads the
global SD-WAN market
with a market share close
to 30%
NSX SD-WAN by
VeloCloud
30%
Cisco Viptela
14%
Silver Peak
13%
Citrix
10%
Talari
7%
Fatpipe
6%
Others
20%
SD-WAN MARKET: MARKET SHARES BY REVENUE, GLOBAL 2017
- 4. 4Confidential │ ©2018 VMware, Inc.
With VMware NSX, VMware has Reinvented Cloud
and Data Center Networking…
Public CloudData Center
- 5. 5Confidential │ ©2018 VMware, Inc.
Data Center SD-WAN Public Cloud
Connecting Everything, from Data Center to Edge
Critical Touch Point for our
Customers
- 6. 6Confidential │ ©2018 VMware, Inc.
Legacy Networks Cannot Support Today’s Edge
Applications Run SlowCapex of $20K-$50K per Branch
Private Line is 100X the Cost of Broadband Deployment Takes Months
Branch
100s to 1000s
Private Line
(MPLS)
Datacenter
- 7. 7Confidential │ ©2018 VMware, Inc.
Simplified WAN
Management
Assured Application
Performance
Managed On-ramp
to the Cloud
NSX SD-WAN by VeloCloud Advantages
Branch
Edges
Cloud
Gateways
SaaS / IaaS
Zero-touch deployments, simplified
operations, one-click service insertion
Direct cloud access with performance,
reliability and security
Datacenter
Edges
Transport independent performance for the
most demanding apps, leverages economical
bandwidth
SD-WAN Overlay
Private /MPLS 3G/4G LTE
Internet Broadband
- 8. 9Confidential │ ©2018 VMware, Inc.
Global Gateways
Regions 30
Orchestrators 63: 8 / 47
Gateways 440+: 122 / 179
99.99% Reliability SLA
SSAE16 Type II Audited Datacenters
Cloud Scale Redundancy
- 9. 10Confidential │ ©2018 VMware, Inc.
Branch Site with NSX SD-WAN
Edge by VeloCloud
NSX SD-WAN Gateway
by VeloCloud with
Embedded ControllerPublic Internet
Legacy Enterprise
Data Center
SD-WAN Enterprise Data Center
with NSX SD-WAN Edge by VeloCloud Cluster
Provider
Edge
Provider
Edge
Internet
SAAS
Private—
MPLS
Private
Circuit
“Site to site
SD-WAN plus
benefits of
cloud gateways for
SaaS”
Enterprise Deployments – Over-The-Top
Hub for SD-WAN to data
center including private links
Hosted gateways for
SD-WAN to SaaS/IaaS
Hub-less design for
legacy data centers
NSX SD-WAN Orchestrator by VeloCloud
- 10. 12Confidential │ ©2018 VMware, Inc.
Business Policy Driven SD-WAN
Automatic application recognition and
categorization
Simple
business prioritization
HIGH MEDIUM LOW
Services catalog and network
services insertion (on-premises,
cloud)
Dynamic path steering and
on-demand remediation
policy-based link assignment for
security/compliance
- 11. 13Confidential │ ©2018 VMware, Inc.
Dynamic Multi-Path Optimization in Action
“Assured application performance over any type of link”
NSX SD-WAN Enhancements
MPLS
Comcast Cable
Excellent voice quality!
• Sub-second steering without session drops
• Aggregated bandwidth for single flows
• Drives automation and optimization
Continuous Link Monitoring
Dynamic Per Packet Steering
• Protects against concurrent degradation
• Enables single link performance
On Demand Remediation
- 12. 14Confidential │ ©2018 VMware, Inc.
Assure Application Performance
Video Conference over a WAN Link with 2% Packet Loss
Without NSX SD-WAN by VeloCloud With NSX SD-WAN by VeloCloud
- 13. 15Confidential │ ©2018 VMware, Inc.
