SlideShare ist ein Scribd-Unternehmen logo
1 von 89
Downloaden Sie, um offline zu lesen
Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1
Hosted Security as
a Service – Solution
Architecture and Design
Albra Welch – Security Solutions Architect, SBG
Michael Geller – Principal Engineer, CTAO
May 19, 2016
T-SP-30-I
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Objectives
• This session targets hosted security
services for Enterprises and Service
Providers
• Understand the impact of orchestration and
automation for hosted security
• Cool applications of elastic security
services delivered from the cloud
• Performance and scalability considerations
• Security services with NfV and SDN
• Future thinking applications of security
from the Cloud to YOUR network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Session Description
This session provides in depth discussion on cloud based security services leveraging
Cisco security solutions. This session is appropriate for service providers who are
interested in delivering managed security services to their customer from their cloud
infrastructure. We will provide detailed designs and guidance on:
• Cloud security services including FW, VPN, Web, Email and Routing services
• Architecture layers through influence of NfV and SDN
• Orchestration flexibility and options
• Day 0 and Day 1 provisioning
• Day 2 monitoring and reporting
OSS/BSS Integration
Service Intent
Orchestration
Security Services
Public IP Addresses
Public Internet
Local LAN
WSAv ESAv
ASAv and/or CSR1000v
CPE CPE
Managed Access
(IPSec VPN)
IPSec
VPN
IPSec
VPN
AnyConnect AnyConnect
UnManaged Access
(Remote Access VPN)
SSL
VPN
SSL
VPN
Amazon Salesforce
Internet Sites
IP
Connectivity
IP
Connectivity
Internet - Public IP Address Space
Public IP Addresses
DDoSaaSIDaaSESaaSWSaaSIPSaaSFWaaSVPNaaS
Security as a Service Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
IT Transformation
More devices and more apps mean the attack surface has
increased, and attack tools are evolving too
Do more with less
Users will get stuff done any way they can
The hardware we use has never changed so fast
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
MSSP Market Segmentation
Source: Frost and Sullivan, Global Managed Security Services Market, March 2015
SAMM
(Security Asset Monitoring
and Management)
Managed Security
Services
TRIDR
(Threat Research, Intelligence,
Detection and Remediation)
RCM
(Risk and Compliance
Management)
AEM
(Advanced and
Emerging MSS)
Computer Premises
Equipment
(CPE)-based SAMM
Hosted SAMM
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Where Do Managed Security Services Live?
Public
AWS, Google, Azure, etc
Private
(SP Infrastructure)
Hybrid
Mix of Public and Private
Seamless End-to-End Experiences, Cross Workload Size and Type
Required Regardless of App, Service or Environment; Secure Flexibility Critical Requirement
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Evolution of Managed Security Services
Premise to Cloud
CloudHybridCPE Managed
CPE
SP
IPS WEB EMAIL MALWARE CONTEXT
W W W
NGFW VPN IPS WEB EMAIL MALWARE CONTEXT
SWITCHING NAT DHCP AP VOICE ROUTING
W W W
SWITCHING AP VOICE
SWITCHING AP VOICEROUTING
NAT DHCP NGFW VPN
NGF
W
VP
N
IPS WE
B
EMAI
L
MALWAR
E
CONTEX
T
W W W
NAT DHCP ROUTING
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cloud Based Security Service Offerings
SaaS or Hosted
Cisco Managed Security Cloud SP Hosted Security Cloud
VPN, FW, NGFW, NGIPS, AMP,
Web Security, Email Security
as a Service
NGFW VPN IPS WEB
EMAIL MALWARE CONTEXT
W W W
Cloud Web Security (CWS)
Cloud Email Security (CES)
WEB EMAIL
W W W
Pre-Packaged NFV Security
Service Bundles (vMS)
A La Carte Hosted Security as
a Services (HSS)
SP/MSSP Resell
to Enterprises
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Comparison of Cloud-Based Security Service Offerings
Attribute
Solutions for SP Managed Security Cloud Cisco Managed Security
Cloud ServicesHSS vMS (e.g. Cloud VPN)
Services Flexible A la Carte Security Services:
VPN, Firewall, Web Security, Email
Security or any combination bundles
Pre-Packaged NFV Security Services:
Cloud VPN, Cloud VPN + Web Security
SaaS: Web Security or Email Security
Delivery Model SP hosted within a virtual private cloud SP Hosted within a virtual private cloud Public Cloud – Cisco hosted
SP acts as a reseller or MSSP
Pricing Model SP price per bandwidth usage with per
user add-on
SP price per bandwidth usage with per
user add-on
Price per user
SP CapEx Costs Infrastructure + security software +
