Hi. I am Rachna Srivastava, Senior Manager, Product Marketing at VeloCloud which is now part of VMWare. Today we're providing a technical overview of NSX SD-WAN. Let's go ahead and get started. So, before I jump into the details, let's talk about what problems does SD-WAN address, what are current situations like and what SD-WAN as a technology aims to address. So first, SD-WAN primarily applies to branch locations. Think of retail environments where you have hundreds and thousands of retail locations, think of banking, finance, hospitality with hotels or think of an enterprise that has branches all over the globe distributed. How do all of these distributed locations connect to their datacenter or to cloud applications which is a very common thing now? Traditionally, all of these locations are connected to the data center by private lease lines or MPLS links. Now, these links are expensive, they're complex to manage, it takes a long time to get them on, so you're dealing with expensive private lines incurring Capex and Opex both. Second problem that as SD-WAN addresses or aims to address is the problem of backhauling for cloud services. So for example, if I have an application in AWS or if I need to access let's say salesforce.com or anything that's in the cloud, even for anything that's in the cloud, I'm actually sending all my traffic over the private link to my data center and then from the data center, it gets back hauled to the internet. This is not a very straightforward clean way of accessing cloud traffic which is already in the internet. So, what we need is a better way to access traffic that's in the cloud, applications that are in the cloud directly without having to backhaul over a data center. A third problem that we see is just slow rollout time, slow deployment times, it takes three months sometimes to get an MPLS line in especially in remote location and our branches could be everywhere. It takes that long and so it takes a long time to bring up a new branch and that's not a very good way of managing today's branch environments. The last challenge we see is just applications that they run slow. We now have lots of media-rich applications. We have video, voice, there's just a lot happening in terms of what's in the cloud, what's being accessed from the datacenter, a combination. So the experience at the end of the day it's about the user experience, the user experience is not optimal because the applications that we're trying to access from our remote locations are slow. So that's another problem that SD-WAN aims to address. Now that I've kind of talked about what SD-WAN solves, let's talk about VMWare NSX SD-WAN by VeloCloud and what do we do. There's three key differentiators that VMWare NSX SD-WAN makes possible. The first is eliminating complexity. So, a simplified way of managing WAN or wide area networks, how do we do that? So, again, let's go back to a world before SD-WAN, you would have multiple point products at individual brand locations, you have a router, you might have a switch, you might have a firewall device, you might have on optimization devices. Multiple point products you're configuring, you're managing their support life cycle, it just takes a very long time and configurations for individually all of them, it's complicated. What we do is we really take all of that complexity out. So, we make things simple by first bringing in the concept of Zero Touch deployments or low IT touch deployments. By that I mean simply ship the box to a customer location, you don't even need a skilled IT personnel at every branch location, you can have a non-skilled IT person simply connect cables, plug the device in, we have ways to push the configuration down and off the box goes. So, really simple, make it easy to manage particularly when you're looking at lots and lots of locations. The second is this concept of policy abstraction and bringing in some automation, abstraction and really making it about outcomes. So, from a user perspective instead of saying this is what I'm looking to configure, I'm going to configure maybe 10,15,16 lines of CLI to achieve something, we simply state this is the end result we're trying to achieve. Maybe we're trying to get to AWS, maybe we're trying to create a particular segment, but whatever we're trying to do we're simply stating that in the UI really abstracting out a lot of the complexities and providing something that's truly outcome driven. So, really simplifying WAN, WAN management and making it cloud-based. The second that's very relevant and important is the idea of a assured application performance. At the end of the day, it's all about the applications. So how do we make sure that the applications we're trying to reach no matter where they're located and no matter how you're trying to access them whether you're accessing them over LDE link, a 4G link, whether you're accessing them over MPLS or internet. No matter how you access them, how can we make sure the application experience is uncompromised. And that's what we do with an assure application performance approach. One example I like to bring here is think of a construction site. Typically, a construction site is an open area, there isn't much going on there, there's nothing literally, no connectivity nothing. So, we bring in a temporary trailer. We can set up a LTE 4G type link and bring in an SD-WAN box and all of a sudden, we're able to get secure reliable connectivity over LDE in a very, very simple manner. So again, the application experience for the users using accessing the applications are uncompromised. The third important part here is what I had touched