10x faster response time
SD-WAN Solution – SaaS/Data Performance
Dual 20Mbps Links / 50 MB Box File Transfer
Without NSX SD-WAN
by VeloCloud
NSX SD-WAN
by VeloCloud
No Loss 22 sec 12 sec
2% Packet Loss 134 sec 13 sec
- 14. 16Confidential │ ©2018 VMware, Inc.
Distributed Services Insertion
On Premises Security
Corporate / Regional
Cloud Security Service
NSX SD-WAN by VeloCloud Dynamic Multipath
Optimization delivers application performance and
reliability to cloud
Automated tunneling eliminates site
by site configurations
Single-click Application-Aware Policies
for granular service insertion
Branch
Site
NSX SD-WAN
Edge Hub
NSX SD-WAN
Gateway by
VeloCloud
Internet / web
Virtual Branch Services
NSX SD-WAN
Edge by VeloCloud
Hub
Dynamic Multi-Path Optimization
Datacenter
- 15. 17Confidential │ ©2018 VMware, Inc.
Virtual Services Delivery
Micro to Small Branch Small to Midsized Branch Large Branch/DC
NSX SD-WAN
Edge by VeloCloud
• No local apps
• Cloud or
integrated
security
NSX SD-WAN Edge
by VeloCloud Services Platform
• No local apps
• One networking VNF
(e.g. NGFW)
NSX SD-WAN
by VeloCloud VNF
• Local apps
• Many VMs including
network services
CPE
NSX / vSAN
NGFW
Analytics
IoTGW
AppX
File
SDWAN
- 16. 19Confidential │ ©2018 VMware, Inc.
NSX SD-WAN Connectivity to NSX SDDCs
SD-WAN Micro
Branch
Non VeloCloud NSX
DataCenter
CE
Public Internet
NSX SD-WAN by VeloCloud
Regional Branch/Data Center
VMware
ESXi
NSX SD-WAN Gateways
by VeloCloud
NSX SD-WAN Edge by
VeloCloud
NSX SD-WAN Edge
by VeloCloud
NSX SD-WAN Orchestrator by VeloCloud
Internet
NSX Branch NSX SD-WAN Edge by
VeloCloud
NG
FW OS
APP
VMware NSX
VMware ESXi
NG
FW OS
APP
VMware NSX
VMware ESXi
- 18. 21Confidential │ ©2018 VMware, Inc.
Compelling Differentiators for Enterprise
Faster Installs Less Money Faster Speed / Better
Performance
- 19. Confidential │ ©2018 VMware, Inc. 22
Live Demo
• Live Solution Demo of NSX SD-WAN Orchestrator
by VeloCloud
• Demo of Application Visibility and Control (AVC)
capabilities
• Demo of reporting and troubleshooting
capabilities
• Demo of endpoint management portal
• Demo of provisioning an endpoint
- 21. 24Confidential │ ©2018 VMware, Inc.
Simplify WAN Management – Business Policy
Legacy WAN: ACL, IP address, subnets
SD-WAN: App-level policy
Legacy WAN: Need to put application in the right queue by marking and
configuring QoS
SD-WAN: App-awareness to choose the right queue
Legacy WAN: Complex routing tuning and PBR to do split tunnel
SD-WAN: App-aware split tunnel policy and single click
Legacy WAN: Routing protocol tuning, probes, PBR
SD-WAN: Dynamic path selection
- 22. 25Confidential │ ©2018 VMware, Inc.
• Aggregation: Provides greater bandwidth and uptime
• Dynamic Multipath Optimization: Sub-second packet steering to provide better performance and automated
failover (no dropped calls on outages)
• Link Remediation and Correction: High quality voice performance
NSX SD-WAN by VeloCloud – Performance over Dual Circuits
NSX SD-WAN Enhancements
MPLS
Cable
Quality Scores
- 23. 26Confidential │ ©2018 VMware, Inc.