orchestration
Infrastructure + Security software +
orchestration
None
SP OpEx Costs Yes. Data center operation + service
operation
Yes. Data center operation + service
operation
Reduced
Reporting / log data Owned by SP, stays at SP DC Owned by SP, stays at SP DC Centralized in Cisco Cloud/Local log
Orchestration /
Management
With third-party tools (e.g. Ubiqube) Cisco Tail-F orchestration, with NFV
service chaining
Cisco turnkey service. Transparent to SP
Cloud Platform Cisco VMDC/VSA, VMware Openstack with KVM Transparent to SP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
$0
$2
$4
$6
$8
$10
$12
$14
CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 CY18 CY19
Revenue(US$Billions)
Worldwide Cloud-Based Service
Revenue Share by Technology
Content security Managed firewalls Other security services
DDoS mitigation IDS/IPS
$7.2B
Market Opportunity
Cloud Service Delivery Shows Higher Growth, but CPE Based Still Growing
© 2015 IHS / Infonetics Research: Cloud and CPE Managed Security Services Market Size and Forecasts; March 2015
$0
$2
$4
$6
$8
$10
$12
CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 CY18 CY19
Revenue(US$Billions)
Worldwide CPE-Based Service
Revenue Share by Technology
Content security Managed firewalls
Other security services DDoS mitigation
IDS/IPS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Technical Drivers and Challenges
Driver Challenge
Scalability Scale to support increasingly large numbers of transactions and sites
Sizing capacity planning Challenges in sizing the service delivery platform, virtual CPE platforms
Pay as you grow solution High cost / upfront investment impact on service ROI
Ease of deployment and service agility Complexity limits service adoption and the addressable market
Ease of operation
Implementing a set of management solutions that require that service operation
people perform complex and frustrating task using disparate management systems
Business and technical view Business focused reporting versus technical oriented
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Service Needs
Category Requirement
Management Multi-Tenant / Multi-Role / API for integration with existing SP OSS/BSS tools
Customer Web Portal Customer self service portal for service monitoring and self care change management
Hardware Low CapEx / OpEx integrated solution
Bandwidth Up to multi-Gb per customer tenant
Malware / Anti-Virus Update In-Service upgrades without service interruption
Performance Monitoring Monitor traffic profile and virtual appliance health for capacity planning purpose
Security Policy Management Centralized management of security policies
Virtualization Solution must be available as virtual appliance for private and public cloud deployment
Data Retention Service management platform need to support data retention policies
Security Event and
Incident Management
Centralized event and incident management
Security Reporting Custom security reports for security appliances
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Cisco Business Case Modeling
to Predict ROI, TCO, Profit
Market segments (Tenant) input parameters Business and system input parameters Service pricing
Service provider revenue and profit
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Focus of Service Creation Team
Service Discovery and Service Creation Workshops
Part of the Wider Process of Building Services
Service
Portfolio
Country
Planning
Service
Discovery
Workshop
Per
Service
Exec sponsorship
SC Workshop
Partner Selection
Solution Design
Operation and
Service Delivery
Marketing Plan Marketing
Sales Enablement
Sales
Engagement
Business Case
Partner
Qualification
Service Development Lifecycle
Cisco leads
Joint CSP and Cisco
CSP or Cisco AS leads
Proposal
Cloud Service
Market and Sell
Cloud Service
Build
Cloud Service
Envision
Cloud Service
Discovery
Identify/Qualify
the Opportunity
Stages
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Cisco Security Vision and Strategy
Covering the Entire Attack Continuum
DDoS Visibility / Mitigation Services
Firewall NGFW
Secure Access + Identity Services
VPNUTM NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Malware Sandboxing
Vulnerability Assessment
Attack Continuum
Before
Control
Enforce
Harden
After
Scope
Contain
Remediate
Detect
Block
Defend
During
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Security as a Service Architecture
Hypervisor
Compute
Storage
FWaaS
WSaaS
ESaaS
Tenant 1
NGFW/IPSaaS
VPNaaS
IDaaS
Tenant 2
FWaaS
DDoSaaS
Tenant 3
Policy Analytics Reporting