upon earlier as one of the problems SD-WAN solves. Which is, do we really need to backhaul traffic across the data center and then out to the cloud if the applications are sitting in the cloud. So, you can really have direct internet access. But the challenge then is how do we make sure that internet is secure reliable and we're able to really take advantage of internet. So for that basically, what we're doing is we're providing a managed cloud on-ramp. So a managed cloud delivered way of accessing applications that are in the cloud and we do this with our gateways. So, we'll talk about that in the slides ahead but basically ability to get direct cloud access with performance, reliability, and security. So, those are the three key differentiators and what really makes up a true SD-WAN solution or a genuine SD-WAN solution. We have to look for these three capabilities. Now, a little bit more into our deployment models. There are two ways that we typically will deploy SD-WAN in a customer environment. First is what we call enterprise or over-the-top. So, one of the benefits of SD-WAN is that it's an overlay technology, NSX SD-WAN which means it works with customers existing networks and you're basically simply overlaying the technology on top of an existing network. The second is a model we use for service providers. How do we make sure service providers who are offering SD-WAN as services to their end customers are able to use this technology to full advantage? We have two deployment models and to your left of the slide, I want to direct you to three ways that make our solution extremely flexible. So, we start with a services platform. So, think of, like I said, a traditional branch may have multiple point products. You might have a router, a switch, a firewall, one optimization et cetera, we're saying a lot of those get consolidated and SD-WAN box is capable of handling most of these services and functions. So, think of a single box and offering a platform on which you can run multiple services, SD-WAN being one of them but you can run security and these can be run as a v and f, a virtual network function which is running alongside your SD-WAN service. So, a services platform is a way we offer multiple services to run on the same box. The second is where cloud-delivered. So, by cloud-delivered, we mean all of our components and we'll talk about our components in a second, but every component that participates in SD-WAN is cloud managed, is leveraged in the cloud and so it's built for the cloud era, and the third is something I touched upon earlier which is SD-WAN is also an overlay technology which means it works with your existing environment and you're just overlaying the technology simply on top of what you already have. Now, let's talk about the first deployment model which is over the top. Now, I'll walk you through pieces of this slide in pieces. So, let's start off with the Edge. Is what you're seeing on the brand side where you see an SD-WAN branch. This is the NSX SD-WAN Edge. This is what goes into the branch, this is a software and this software can go on a variety of different options as far as hardware is concerned but this is what's required at the branch. On the data center side, this is a bookended solution. So, on the data center side, you also need an Edge or a cluster of Edges for capacity. So, you have two. Then the third piece to think about is, how do we get to cloud applications? So, closer to the cloud applications, we have strategically placed all over the internet our gateways and gateways are the technology that make secure reliable internet connection happen. So, we're able to create automatic VPN tunnels between the Edge of the branch and the gateways that are in the internet or between the Edge and the datacenter. These gateways are strategically placed close to most common SaaS applications or cloud applications so you're able to access applications in a secure manner. The second part to note is we are also an instance in AWS or Azure which means in the marketplace you can simply go in and launch an instance of NSX SD-WAN, bring it up and then you have a secure end-to-end connectivity between your branch and AWS and Azure. So, there's different ways in how we deploy this. Now, we were to say we're going to have 100 retail locations. All of my retail locations need to access a loyalty application that's cloud-based. What we would do there is have all of your retail locations automatically connect via the gateway, to the gateway automatically and then from the gateway to the loyalty application, we will create a single IPSec tunnel. That really simplifies the configuration. Instead of creating individual tunnels between the Edges and individual one-by-one to the loyalty application, we're actually creating automatic tunnels to the gateway and then one tunnel from the gateway to the loyalty application. So, that really simplifies things and gives the benefits of side-to-side SD-WAN plus cloud gateways for Saas. Second option is how do service providers take advantage of this technology? Again, service providers have a provider network. So, we're able to, for private links, leverage the provider network and for Internet links, we can basically go directly. There's a technology called dynamic multipath optimization that we'll talk about in a second, but what you're seeing here in those colored bars sort of going out is the technology that's in play to give you a short application performance. So, in case of a service provider, the SD-WAN is used for the last mile access from where the provider Edge ends to the final destination. We also are taking advantage