Link Remediation and Correction – Improve voice/circuit quality over broadband and struggling
circuits
SD-WAN Solution – Performance Over A Single Circuit
NSX SD-WAN Enhancements
Time Warner Cable 74.143.12.114
Quality Scores
- 24. 27Confidential │ ©2018 VMware, Inc.
• Use multiple transport as the WAN
• Reduce Capex by 5X; deploy in days
• Guarantee Real-time App Performance
• Strong Cloud-based Security
The Cloud is the Network
Cloud Services
Cloud Network
NSX SD-WAN Gateways by
VeloCloud
DatacenterBranch
100s to 1000s
MPLS+Broadband+LTE
NSX SD-WAN Edge by
VeloCloud Hub
NSX SD-WAN Edge by
VeloCloud Hub
- 25. 28Confidential │ ©2018 VMware, Inc.
Large Insurance/On-Premises
Challenge:
• Deploying tens of thousands of sites with a
transport-independent overlay
• Complexity in managing PKI
• Future ready for Internet as WAN
Solution:
• Secure zero-touch activation and group
policies to eliminate
box-by-box config
• Device certificates anchored to CA running
inside VCO
• Application aware Dynamic Multipath
Optimization
Hub in
Data-Center
Hosted NSX SD-WAN Orchestrator
by VeloCloud
Branch Edges
- 26. 29Confidential │ ©2018 VMware, Inc.
Hospitality/Cloud Access
Challenge:
• Complexity of installing On-Prem Orchestrator
• Backhaul all traffic to regionalized firewall except Microsoft
Lync and Box
• Multiple WAN management tools
Solution:
• Leveraged Hosted NSX-SD-WAN by VeloCloud Service
• Policy aware forwarding to distributed firewalls and SaaS
traffic to Hosted NSX-SD-WAN Gateway by VeloCloud
• Single pane of glass for SD-WAN Management
NSX-SD-WAN Gateway by
VeloCloud
Hub in
Data-Center
Hosted NSX SD-WAN Orchestrator
by VeloCloud
Branch Edges
- 27. 30Confidential │ ©2018 VMware, Inc.
SP Managed
NSX-SD-WAN
Gateway by
VeloCloud
Distributed Retail/Managed SD-WAN
Challenge:
• Ensure QoS for large number of distributed sites
including International
• Single point of contact to manage transport
• Complex NxN tunnels to integrate CWS
• Isolate corporate and guest
Solution:
• Managed SD-WAN from Tier 1 SP with
Mid-Mile + Last-Mile Benefits
• Bring first 1000 tunnels for 500 sites down to 2
Tunnels
• Corporate wide segmentation
Regional Sites
International Sites
- 28. 31Confidential │ ©2018 VMware, Inc.
• NSX SD-WAN by VeloCloud Resellers:
– WWT, SHI, CDW, (can often work with any reseller for sell through)
– Purchased through partner, supported by NSX SD-WAN by VeloCloud
– Leverage NSX SD-WAN by VeloCloud Public Gateways
– Self-managed offering
• NSX SD-WAN by VeloCloud Direct Purchase:
– Can buy directly from NSX SD-WAN by VeloCloud if 150+ sites
– Self-managed offering only
• NSX SD-WAN by VeloCloud Resellers + Support:
– Cincinnati Bell, AT&T, Lightstream, Airespring, Pomeroy
– Leverage NSX SD-WAN by VeloCloud Public Gateways
– Managed and self-managed offerings
• NSX SD-WAN by VeloCloud Managed Service Providers
– AT&T, Sprint, Windstream, Vonage, Earthlink, Cincinnati Bell
– Leverage private network (no NSX SD-WAN by VeloCloud Public Gateways)
– Typically managed service (some offer self-managed
Purchase Options
- 29. 32Confidential │ ©2018 VMware, Inc.
• Pricing is monthly or annual OpEx/subscription price.
• Pricing based on aggregate bandwidth needed at each location.
• Hardware, software, gateways, support, included in subscription price.