Security Service Examples:
FWaaS – Firewall as a Service
VPNaaS – Virtual Private Networking as a Service
NGFW/IPSaaS – Next Generation Firewall
and Intrusion Prevention System as a Service
WSaaS – Web Security as a Service
ESaaS – Email Security as a Service
IDaaS – Identity as a Service
DDoSaaS –Distributed Denial of Service
Mitigation as a Service
ORCH.LAYER
SERVICES LAYER
INFRA-STRUCTURE
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Firewall as a Service: FW-aaS
Centralized Management and Reporting
ASAv or CSR1000v
Firewall Support
• Stateful inspection
• Application inspection
• Network address translation
• Encrypted traffic inspection
• Protocol inspection
Advanced Firewall
• Identity-aware policy
enforcement
• Malware traffic detection
and blocking
• Botnet traffic filter
• Voice and video security
Per throughput
and per feature
service pricing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Firewall-aaS Tiers Example
Feature Category
Service Tiers
Bronze Silver Gold
NAT Address Translation
Stateful Inspection
High Availability
Advanced Management









BEFORE DURING AFTER
 Included
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Firewall-aaS Tiers Example
Category Feature
Service Tiers
Bronze Silver Gold
Network Address Translation NAT/PAT   
Stateful Inspection
L3 firewall   
Transparent firewall
Proxy authentication  
Application hosting private zone
Application control (IM, peer to peer)
Voice security support
High Availability
Within SP data center  
Between SP data centers
Management
Customer self service portal  
Streamlined management 
Auto generated reporting   
Custom reporting 
Data log retention (1 month)   
Extended data log retention (>1 month) 
… …
……
… …
… …
… …
 Included
… Option
Reference
Slide
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
VPN as a Service: VPN-aaS
Centralized Management and Reporting
ASAv or CSR1000v
Per
throughput
per user
service
pricing
VPN Services
• Site-to-site VPN
through Internet FW
VPN Services
•Remote access VPN
• IPSec, SSL VPN
• Session persistence
(always on VPN)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
VPNaaS Tiers Example
Feature Category
Service Tiers
Bronze Silver Gold
Customer Site to Cloud IPSec VPN Service
Remote Access VPN
High Availability
Advanced Management









 Included
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
VPNaaS Tiers Example
Category Feature
Service Tiers
Bronze Silver Gold
Customer Site to Cloud IPSec VPN Service
Support for multiple crypto policies (DES, 3DES, AES …)   
Pre-shared key VPN authentication   
Digital certificate VPN authentication
Multiple class of services / traffic prioritization policies  
Remote Access VPN
IPSec based remote access VPN   
Client-less SSL remote access VPN   
Client-based SSL remote access VPN
Authentication integration with enterprise's radius, LDAP, AD servers
Basis authentication (username and password based)   
Strong authentication / Token based authentication
Digital certificate based authentication
High Availability
Active / Passive within SP data center 
Active / Active within SP data center 
Active / Passive between SP data center
Active / Active between SP data center
Management
Customer self service portal  
Streamlined management 
Auto generated reporting   
Custom reporting 
Data log retention (1 month)   
Extended data log retention (> 1 month) 
… …
… …
… …
… …
… …
…
…
Reference
Slide
 Included
…Option
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Web Security as a Service: WS-aaS
Centralized Management and Reporting
WSAV
• Anti-Malware protection
• Web content analysis
• Web usage controls
• Application visibility
• Bi-Directional control
Per user
pricing
model
driven by
features
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Web Security-aaS Tiers Example
Feature Category
Service Tiers
Bronze Silver Gold
Real Time Threat Protection Services
Acceptable Use Services
Policy Control
High Availability
Advanced Management











 Included
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Web Security-aaS Tiers Example
Category Feature
Service Tiers
Bronze Silver Gold
Real Time Threat Protection Services
Web reputation filtering   
Malware scanning   
Acceptable Use Services
Web URL monitoring by category  
Web URL filtering (blocking)
Web application monitoring 
Web application control
SaaS access control
Transparent user authentication
Advanced Malware Protection 
Policy Control
Granular access and control policies 
Remote access user control policies
High Availability