of the private network for the mid mile. So, SD-WAN helps there as well. Another option that you see here is a Hub-less deployment in datacenters and non-SD-WAN sites which means, if customers don't want SD-WAN in a legacy data center or for some reason there is no need for putting in a equipment at the data center, all of the branch locations can connect to the gateways. From the gateways, we will create an IPSec tunnel out to a data center where you don't want SD-WAN. So, a service provider can also leverage and offer it to their customers through this method. Now, I want to touch upon one more time the components of the solution. So, again, let's start with the Edge. Edge is software and Edge could either go directly bare metal on purpose-built hardware or the other options are it's a virtual Edge that can go in AWS or Azure or if we have a UCP which is a universals Customer premises equipment, we could have multiple VNFs on which you have hypervisors and then you have the Edge software running on top of the hypervisors. So, we have different ways in which we offer the Edge to run. Again, Edge will go into the branch, Edge goes into data center, or Edge goes into the cloud. The second and one of the most important components to keep in mind is the management. So far we've said, we abstract the policies, we make it about business outcomes so we have to think about how do we do that? So, we have NSX SD-WAN orchestrator, this is the management portal, this is a multi-tenant cloud-based management portal. By multi-tenant I mean, a service provider can have multiple customers on it, a partner who's buying services from us can have many of their own customers with instances or if we're managing it directly, we can have multiple customers running on the same orchestrator and giving them their own environments. This is a multi-tenant cloud-based configuration and management portal, it's also our analytics portal. It's hosted either by us by VMWare, or it's hosted by a service provider or sometimes a customer will have all of this running in their own environment. But most commonly, this is hosted by VMWare. The benefits are it's giving business policy abstraction. So, making things really simple again taking away a lot of the complexities will talk about what they are in the slides ahead but things making it really, really simple, making troubleshooting visibility operations easy. We have API, so we'll work with Splunk and other vendors and we also enable when I talked about earlier Zero Touch deployments or low IT touched deployments, all are enabled through the orchestrator. The next third component are the gateways. Again, the gateways are optimized cloud on-ramp and they are placed close to Saas applications or cloud applications, they're also a service offered by us fully managed in some cases, a service provider will then run them in their own environment, and they're strategically placed close to top-tier network pops so that access to these Cloud applications becomes really easy. The next component as we go into detail is the orchestrator. Now, orchestrator, like I mentioned, is a multi-tenant managed IT portal enterprise wide view, you can drill down into individual sites, you can know what's going on with individual links but you can also have a higher level and look at every so if you have hundreds of sites, you can look at all of them and see what's happening. So, you can see what's happening to the links, and do some usage discovery, Zero Touch operations and also select your group and business level policies in the orchestrator. Little bit about our gateways. These gateways again are placed in more than 30 regions worldwide and that's what makes it easy for secure reliable cloud access. Beyond the components that we've discussed, there's few technologies that really make a user experience superior and enhanced. So we'll talk about a short application performance, six simple and secure VPN, segmentation, we'll talk about distributed services insertion, intelligent routing and Zero Touch operations. So let's start with a short application performance. So what you're seeing on the left side is this is a video conference that's happening live and this is a real example, what we've done is to see what happens. We've introduced a 2% packet loss and a 2% packet loss can be tremendous when it comes to quality of video. So on the left side, there is no SD-WAN enabled and so 2% packet loss makes the call completely useless. Whereas on the right side, with VeloCloud the same packet loss has been introduced but the user experience hasn't changed, it continues to remain good. And that's one of the reasons why customers really take advantage of SD-WAN. How do we do this? We leverage a technology called the Dynamic Multipath Optimization Technology. Every link that's available whether it's single link, two links, three links that are going out from your branch out, we're monitoring it continuously. So we're constantly monitoring the quality of every link. If we noticed that there is a brownout, by brownout I mean any kind of slowness or any jitter et cetera, we are able to steer packets sub seconds between the links, and that means sessions are not being dropped because the reason why you start hearing a choppy noise or poor quality video is because sessions are dropping and then the quality is impacted. Because we have monitoring the links and we're able to steer packets really quickly between the links, we're making sure that the user experience does not get impacted. If you only have a single link for high priority applications that you will mark, we will then also make sure that