• Subscription tiers:
– 10 Mbps
– 50 Mbps
– 100 Mbps
– 500 Mbps
– 1 Gbps
• CapEx purchase available upon request for 200+ sites. Still includes small software license
component.
Pricing Options
- 31. 34Confidential │ ©2018 VMware, Inc.
NSX SD-WAN Enhancements
Assured Application Performance Over Any Link
MPLS, Internet broadband and LTE circuits
• App Quality Score
• Error Correction
• TCP Optimization
• Single or Multi-
Link Capability
Performance and action drill down• Link Detection
• Performance
Monitoring
Continuous
Monitoring
Dynamic Per Packet Steering On Demand Remediation
- 32. 35Confidential │ ©2018 VMware, Inc.
Dynamic Multi-Path Optimization (DMPO) In Action
NSX SD-WAN Enhancements
MPLS
Comcast Cable
- 34. 37Confidential │ ©2018 VMware, Inc.
Branch 1
Branch 2
Retail Store
Media
NSX SD-WAN Orchestrator
And Controller
NSX SD-WAN Edge PCI
Network
Datacenter
SBC
Outcome Driven Segmentation
Simple Enterprise Wide
Segment Creation
Segment Aware Topology
Isolation and Overlapping IP
Segment Aware Policies
On-Premises and Cloud
- 35. 38Confidential │ ©2018 VMware, Inc.
PCI DSS 3.2 Certified SD-WAN
The first and only
solution to offer
PCI-Certified Cloud-
Delivered SD-WAN
All NSX SD-WAN
by VeloCloud
components
are PCI Compliant
Retailers benefit from
NSX SD-WAN by
VeloCloud PCI AOC to
simplify
PCI Audit
NSX SD-WAN by
VeloCloud is a PCI DSS
(v3.2)
Level 1 Service Provider
Ensure PCI compliance in a simple, efficient, and cost-effective manner
- 36. 39Confidential │ ©2018 VMware, Inc.
• Multi-tenant
• TLS 1.2
• Role-based access control / Radius
• 2-Factor authentication
• Event and firewall logs / APIS
• Built-in certification server
• IPsec with AES 256
• PKI
• Local access control
• Segmentation for hosted controller
Orchestration Data Plane
PCI DSS 3.2 Certified SD-WAN
AOC* Summary
- 38. 41Confidential │ ©2018 VMware, Inc.
IT Admin adds a new
NSX SD-WAN Edge by VeloCloud
in the customer account.
IT Admin generates an activation key and
emails it to the installer.
NSX SD-WAN Edge by VeloCloud with
factory default config is shipped to the
remote site.
Office Admin powers up the device and
connects it to the Internet.
Office Admin plugs in the device and
connects to the Internet through NSX SD-
WAN Edge by VeloCloud WLAN/LAN.
Office Admin clicks on activation link in
the email. Edge is activated.
1. Create Config and
Send Key
2. Device Ships
3. Install, Authenticate
and Pull Config
Simple and Quick Deployment – Pull Activation
No site by site link knowledge required
No tracking by S/N required
No IT visit required
No pre-staging, nor security risk if device lost
- 39. 42Confidential │ ©2018 VMware, Inc.
1. Device PLUGGED in
2. Device calls home to
REDIRECTOR
4. Config Pushed and
Device ACTIVATED
Simple and Quick Deployment – Push Activation
Installer powers up Device
Connects to Internet
(dynamic IP) without any
customization
Edge calls home to
REDIRECTOR and
authenticates
REDIRECTOR
pre-populated with
association to partner
Enterprise or Partner pushes
config
“Pull” email can also activate
activate.velocloud.net
3. Device Redirected to
PARTNER VCO STAGING
Edge is redirected to the
Partner VCO in staging mode
Edge assigned to Enterprise
account
Independent installer – no contact needed
Staging mode prior to activation
Many of the same benefits, plus:
- 41. 44Confidential │ ©2018 VMware, Inc.