Within SP data center  
Between SP data centers
Management
Customer self service portal  
Streamlined management   
Auto generated reporting 
Custom reporting 
Data log retention (>1 month)   
Extended data log retention (>month)
… …
…
…
…
…
……
……
……
Reference
Slide
 Included
…Option
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Email Security as a Service: ES-aaS
Inbound and Outbound Security Control
ESAV
Inbound
Security
Virus and
Malware
Defense
Spam
Defense
Data Loss
Prevention
Secure
Messaging
(Encryption)
Outbound
Control
Centralized Management and Reporting
Per user
pricing model
driven by
features
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Email Security-aaS Tiers Example
Feature Category
Service Tiers
Bronze Silver Gold
Inbound Email Protection
Outbound Email Protection
Policy Control
High Availability
Advanced Management
 Included
BEFORE DURING AFTER











© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Email Security-aaS Tiers Example
Category Feature
Service Tiers
Bronze Silver Gold
Inbound Email Protection
Reputation scoring and SMTP blocking   
Anti-spam   
Outbreak filters, Sophos anti-virus  
Inbound email content filtering 
Quarantine
Advanced Malware Protection 
Outbound Email Protection
Anti-virus 
Outbound email content filtering 
Integrated RSA data loss prevention
DLP RSA enterprise manager integration (enterprise provided)
Large volume
Quarantine
Policy Control
Granular policy control
Roaming users protection
High Availability
Within SP data center  
Between SP data centers 
Management
Self service portal  
Streamlined management 
Auto generated reporting   
Custom reporting option 
Data log retention (1 month)   
Extended data log retention (> 1 month)
… …
…
…
…
…
……
…
… …
……
Reference
Slide
 Included
…Option
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
NGFW/IPSaaS Tiers Example
Feature Category
Service Tiers
Bronze Silver Gold
Application Visibility and Control (NGFW)
Threat Protection (NGIPS)
High Availability
Advanced Management









 Included
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Category Feature
Service Tiers
Bronze Silver Gold
Application Visibility and Control (NGFW)
Network, user and application discovery   
Application traffic filtering  
URL filtering 
File blocking (block xyz file type) 
Threat Protection (NGIPS)
IPS Basic Threat Protection Services (SNORT signatures)   
IPS premium security signatures and content   
Security intelligence feeds 
AMP (Advanced Malware Protection – disposition from the cloud/policy) 
High Availability
Configurable “fail open” – Appliance only 
“Fastpath” and Trust Rules – Exclude/Include velocity 
Management
Streamline management  
IPS signature update   
Advanced/Custom reporting 
Automated policy tuning – Advanced/Custom policy tuning 
Event correlation – Customized event correlation services  
Impact analysis 
…
NGFW/IPSaaS Tiers Example
Reference
Slide
 Included
…Option
BEFORE DURING AFTER
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Hosted Security as a Service (HSS)
• Enables Cisco partners to deliver security services from their
Cloud infrastructure or as a managed private cloud offering
• Cisco’s virtual security appliance product (ESAV, WSAV, ASAV,
CSR1000v, …) and third party products
• Comprehensive management system using UBIqube
as a security domain manager
• Fulfillment
• Assurance
• Northbound API for integrating with Cloud Orchestration Solutions
• Solution supported with IaaS solutions: VMDC 2.3 and VSA 1.0
• Platform based on Cisco Unified Computing System (UCS)
• Flexible deployment models
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Orchestration Layer
Services Layer
Infrastructure
HSS Architecture
• Delivered from service provider’s
infrastructure
• UBIqube MSActivator used as the
Security Domain Manager
• Orchestration SW interfaces with native
appliance configuration mechanisms
• All customer data lives inside the SP
Cloud environment
• Security on virtual form factor
available today
VMware ESXi
Cisco UCS
Storage
WSAv
WSAv
ASAv
Tenant 1
ESAv
WSAv
ASAv
Tenant 2
ESAv
CSR1Kv
Tenant 3
Policy Analytics Reporting
SP existing
orchestration,
reporting, billing
infrastructure
• Provisioning API
• Reporting API
• Billing API
Multi-Tenant
Security
Appliance
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
ASR9000 Global
Tenant 1 Site
AD DNS
MS Exchange
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Tenant 1 Private Zone Tenant 1 DMZ Zone
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi0/6 gi0/7
gi0/5
