 This thing on yeah, okay. Good morning. Let's let's try that again. Good morning Welcome to the Cisco sponsored track sessions. This is our third session out of four today We're gonna be talking about deploying and operating an NFV cloud We've got a couple of great presenters Narendra Narendra and Juan Ramon Acosta are gonna come up and give their presentation Juan is one of our principal architects Narend senior product manager Been working with both of them for a while. You're in for a great presentation Just to save you all the trouble of Snapping pictures of the screens during the presentations all of these slides are gonna be up on slide share within Probably 48 hours. You can all if you can go right now So there's a general Cisco account on slide share where you can go get you all of our stuff But the slides from all of our sponsored track sessions will be up Certainly before the weekend so you can save yourself a lot of space in your photo library The other thing I just wanted to remind you of is on your way out today We're gonna sort of funnel you all out that way stage right Don't forget to grab your Cisco runs on open stack running socks Yes, thank you. Thank you very much so without any further ado Narend and Juan and Deploying and operating an NFV cloud All right, thank you Gary We will have some time for Q&A at the end Morning folks. I hope you're all doing well So about that good morning from Gary if you did not notice about how insistent it can be if you can You can just look at that slide there, you know Do you see anything about that little guy on the left hand side there with the glasses on how does he look like? You know just look at Gary one more time So anyway, so you guys are having a great summit here glad to be here glad to be talking to you we have a Combination of a presentation today for you in terms of not just deploying a cloud and managing and operating it as well as Deploying NFV applications and if we stack On top of it so that you have end-to-end solution that runs on open stack. It lives on open stack breeze on open stack So one's going to be my partner in crime to talk about the second part of it. So let's get going So There's a big major transformation going on on the service provider Space, you know, it's primarily driven by open source. That's why we're all here Lots of different types of open source projects as well as NFV in terms of virtualizing the network functions And SDN and each of these are not something by themselves. They have a whole bunch of ripples in their own Accord in terms of you know NFV is not just about virtualizing anybody's network function. It's all about being standardized interoperable interworkable and all of that so With all these three forces coming together, you know, it's basically driving the overall transformation for SP's in terms of You know, you name it and that application is being disrupted today in the way that it can be managed deployed Operated as well as used for business outcomes. So mobility managed services video security general purpose VNF workloads DHCP DNS whatever you want to call all of them are moving on into this transformation one key Aspect about this transformation is while all of this is happening at multiple different levels multiple different areas on the infrastructure side There's a couple of thoughts one is you know infrastructure needs to be kind of completely glued to some of these applications However, at the same time Such infrastructure needs to be available in a general purpose manner so that I can deploy any kind of workloads Providing me different business outcomes On the same infrastructure the infrastructure needs to be flexible enough to accommodate those different workloads As well as be able to accommodate the different needs and capabilities that the infrastructure needs to provide And so this is a bunch of these things that we're going to talk about in many different ways But those are the demands that we are seeing right and why why obviously, you know We want to reduce network appliances purpose-built appliances and move towards a more generic infrastructure where things can be easily expandable reusable movable and even removable Automated service creation so One's going to take you right into it in terms of how quickly you can turn on a service today compared to what it used to be before and Self-service personalization again, you know infrastructure is one thing But how do you do it do it from the application on top, right? We're going to cover these two aspects in a lot detail on the second half of this presentation and From an infrastructure point of view again, you know If you're used to SP networks SP infrastructure one thing that you always want to have is availability resiliency and You know, how do you get that out of an infrastructure, you know, you want to generalize the infrastructure? You want to virtualize everything, but can I manage my availability? Can I manage my downtime to be as minimal as zero or close to zero and how can I achieve that? So we'll talk about some of these aspects today a Little bit in terms of the approaches being taken in the market So this is a survey from light reading covering about 120 service providers And you look at this slide. I mean the key messages are you know, your yellow boxes there, right? There's three or essentially four different types of approaches Seen here. However, you know, you can club them into three overall. One is a do-it-yourself 20% of those customers are looking at How can I pull all of these things together whether it's hardware software orchestration management? I'm going to pull it together I'm going to put it all in a manner that it can be usable Operatable etc and there's a certain amount of percentage about 15 or 14 