Cloud Scale VPN
HUB
Edge Cluster
Cloud Scale
VPN
• Enables both simple and secure access with
integrated PKI
• Enterprise-wide and Cloud
• Automated VPN to third-party cloud applications
• Virtual NSX SD-WAN Edge by VeloCloud automates
VPN to IaaS
• Scalable any-any connectivity
• Dynamic branch-branch tunnels
• One-click enablement
SaaS Exit
CLOUD SCALE VPN and Cloud Regional Exit
- 42. 45Confidential │ ©2018 VMware, Inc.
Connectivity to IaaS
Over The Top Internet Only
Over The Top Hybrid
Virtual
Edges
Cloud Gateways
IPSec
MPLS
Internet
- 43. 46Confidential │ ©2018 VMware, Inc.
O365 on a Single Link (Brownout condition) from Branch in Thailand to Gateway in
Singapore
Optimized Performance for Cloud Apps – Office 365
NSX SD-WAN by
VeloCloud
Non-SDWAN
- 44. 47Confidential │ ©2018 VMware, Inc.
NSX SD-WAN by VeloCloud Enables O365
Branch
Microsoft Network“Microsoft Endpoint”
“O365 Tenant Location”
• Simplifies hybrid network for local Internet breakout
• Provides direct to Internet / Microsoft endpoint
• With SD-WAN performance and availability benefits
NSX SD-WAN by VeloCloud Cloud Delivered SD-WAN
- 45. 48Confidential │ ©2018 VMware, Inc.
Granular Security for O365
Other Web traffic
Office365
Non-inspected O365
“Microsoft Endpoint”
Branch
NSX SD-WAN Edge by
VeloCloud
• Supports recommended policy to “trust Office365”
• Enables granular network level bypass of cloud security for
Office365
NSX SD-WAN by VeloCloud
Internet
- 47. 50Confidential │ ©2018 VMware, Inc.
• Zero-touch provisioning
• Group business-level policies
• Automatic link profiling
All-In-One Orchestration
Multi-tenant managed IT portal * Enterprise wide * Site drill down: link and usage discovery
CLI
- 49. 52Confidential │ ©2018 VMware, Inc.
MPLS
Branch Router:
Ip prefix HUB permit seq 5 10.0.0.0/24
Ip prefix HUB permit seq 10 10.0.10.0/24
Ip prefix HUB permit seq 15 10.0.20.0/24
Ip prefix LEGACY permit 20.0.0.0/24
<additional prefixes from other sites learnt via overlay>
Route-map SD_WAN
Match ip prefix HUB
Deny
Route-map UNDERLAY
Match ip prefix LEGACY
deny
Router BGP 100
Neighbor 10.1.0.4 route-map SD_WAN out
Neighbor 10.2.0.4 route-map UNDERLAY out
CPE:
show ip ospf interface ethernet 0
Ethernet0 is up, line protocol is up
Internet Address 10.10.10.1/24, Area 0
Process ID 1, Router ID 192.168.45.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 172.16.10.1, Interface address 10.10.10.2
Backup Designated router (ID) 192.168.45.1, Interface address 10.10.10.1
Branch Router:
Interface gig1/0
Ip ospf cost 9
Intelligent Routing
After
Before
Branch
HubLegacy Site
R2
Uplink
Branch Hub
R1
R4
R3
OSPF
Preferred
Path
Default
Path
R1 R2
R3 R4
Abstraction For
Transit Hub
Self Learning For
Visibility/Troubleshooting
Self Adjust For
Path Influence
MPLS
Internet
MPLS
- 51. 54Confidential │ ©2018 VMware, Inc.
Distributed Services Insertion
On Premises Security
Corporate / Regional
Cloud Security Service
NSX SD-WAN by VeloCloud Dynamic Multipath
Optimization delivers application performance and
reliability to cloud
Automated tunneling eliminates site
by site configurations
Single-click Application-Aware Policies
for granular service insertion
Branch
Site
NSX SD-WAN
Edge Hub
NSX SD-WAN
Gateway by
VeloCloud
Internet / web
Virtual Branch Services
NSX SD-WAN
Edge by VeloCloud
Hub
Dynamic Multi-Path Optimization
Datacenter
- 52. 55Confidential │ ©2018 VMware, Inc.