mgmt0/0
gi0/2
gi0/3 gi0/4
WSAv ESAv
VSA 1.0 Expanded Gold Container
ASAv, WSAV, ESAV
ASAv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi0/1
Tenant 1 Mobile
Worker
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
ASR9000
Nexus 5000/7000/9000
L2 Fabric
ASA5585X
VSA 1.0 Expanded Gold Container
CSR1Kv, WSAV, ESAV
Global
UBIqube
vCenterM1
M1
Customer VRF
Virtual Machine on UCSInternet
gi6 gi7
gi5
gi8
gi2
gi3 gi4
Tenant 1 Expanded Gold Container
WSAv ESAv
CSR1Kv
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
gi1
P1
Tenant 1 Mobile
Worker
Tenant 1 Site
AD DNS
MS Exchange
MPLS VPN or
IPSec VPN
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
ASR9000 GlobalCustomer VRF
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi6 gi7
gi5
gi8
ESAv
CSR1Kv
Tenant 1 Expanded Gold Container
VSA 1.0 Expanded Gold Container
CSR1Kv, ASAv, WSAV, ESAV
gi0/2
gi0/3
gi0/4
WSAv
ASAV
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
Note: Not showing redundant notes
gi1
gi0/5
P1
mgmt0/0
Tenant 1 Mobile
Worker
Tenant 1 Site
AD DNS
MS Exchange
MPLS VPN or
IPSec VPN
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
ASR9000 Global
Tenant 1 Site
AD DNS
MS Exchange
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi0/6 gi0/7
gi0/5
mgmt0/0
gi0/2
gi0/3 gi0/4
WSAv ESAv
VSA 1.0 Expanded Gold Container
Customer Hosted Email Inbound Flow
ASAv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi0/1
Tenant 1 Mobile
Worker
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
ASR9000 Global
Tenant 1 Site
AD DNS
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi0/6 gi0/7
gi0/5
mgmt0/0
gi0/2
gi0/3 gi0/4
WSAv ESAv
VSA 1.0 Expanded Gold Container
SP Hosted Email Inbound Flow
ASAv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi0/1
Tenant 1 Mobile
Worker
MS Exchange
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
ASR9000 Global
Tenant 1 Site
AD DNS
MS Exchange
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi0/6 gi0/7
gi0/5
mgmt0/0
gi0/2
gi0/3 gi0/4
WSAv ESAv
VSA 1.0 Expanded Gold Container
ASAv Web traffic flow – Explicit Proxy
ASAv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi0/1
Tenant 1 Mobile
WorkerWSAv is setup as the web proxy
on user’s endpoint
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
ASR9000 Global
Tenant 1 Site
AD DNS
MS Exchange
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi0/6 gi0/7
gi0/5
mgmt0/0
gi0/2
gi0/3 gi0/4
WSAv ESAv
VSA 1.0 Expanded Gold Container
ASAv Web traffic flow – Transparent Redirection with Policy Based Routing
ASAv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi0/1
Tenant 1 Mobile
Worker
Policy Based Routing in ASAv
provides transparent redirection
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
ASR9000 Global
Tenant 1 Site
AD DNS
MS Exchange
Customer VRF
MPLS VPN or
IPSec VPN
Internet
Global
Nexus 5000/7000/9000
L2 Fabric
UBIqube
vCenter
ASA5585X
M1
M1
gi6 gi7
gi5
gi8
gi2
gi3 gi4
WSAv ESAv
VSA 1.0 Expanded Gold Container
CSR1Kv Web traffic flow – Transparent Redirection with WCCP
CSR1Kv
Tenant 1 Expanded Gold Container
Virtual Machine on UCS
Shared Transit VLAN
Per-Tenant VLAN
Note: Not showing redundant notes
P1
gi1
Tenant 1 Mobile
Worker
WCCP in CSR1Kv provides
transparent redirection
Tenant 1 Private Zone Tenant 1 DMZ Zone
SP Management Zone
Private
Tier 1
VMs
Private
Tier 2
VMs
Private
Tier 3
VMs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
HSS VSA 1.0 Components
HSS Components Version Required/Recommended/Optional
ASAv 9.52(204) Required
WSAV 9-0-1-162 Required
ESAV 9-7-1-066 Required
AnyConnect 4.2 Required
UBIqube MSActivator 15.3.2 Recommended
Virtual Services Architecture 1.0 Recommended
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
VSA 1.0 Expanded Gold Container
VSA 1.0 Component Version
HSS
Required/Recommended/Optional
Unified Computing System (UCS) B-Series 2.2(3d) UCS B or C Required
UCS C-Series 1.5(1f) UCS B or C Required
ASR 9000 IOS XE 5.1.2 Cisco 7600/ASR 1000/ASR 9000 Recommended
Nexus 7000 NX-OS 6.2(2) Nexus 7000/Nexus 9000 Recommended
Nexus 5000 NX-OS 6.0(2)N2(6) Recommended
UCS 6200 NX-OS 5.2(3)N2(2.23g) Recommended
NetApp FAS8020 ONTAP 8.1
NetApp, EMC or VMware virtual SAN
Recommended
VMware vSphere 5.5.0 Build 1623387 Required
VMware vCenter 5.5.0 Build 2183111 Required
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Customer Site
AD DNS
ASR1006Customer VRF
MS Exchange
Global
VMDC 2.3 Expanded Gold Container
Nexus 7004
ASA5555
ASA5585X
Customer PVT
Outside VRF
Customer PVT
Inside VRF
Global
Customer
DMZ VRF
Remote
Access
VPN
Customer