we were doing some forward error correction to make sure we're detecting brownouts we'll correct the link as we go as best as we can and so you can still have a good quality experience on a single link. And what you see here on the left is an example where one of our customers actually started out with MPLS links, private links had a poor experience, brought in cabling, still had a poor experience when they're brought in VeloCloud, there was great quality and showed because we were able to then steer between the two different links that were available and make sure the quality is maintained. Another key technology to discuss is segmentation. So, segmentation is a way to isolate traffic types and keep traffic secure. From a branch location, let's take an example of retail. We might have, we might allow guests to browse. So you might have guest traffic, you might have corporate traffic, you might have PCI traffic, PCI traffic is for point of sale transactions for compliance purposes. So we want to keep this traffic separate. We can actually create individual segments from individual branch locations and each segment can have its own topology and can have its own policy. So for example, if I have a voice segment and I said this is for my voice calls, if I'm calling one retail location to the other, when the call is made, I will create a tunnel that's dynamically created between the two branch locations. When the voice call is complete, the tunnel is torn down so this way resources are not up on both sides. Whereas for PCI traffic, I might have additional strict firewall policies. So I'm able to have my own topology, I'm able to have my own policies and I'm using the orchestrator to create all of this and deploy to hundreds of devices. So again, I make it simple, at the same time, I'm making it very efficient and secure. All of this again is managed by the orchestrator. The next is services insertion. This is about how do we have multiple services running alongside SD-WAN and how do we leverage some of the cloud security that's available to us? So we'll start off by what's in the branch. And the branch you have an edge device, we have services platform of which we provide a VNF, virtual network function, you can run a third-party security VNF so there you have firewall running alongside SD-WAN. Now how do we make sure all of this is managed? From the orchestrator we're actually able to bootstrap both the SD-WAN and this the VNF, let's say it was a security vendor, and once it's bootstrapped up and running, we're then able to connect to the security vendors management and they get their own configuration. What that ensures is reduced truck rolls, we're not sending IT every time to fix, we're also leveraging less space and we're making it much more streamline and less complex. If it was cloud security, we again work with a variety of cloud security vendors so that all branches can connect via the gateway to headed over to the cloud security vendor before they go out to the internet, so we can partner with cloud security vendors and make sure that's happening. We can also support a traditional backhaul method where we could have edges at the datacenter running alongside a firewall and then traffic goes out, touches the edge and then the firewall device. Now as we move forward, we want to talk about a way to enable zero IT operations. We'll talk about a very simple example of push activation, devices shipped from the factory to the end location, there's a staging environment where we've staged for this device to connect, the device calls home to a redirector from the redirector as soon as you plug in, it'll call home to read director from a redirector goes to staging site that we've preset and then the configuration is pushed from the staging site and the device is activated. It is as simple as that again no need for skilled IT personnel at every location to bring up this device. Some of the capabilities around routing. We've made things very simple whether it is configuration. So for example if we were to advertise up-link routes in a traditional router, there would be at least 15 to 20 lines of CLI that would have to be entered and across multiple routers. In this example, we're able to just go into CLI simply select what we need at and that's it, that's what we're doing and deploying it across all of our edges, so we're able to just click and select and make it really simple. The second is how do we troubleshoot? How do we get visibility across all the devices whether they are routers or VeloCloud devices? Again very simple, before we would have to go into individual devices and see what's going on, what's connected, now we're able to just have go into the orchestrator have a single view and look at every device, who's a neighbor, who's connected, what link is up, what link is not working. Third is the edge is intelligent, the edge self-adjust itself to make some relevant decisions and configurations. For example, the edge might decide based on the path we need to take. So by default, we will always go on the overlay which means we'll go from branch location to edge to the next edge and so on and so forth. But in some cases, the destination might be closer to go through a traditional non VeloCloud location on a router in which case the edge will adjust its path so that the right route is picked. So again, it's learning from its neighbors, it's adjusting, so it's able to do some self-learning and self-adjusting. So again there's some capabilities built-in that allow for SD-WAN to be very, very self-reliant. So with that, we're at the end of this session and I thank you for your time.