percent Who talk about a la carte in terms of you know, I'm going to bring a la carte pieces and figure out how I Manage this and there's a good 40 percent of these Customers out of 120 who said I would rather prefer a pre-integrated solution. So what's pre-integrated pre-integrated is something that's You know put together hardware software VNF orchestration management You know VNF management, etc. All together Tested validated so that you know what you can expect out of the system You know what sort of services you can turn on what are some of the things that you actually cannot achieve and you've got to go For a different option, right? So that's what I would call pre-integrated and a majority of those customers are in that bucket is a 26% of them You know Similar to one of the adoption curves that you would have typically looked at a part of these customers are also waiting to see how things unfold so that I can they can follow the leaders and Save you know kind of take the safety net if you will So, okay, so that's what the customers are saying, but what exactly is needed for a successful? NFV stack a successful NFV outcome Right You got to look at this from more than one dimension Obviously, right? So what are some of those key dimensions? One is obviously the virtual management or the virtual infrastructure management So we have open stack, which is the most popular virtual infrastructure manager out there In the container space Kubernetes obviously is gaining a lot of ground and it's pretty hard and emerging in terms of for manager The second part is the data plane itself and we talk about Networking packet processing packet pushing packet management Obviously, you know data plane is the most important thing when it comes to actual customer data and customer outcomes So in this regard, you know, we have DPDK making you know bringing in a lot of innovation. We've had a Sarai or V to give us that wire rate like Behavior I won't you know, I chose the word behavior instead of performance because you got to do a whole bunch of tuning at different places As well as Fido if you don't know Fido here is Fido fd.io is what it's called but it's also referred to popularly as Fido Fido is Cisco's project of vector packet processing that has been open sourced got a big community around it now people, you know Committing code releasing things month on a monthly basis leverages DPDK and is proven to provide Amazing performance with certain workloads so at the high level Do need to work on data plane faster data plane better IO in this world and In terms of configuration and management interactions, obviously, you know, you do need to have data models and automation IETF is working on this in a in a very detailed manner. You got netcon fyang a whole bunch of things in that arena So and then operating system is the other one you got to run your stuff on something. That's an operating system So that's popularly Linux And then storage sef is being very popular for its resiliency and redundancy as well as some of the availability capabilities And Docker as an infrastructure as well is gaining momentum in this space from a container point of view So that's the infrastructure But somebody has to manage the networking components in terms of building overlays taking off overlays dynamically configuring networks for a service chain that's coming up So obviously SDN or SDN controllers are very important from a Cisco point of view VTS or what's your topology system and ACI application-centric infrastructure or two options But however from a generic in a generic perspective SDN and network integration as well as configuration management is very critical in this space There's a whole bunch of activity going on in service chaining connectivity. How do I bring up VNS? How do I chain them? How do I connect them? How do I take them off? Yet at the same time get better performance get the you know visibility get the perform I get the Flexibility that I need so that's where IETF has been helping us the whole bunch of standardization and of course segment routing is something new that can do some wonders taking your Networking all the way down to the top of rack or the compute node and isolating Well, you know flows for visibility as well as better performance and above all You know end-to-end requirements in terms of standardization You know interoperability across vendors across stacks, you know mainly driven by ETSI and OPNFV So another dimension so we looked at what are the requirements different levels capabilities at the same time when you look at What type of deployments customers want to go with it's not one or two It's end-to-end across the network in all places of the network And if you see from here from your left-hand side to the right-hand side, it starts all the way from the customer edge to the cloud and If you see the footprint the use cases are varied from left to right here However, the common ask is an infrastructure that can enable multiple of these things that can be easily and commonly managed across end-to-end and Be monitored Be troubleshot easily, etc. Etc. There's a whole bunch of Examples for each one of these places, you know these slides are going to be available on slide share So we'll leave that for your nighttime reading So overall, you know, we looked at the deployments. We looked at what are some of the key Components what's going on in the industry in terms of transformations All in all if we had to summarize what are the key requirements of an SP infrastructure? It boils down to these six not only these six, but the top six right the very common themes that we've heard over and over So one is carrier class infrastructure. So You virtualize you give me the flexibility you give me The expansion