Private Context
ASA5585X
Customer DMZ Context
Customer Private
Context
UCS
Citrix/F5
UCS
UCS
Citrix/F5 Citrix/F5
UBIqubeESAV
vCenterESAV
M1
WSAV
M1
UCS
M1
M1
UCS
ASA5585X
UCS
WSAV
VM
VM
VM
VM VM
VM
* Not showing redundant notes
Shared Transit VLAN
Per-Tenant VLAN
Private Zone 3 VLANs DMZ 2 - 1 VLANDMZ 1 - 1 VLAN
SP Management
MPLS
VPN Internet
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 49
HSS Security Domain
Management
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Sales Presence in Europe, USA, ME, Far East, India
Partners: Network and security vendors, OSS vendors, MSPs
Customers: Service Providers, Enterprise (multivendor IT security management)
MSActivatorTM = Automated Device configuration and Service orchestration framework
Any device, Any service, Any vendor
UBIqube is a privately funded Network Software specialist
About UBIqube
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
HSS Security Domain Manager – UBIqube MSActivator
Southbound Interface
SSH SNMPTELNET SyslogHTTP OpenflowFTP
OBMF Mediation Layer
Netflow TR069
Web Portal GUI
Service
Profiles
Service Designer
Templates
and Objects
3rd Party OSS/BSS
Web Services
Verbs and Web Services API, Order Stack Management
Device Adaptor
Update Conf Restore Conf
Get Asset Update Firmware
Device Adaptor (SDK)
Update Conf Restore Conf
Get Asset Update Firmware
VOIP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
MSActivator Adaptable Framework
SDK for Adapting/creating new function over the
MSA framework (analytics, services, etc.)
(Web based object editor, central repository,
couple of days per service)
SDK for integrating new devices (physical and
virtual)/vendors (syntax) and protocols over the
MSA framework (php based, couple of weeks
per vendor)
Service Provider Third Party Tool Service
Designer
Service Orchestrator
Northbound API
Network
Provisioning
Security
Policy
Provisioning
VIP
Provisioning
Cloud
Provisioning
Service Designs SDK
OBMFTM
Core Engine
Adaptor SDKPhysical Device Adaptor Virtual Device Adaptor
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
MSA Features Highlighted
Platform Mediation Portal
• Telco grade scalability
• Modular building blocks
• Multi vendor
• Multi-Tenant (RBAC)
• Highly abstracted
provisioning
• Day 0 (ZTD) to Day 2
change management
• Brown field deployment
• Comprehensive APIs
• Flexible Platform via
open SDK
• Auto Order -> Activation
• Network and Services
inventory
• Big Data Analytics
• Customer self service
• Network operation center
• Partitioned views
• Enable remediation by lower
skilled operators
• Customizable by language,
look and feel
• Centralized control and
workflow automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Multi-Tenant – Multi-Roles
Privileged Administrator (ncroot)
Administrator A Administrator B Administrator CTenants
Customer
Site
Devices
Privileged Manager PM1
Manager M1 Manager M2
Customer Wells Fargo Customer ABC Tech
Site1 Site2 Site1 Site4
Operator ABC Operator DEF
Privileged Manager PM2
Customer YTT Corp
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Securing the Application Delivery
• Security is all about two concepts: Visibility & Control
• Threats are mitigated as close to the source as possible
• Security services are dynamically chained together and instantiated to form a service chain to mitigate
a specific threat and/or to provide a managed security service on distributed compute resources
• Threat defense provides a distributed capability to mitigate threats – targeted at the network,
the Data Center, the Cloud and the applications that they serve
Endpoints and Customer
Premises Equipment
Service
Provider
Data Center
and Cloud
SP Virtualized
Network
Edge
Private Cloud
Internet and
Intercloud
Public and
Partner Cloud
Cable or DSL
Enterprise
Mobility
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
CPE
Device
CPE
Device
Orchestration Layer
Network Service Lifecycle Mgmt
Network Layer
Control and Data Planes
• Service models
• Soft-real time service to
device mappings
• Event driven
• Creation of cloud devices
• Discovery of devices
• Network topology
• Physical devices
• Virtual devices
• Service immediacy and speed
• Freedom of choice, service customization
• Personalized experience, user in charge
• Consumption based economics
• Bring your own device, craft your own design
Goal Defined
• Automated service delivery simplicity and efficiency (“IT-less”)
• Automated service creation, high cadence of new services
• Self-service creation and reporting
• Elasticity of network and compute resources