Virtual Services Delivery
Micro to Small Branch Small to Midsized Branch Large Branch/DC
NSX SD-WAN
Edge by VeloCloud
• No local apps
• Cloud or
integrated
security
NSX SD-WAN Edge
by VeloCloud Services Platform
• No local apps
• One networking VNF
(e.g. NGFW)
NSX SD-WAN
by VeloCloud VNF
• Local apps
• Many VMs including
network services
CPE
NSX / vSAN
NGFW
Analytics
IoTGW
AppX
File
SDWAN
- 54. 57Confidential │ ©2018 VMware, Inc.
• From NSX-SD-WAN Hub by VeloCloud
integrated with NSX in the Datacenter
• Extends NSX-SD-WA by VeloCloud
segmentation to NSX routing domain
NSX SDDC with
On Premise NSX SD-WAN
• IPSec Connectivity from
NSX-SD-WAN Gateway by VeloCloud to NSX
in the Datacenter (Hubless design)
• NSX SD-WAN Managed private network to
NSX (SP partner Gateway design)
NSX SD-WAN Connectivity to NSX SDDCs
NSX SDDC with
Cloud NSX SD-WAN
- 55. 58Confidential │ ©2018 VMware, Inc.
NSX SD-WAN Connectivity to NSX SDDCs
SD-WAN Micro
Branch
Non VeloCloud NSX
DataCenter
CE
Public Internet
NSX SD-WAN by VeloCloud
Regional Branch/Data Center
VMware
ESXi
NSX SD-WAN Gateways
by VeloCloud
NSX SD-WAN Edge by
VeloCloud
SNSX D-WAN Edge
by VeloCloud
NSX SD-WAN Orchestrator by VeloCloud
Internet
NSX Branch NSX SD-WAN Edge by
VeloCloud
NG
FW OS
APP
VMware NSX
VMware ESXi
NG
FW OS
APP
VMware NSX
VMware ESXi
- 56. 59Confidential │ ©2018 VMware, Inc.
Extend Segments to NSX
SD-WAN segments map to SDDC segments
Branch 1
Branch 2
Retail Store
Media
NSX SD-WAN Orchestrator
And Controller
NSX SD-WAN Edge PCI
Network
Datacenter
SBC
- 58. 61Confidential │ ©2018 VMware, Inc.
• Cloud or on-premises orchestrator and controllers
• Controller functions: route reflector, VPN control, link
measurements
Incremental and Interoperable SD-WAN Rollouts
NSX SD-WAN by VeloCloud Orchestrator
NSX SD-WAN by VeloCloud Controllers
NSX SD-WAN Edge by
VeloCloud
NSX SD-WAN Edge by
VeloCloud
NSX SD-WAN by VeloCloub
Hub Cluster
OSPF, BGP
BGP Route Learning and
Distribution
OSPF, BGP
OSPF, BGP
Co-exist
Replace
Legacy
Internet
MPLS
- 59. 62Confidential │ ©2018 VMware, Inc.
Internet
MPLS
• Use VRRP to make VCE the default
gateway when is it up
• Provide failover/redundancy
with existing CE
• Use routing protocol (OSPF or BGP) to
direct traffic to the VCE when it is up
• Provide failover/redundancy
with existing CE
• VCE is the default gateway for the
branch traffic
• Deploy VCE in HA pair to meet the
redundancy/availability requirement
Branch Deployment Options
CE E-BGP
L2 SW
VRRP
Co-exist (L2) Co-exist (L3) CPE Replacement
Internet
MPLS
E-BGP/OSPF E-BGP
L3 SW
E-BGP/OSPF
Internet
MPLS
E-BGP
L2/3 SW