capabilities, etc. But don't take away my performance Don't take away my availability that I'm used to right and the end customers are used to in Through which SLAs are written up SLAs have to be met etc. It's very critical Use case agnostic. So we've seen this there's many use cases many different places, but make sure that Each one of these use cases by can be enabled by an infrastructure that can do all these things Standards based modular elastic standards based obviously, so that's in there is interoperability one of the key things why we are all here is about open source and Reducing the vendor lock-in, but is but enable interoperability and better capabilities for the customer, right? So obviously makes sense Modular and elastic be able to expand or reduce my infrastructure as well as be able to expand The business workloads that I'm running on an infrastructure very easily without tearing down systems and having a multi-hour downtime Have to install newer sets of capabilities and unrelated Sort of disjointed from the existing infrastructure, etc Of course all in all on top of this put a little circle around all your infrastructure and say it's got to be Managed by a single unified management system or a set of capabilities where you should be able to monitor the system Proactively as well as you know configure operate, etc and One of the most important things that we have learned over the last few years Interacting with customers is everything is great You know it goes back to that 40% of the customers who want to have that package solution. It comes to this is Let's bring all of these together, but at the end of the day I would like to have one single vendor as the owner for my support contact So if there's an issue there's one number I call right and that's always going to be Gary, right? So If you don't know Gary we will introduce him at the end of the show Alright, so multi-level security. This is another important thing that we kind of drop or ignore very often is Is my infrastructure secure? When I deploy this in a service provider environment Is it capable of Avoiding some of the attacks from inside and outside Can I manage my passwords? Can I manage my file ownerships and a whole bunch of things in ways that it really is a carrier class infrastructure? so How are we? You know viewing the ETSI NFE framework. How are we delivering some of these capabilities through Cisco? So here's the Etsy manner framework Very familiar to you folks what we have done here is we have divided this into two Fundamental things the bottom half is called the NFV infrastructure and the top half is called the you know quote-unquote NFV application layer And in infrastructure, basically, it's a set of compute storage network hardware. I you know virtualized and provided to you as virtualized capabilities of the same with respect using OpenStack as the virtual infrastructure manager and In Cisco NFE I you know we have a whim called a Cisco virtualized infrastructure manager NFE I monitoring unified management SDN controllers and Hardware in terms of compute network and storage Here's the Cisco NFE architecture You know again bottom half is the infrastructure as we discussed the top half is the VNF manager The network whim as the SDN or the SDN controller orchestration and you know resource management with NSO which is stay left and a whole bunch of VNF CSR 1000, ASAV, etc. That one's going to talk about to you in a minute Another important aspect is you know while we do this while we enable all these things that we discussed in the last few minutes We actually do want to do it in an open manner so we have a trifecta of partnership with Red Hat and Intel along with Cisco to drive innovation to drive open-source work in OpenStack in container space in many other spaces like you know Kimo, etc. And Also drive some of the projects, you know looking at all the common requirements We would like to come back to the community and drive some of these projects with you so that you know all of us benefit from those deliveries Use cases let's jump to this Right, so as we talked about it's the same common infrastructure, but can deploy virtual managed services Mobile infrastructure mobile applications as well as media and generic SP workloads So it's one single infrastructure, which is flexible to enable capabilities for each of these things according to what workload you want to deploy and And all of that or most of that is powered by what is called as Cisco VIM Cisco virtualized infrastructure manager I'm going to build this out in the interest of time You know it's got a installer and a life cycle manager, which can Install your OpenStack cloud in about three to four hours Consistently every time with all the configuration that you want to be enabled in the system The the control plane is containerized and some of the industry folks are now moving towards this or have plans to It's you know, we've written a bunch of tools and we've open sourced all of these for HA verification else check virtual throughput VM throughput testing as well as Others where we have written these tools knowing the requirements from customers and then we will open source them so that you know the community can Benefit from this as well as improve on them depending on their own customer requirements on top of that We've enabled some cool capabilities for logging and monitoring. Of course security is an ingrained piece of work within the Cisco VIM and its CI CD enabled so that You know things can be Delivered as quickly as in less than 24 hours to a customer. Here's the list of tools I'll leave this to you for Peruzer later, but Essentially each one of these addresses a specific part or a specific need in terms of how an infrastructure should be operated Or she