• Open architecture, extensibility
Goal Realised
Background
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Evolution of Managed Services – Premise to Cloud
Customer
Premise
Cloud
(SP Hosted)
Network Functions from the Cloud
Network Functions on the CPENetwork Functions
Virtual Network
Functions
Network
(Connect
Premise to Cloud)
Secure IP Overlays MPLS (L2/L3) Carrier Ethernet Intelligent / Hybrid
Cisco Cloud SP Private Cloud
Cisco Cloud Virtual Private Cloud Public Cloud
Cloud
Application
Containers
Applications
from the Cloud
SP Hosted Cloud
Cloud
(SP Hosted or
Public Cloud)
L3 “classic” L2 NIDL3 CPE + x86 on
premise
Simple L3 CPEx86 on premise
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Virtual Managed Services
Common Software Elements - Flexible Network Access Models
Common Service Orchestration and Automation Consistent Portal and Service Dashboard Instrumentation
vRouter vFirewall
vWSA
Cloud VPN Cloud IWAN
Remote Access
vRouter WaaS
AVC PfR
Branch Offices
Private
Cloud
Public
Cloud
Internet
HQ
Dedicated
internet
Business Locations
Private
Cloud
Public
Cloud
HQ
Secure
Broadband
Service
Provider
Cloud
Internet
Secure
MPLS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Customer Experience in Brief
Order / Customize
Your Services
1
CPE ships (if needed)2
CPE is connected
(if needed)
3
Orchestration
occurs
automatically
4
10.12.162.x
Internet
Customer
VPN
Service is up and running
Service
Provider
Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
vMS Value-Adds
Developing Managed Services on Platform
• A Service Blueprint is an abstract representation of a service
that can be ordered through the UI or NB API
• Every Service Blueprint is associated with a given
Service Offering
A ‘Function Pack’ is the components needed to instantiate a given
service request
• Service topology, written in Yang, modeling the “Intent” to
instantiate a particular service offering
A Service API is exposed from the Virto Model northbound (automatically
created at compile time)
A Service Request is the user calling the model with defined variables
according to the service
• The orchestrator is already aware of all Service Models that
may be requested and these are preloaded into the
Orchestrator
Service Request
Service API
Compiled
Infrastructure
Service Topology
Model (Virto)
Instantiation Logic
Device Models
Function Pack
Device Drivers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
CSR ASAv WSAv VTF (DC Overlay)
SDN ControllerOVS (DC Overlay)VNFs
vMS Orchestration Component Mapping
NSO Orchestrator
(VNF-O)
ESC
(VNF-M)
OpenStack
Service APIs
Operator Portal
Physical ISR
OSS/BSS
Customer Facing Services
Resource Facing Services
SSHSSH
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
End User Portal
Exposing Service Blueprints to the Operator
• The Orchestration Process can be kicked off
through a Portal
• The Portal is aware of different Service
Blueprints that can be exposed to
an operator
• The values that are selected in the Service
Selection process result in the subsequent
API call into NSO
• The portal was developed with 2 Modules
• Front-End: Skinned to the Customer’s Requirements
• Back-end: Modified to support the Service
Blueprints that can be orchestrated
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
vMS VNF-O; NSO from Tail-F
PnP Server
Transaction
Database
(CDB)
Open PnP
Service Manager
Device Manager
Network Element
Drivers
x86ISR Virtual
Service Intent Service Intent Service Intent
Zero Touch Deployment
(ZTD)
Open Method for
ZTD Access
Transactional Datcapabilities
abase Allows full CRUD
to Services
Service Manager Interprets
Service Intent with Service
Instantiation Rules and
derives configuration deltas
Device Manager manages derived
and validated configurations in a
transaction manner towards derived
infrastructure
Network Element Drivers Abstract
the interfaces to the devices
allowing 3rd party infrastructure to
participate in Service Instantiation
Service Models written in
Yang Abstract Service from
underlying physical devices
Domain Controller
Rest/NetConf/Yang
NSO
Mapping
ControllerMaps the Service Intent
to the Derived Device
Topology. Known as
“Fastmap”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
vMS VNF-M; Elastic Service Controller
Rules Engine
Service Monitor
Custom
DHCP
SNMP
Ganglia
Service
Provisioning
Scale
Up/Down
Elasticity
Custom
Day 0 Config
VM Provisioning and
Configuration Module
VNS Bring-up & Initial
Configuration Application.
Multi-vendor Support
Allows Modular
Communication with NSO.