can be operated and proactively managed so with respect to use cases, let's Double-click on this and I'm going to request one to take over and talk about what you'll manage services. Thank you Thank you, Naren. Good morning everyone Cisco's Multi-service platform VMS is being thought of Taken in consideration some of the service provider requirements. I think Norensa's like three capture I think the essence of Their motivation to go BNF and that's basically agility how fast and consistently can I deploy? very well-known Network constructs for my customers Reliably and at the same time be able to do them elastically that means that depending on the demands and depending on my customer requirements, I can actually do them without having to ship an army of people in Based at all in software. So VMS provides you with a group of prepackage standard Functions that we call service packages which are a standard connectivity models for an enterprise to connect to the service provider or to provide wide area and access to their entire organization and We are doing all that orchestration and configuration using industry open standards young models So we're basically are taking is the configuration sets that need to be pushed into the network functions We abstract them with the young with young models and then we orchestrate them The service providers also can take advantage of the platform to create their own their own value out in Different levels one of them is if what the service packs provide to them is enough And they just need based on a customer need and little tweak or an an adjustment They can extend what the service packs Provide but if they need to build a brand new service, they can actually use the VMS SDK that we provide. So let's diving a little bit more into what are the Managed services for service providers that we we provide so VMS is a cloud ready application being cloud ready means is you have to take care of the operations of the service provider In essence, you need to be able to build new services create a catalog of offerings And also be able to make them available to the customer So VMS provides you to create that as an operator as I mentioned using the combination of service packs and the extensibility tools and also provides another control aspect of the platform as an administrator Who has access to the system? Who are we going to be managing or defining as a tenant and what are the resources those tenants are using and the most Important is the self-service aspect to be cloud ready. You actually need to put all the things that are already known and Systematically repeatable and they are well-defined put them on the self-service Portal so the customer can just make choices and deploy and start working When you look at the VMS service portal You as a customer are going to be able to purchase new services those services that as a service provider You put together for that customer whether our customizations of VMS or out of the box You also can define what are your? Service level agreements that you're going to actually contractually Obtained from the service provider as a customer and you're also going to get a Monitoring view of how is the health of your services given you some I will say basic Information and telemetrics of how your service is operating from the service provider perspective again for those Canonical services that they deploy and they're providing service for they have a viewing to How is the service performing? Is there any help that I can provide to my customer if there are any deviations from the standard behaviors? Okay, so you at one point have a one-stop shop for Basically managing all the network services, but the important aspect here is the platform is built Based on the promise of open stack that is resilient That is flexible and also can elastically deploy virtual network functions at the point of consumption or where the customer needs them but that also brings to the table is the ability for the customer to manage their assets in their Information as a traveling by defining probably policies or different types of traffic management Prioritization that they need When we start looking at the side management from the customer service provider perspective They have the control of their services They are consuming and they don't need to worry about sending up a group of people to actually rack on stack and monitor All that information is collected by the platform over the cloud basically having a constant monitoring of the devices or the Network functions that have been deployed for the customer Collecting some data and summarizing and presenting them on an easy consumable manner The service packs of function packs that I mentioned earlier are really as I mentioned the well-standard connectivity models that a cross service provider Service providers in the world customers are consuming The first use case that we're presenting is cloud VPN Which is basically provide a customer and enterprise the ability to connect to the wide area network But also provide them access secure remote access into their organization VMS will provide the ability to select to the customer what level of security they want whether they want to provide remote access for Mobile users, but also they can define what type of security inspection they want on traffic that is coming in But I think most importantly is that they actually select the ability to deploy their wide area access Dynamically and they can choose what are the capabilities that that access to the one would be The connectivity to the sites is usually IPsec and a secure manner So all the traffic that is exiting the organization through the service chain is going to be protected end to end another common use case that Service providers are dealing with on on the industry is they already have a lot of MPLS Network sites deployed and that is a very costly service. How would they actually bring those? Remote offices to consume virtualized network security services into VMS We provide what we are calling the converge edge which in networking terms will be equivalent to a virtual P So the customer does not need to actually redeploy another service chain or another virtual service It just tells VMS. I want this endpoint to be connected and converge into my security services The next use case that we are putting forward is the concept of virtualizing the entire branch office What that means in the past you actually have a guy willing in a Set of devices rack and stack firewall remote routers and everything So what we are now requesting is deploy the simple or smallest Open stack deployment and all in one or a KVM as basic as that connected into the service provider network and what VMS will do is provide The customer a choice of catalog. How do you want your branch to look like and based on that selection? VMS will basically push the flavors and the images to the remote hypervisor Configure it stitch it and make it available for connectivity If the customer will require access to the wide area network that VMS will also will be taking care of that by who can either converging it into the security service access or Creating a new IP sector tunnel into the wide area network access Okay, here VMS is still is living and breeding the open stack promise which is Elastically deploy virtual network functions at the point where the user needed Reducing the cost the maintenance and since VMS as a plus platform is providing the monitoring and the lifecycle Neither the customer and the service provider have to spend more than is necessary to lifecycle and maintain those VMs increasing Dramatically their service time For example, the average time to deploy a full cloud VPN service is in the range of Five to ten minutes depending on the location and the latency between the two endpoints the last service that we provide on VMS is basically a Network control plane. So basically you are controlling and managing your wide area network from the cloud the only thing the customer needs to do is to physically deploy a Customer advice on the customer premises Pointed to the service provider network and zero touch configuration will basically Allow that device to join the wide area network. It will allow it to open up connectivity either over the internet or MPLS using dynamic multi-point VPN so the customer can actually Decide which path the traffic is going to navigate or go through to reach another endpoint within their Corporate network going through the service provider network the ability for the service provider to manage the I1 or the the wide area network for a customer relies on the fact that the Service is constantly monitoring what happens at the endpoints whether our physical or virtual the Managed the management plane will constantly be collecting the information and will be able to react either to changes or anomalies that happen within the service that is being deployed and Cisco's play for Sover-defined wide area network is basically embodied by the I1 use case that VMS as a function pack is providing on the solution This is like to summarize is what are the advantages that the service provider and the customer bring to the table? By using VMS on top of OpenStack thinking that OpenStack will provide all those benefits that we've been talking about Just very briefly to close out on the other aspect of VMS VMS provides you with extension points So as we mentioned if you need to extend the service packs You have the ability to actually add on the value that you need in order to make a difference and make the customer happy and use A business increase your ability to deploy new services we provide Ability to extend every single point along the workflow of provisioning a service All the way from this serve the cloud service embodiment Which is what you put on your portal and your front-end to what is the configuration that is going to be pushed into the network device? All going across the platform You can also build additional services if you as a customer have a very Prefer customer. I'm sorry vendor of network functions and you don't want to use Cisco We provide the ability for you to insert that network function into the platform and manage it We call it opaque services because if you as a customer want to take advantage of your investment We are just saying VMS will lifecycle and monitor you VNF Go at it plug it in and it's up to you as a service provider to provide all the guardrails and monitoring aspects That you need for that VNF to work But be but from the VMS perspective it still is a managed service on the cloud that will be subject to all the Constraints and rules that VMS puts for managing virtual network functions on OpenStack if you need to create a Brand-new service the platform is providing you with an SDK that we actually made available on the Cisco DevNet on Cisco DevNet you can actually get a step-by-step tutorial and examples on how to build a brand new virtual managed service that you can plug in and Deploy it into the VMS management platform Okay Just to summarize Out of the box as we have on VMS 3.0 the product rate supported Network functions are listed on our right-hand side and for those that are POC Which means Cisco will not be able to provide support are the ones showed on the left side and As I was mentioning on the previous slides, these are the VNFs that if you don't want to use Cisco VNFs these are the ones that you can actually play with on VMA on the VMS platform With this we conclude the presentation for VMS We'll like to open it for some questions We've got about four or five minutes for questions. We've got mics on both sides or I can bring you a handheld Thank you There was a session yesterday afternoon when Verizon talked about a gap in OpenStack They have a requirement for the RBAC function rule rules based access control Do you recognize that as a as a gap in OpenStack? Can you support it in another way? Do you recognize that whole issue that they raised? No, honestly, I haven't been able to attend that session so you know RBAC in terms of Managing OpenStack or RBAC in terms of Network functions and enabling network functions. I mean Okay, I can give you An answer based on the VMS framework. So VMS is actually managing the network for you And it's actually on a control environment. So the service provider. Yes, we'll be exposed by that Hold on the OpenStack But since the environment at least VMS is on the management protected side of the service provider the service provider and The service provider has control to prevent Unauthorized access to that. That's one side VMS will only allow access to users defined within the authentication control plane of VMS and For accessing any resources direct to OpenStack That is a service account that is never exposed to end users or administrators. This is something that the data center Operations team will have under control and very certain will be under the regulations of the security and trust team of the service provider But we don't and also we don't Store any clear text passwords. So we are at least on that on that front restricting The access from our authentication and roll access level that we define on VMS So we are kind of a layer on top of OpenStack preventing that Anybody else? Okay, you're gonna make me work for this, aren't you? so there is a Linux foundation sponsored open source project called on-app so basically is a telecom operator Leading the the effect to I think the the project is cover similar things about the Whatever you just presented. So my question is how the Cisco What advantage or strategy Cisco has to you know pursue the those VMS and to To convince the operator they will they will not choose the open source one. I will choose the Cisco one Thank you Okay Yes, I mean I actually wouldn't look at it in that manner whether it's Cisco or OpenStack, right? So this is something that VMS is something That's being built and packaged given customer demand And if you see there's openness all around in terms of the platform as well as the VNFs and The orchestration and you name it there is a piece of open source in there that can be integrated with In terms of own app, I mean Cisco participates in all you know all of these open source Activities, right? So this it's actually not the case of its own app or Cisco It's actually have the collaboration to build the best Essentially, right? Just from the technical perspective some of the things that we do when we get feedback from the open source community is we need We look at what is the standard or the new standard being put forward And we tried to either align with them on our roadmap But we just need to keep in mind that the project to started probably Later than when we started VMS. This has been an evolution So there is going to be a point where we are going to have to converge technically on some aspects to Take the best of both worlds, but I think Some of the executives will be better Positioned to comment on what is that is going to happen at this point I think this is the best offer that we can provide Based on the current conditions and the current availability Okay We'll take one more quick one because we got to clear the room for the next presenters and I'll make it a quick follow-up you mentioned that You provide a lot of the layers for security including our back that the gentleman mentioned that that open stack does not provide Is this a solution that's probably going to be permanent in VMS? So do you see open stack at some point providing that later layer and Cisco stepping back and letting open stack do that So we do our own our back from the context of VMS. So at least we are Indirectly being a stopgap by no means we are replacing open stack We are always building on top of open stack if there is any new enhancement coming from open stack We will take advantage of them, but we'll never try to replace them Yes, I just want to follow up on that right so from an infrastructure or open stack point of view if you look at it There's a whole bunch of things that we do today in Cisco way in terms of the security measures password management, etc etc, etc But it doesn't stop right there. In fact, for example, Barbican is key store The key store project right so the ptl is from Cisco de macaw and So that's a clear example of standardizing things into open stack Rather than creating these snowflakes outside of it, right? It's totally unmanageable for everybody for the vendor as well as the customer and the community. So All right, yes, I think people are referring to the problem with Keystone having just as far last time I checked for roles per tenant like a member admin And to others and of course Service provider requires other roles like I don't know what IT administrator can do what HR can do and all that so it's it's missing, but Keystone has that roadmap I'm just that's a good. Thank you. Thank you Appreciate that. Thank you. Thanks everybody Norene Juan. Thank you very much Don't forget grab your runs on open stack running socks outstage, right? We've got another session coming up in just about 10 minutes networking across containers and VMs Thank you folks. Have a great afternoon. Thank you very much. Thank you. Stop by the Cisco booth There are via VIM and VMS demos going on at the Cisco booth