Data Model Driven
Affinity Rules and Scale
Requirements for the VNF
components. Also manages
the startup sequences
ESC uses
multidimensional
approach to VNF
Monitoring/Restartability
Programmable Interface to ESC
allows Functional Interaction to
ESC Subcomponents
Elastic Services
Controller (ESC)
NSO
API Confd
Public Clouds
Open Stack
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
VNFVNF
vMS VIM; OpenStack, OVS, and SDN Controller
• OVS will be supported by ODL in coming release
• Common Neutron Plugin gives upgrade path on SDN Controller
Nova
OVS Plugin
Neutron
Port
OVS
ODL Plugin
ODL Controller
Image Management
ML2
Plugins
PortPort
PortPortPort
MGMT
External
InternalEdge
Network
Internet
VNF
PortPortPort
NSO
Management
VNF
Port
VPP
PortPort
PortPortPort
MGMT
External
Internal
Internet
VNF
PortPortPort
ESC
NSO
Model Driven
(MDSAL)Network
Management
Edge
Network
Confd
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 67
vMS Use Cases and
Its Service Topologies
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
vMS Release 2.0: Delivering Comprehensive Cloud
VPN Services
CPE
Cust-A
CPE
Cust-A
CPE
Cust-B
ASA
Over The Top
Access
Flex-VPN
Internet
VR
VR ASA
CPE
Cust-C
CPE
Cust-C
NSO – NFV Orchestrator
Cloud VPN Services
• 3 Service Models for Enterprise deployment
flexibility:
• CloudVPN Foundation
• CloudVPN Advanced
• CloudVPN Advanced w/Web Security
• vIPS option for both Advanced and Advanced
w/Web Security
• CSR1Kv: Virtual Router for Site-to-Site VPN with
Secure IP Overlay using FlexVPN/IKEv2 for IPSec
Tunnels
• ASAv: vFW with NAT and Policy (*)
• ASAv: vFW with IPSec/SSL Remote Access (*)
• WSAv for Enhanced Web Security (*)
Management and Orchestration
• Enterprise Admin Service Interface (Portal) driven
service instantiation
• Zero-Touch Deployment of enterprise CPE (ISR G2)
• Model driven Network Services lifecycle
management with Network Service Orchestrator
(NSO) from Tail-f
• VNF lifecycle management with Elastic Services
Controller (ESC)
• Virtual Infrastructure Management with Openstack
featuring: OVS and ODL/VPP as SDN Controllers
Advanced
VR
Foundation
CPE
Cust-B
ESC – VNF Manager
WSA∂
∂
∂
Advanced w/Web Security
PnP RFS VirTo RFS
API
CPE Managed
Orchestration Link
Foundation Service
Direct Internet Access via
“Split Tunnel”
Access Model:
Flex-VPN Links
IPSEC VPN
Service Access
vRouter
Internet Access/
Remote Access
Openstack – Virtual Infrastructure Manager
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
G2 & 4000
Series
VPNCPE
ISR 800, 1900,
2900, 3900, 4000
Series
Managed
WAN
Managed
Security
vMS Services
Branch
Branch
vRouter
(CSR1Kv)
CloudVPN
(IPSec)
Branch
Branch
MPLS VPN
(MPLS)
Firewall
(ASAv)
Web Security
(WSAv)
Remote Access
Internet
CPE
Branch
Headquarters
IWAN
Internet
(IPSec)
MPLS VPN
(MPLS)
Internet
DMVPN
MPLS
DMVPN
IWAN
(BR/MC)
vMS on CIS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Cisco Intelligent WAN
Solution Components for SPs
Intelligent
Path Control
Load Balancing
Policy-Based Path Selection
Network Availability
Secure
Connectivity
Scalable, Strong Encryption
App-Aware Threat Defense
Cloud Web Security
Application
Optimization
Application Visibility
App Acceleration
Intelligent Caching
Hybrid WAN
Application-Centric Design
Common Operational Model
Deployment Flexibility
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
vMS Components for IWAN
NSO Orchestration
Service Assurance
Operator Views
CFS (Ordering Experience)
Identity Management for SSO
Portal for Network
Visualization
Living Objects for
Network/App/
Perf View
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
Hybrid WAN: Leveraging the Internet
Secure WAN Transport and Internet Access
• Secure WAN transport for private
and virtual private cloud access
• Leverage local Internet path for
public cloud and Internet access
• Increased WAN transport capacity; and
cost effectiveness
• Improve application performance
(right flows to right places)
Branch
Secure WAN Transport
Direct Internet Access
Virtual
Private Cloud
Public
Cloud
Private
Cloud
MPLS (IP-VPN)
Internet
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
Operator
View
Each vMS Use Case Has Orchestration,
Portal and Assurance Components
Service Name:
Cloud VPN service
• Portal implements the ordering
and self-service management UI
as well as APIs
• Service provisioning and service
change are performed
by Orchestration
• Health, metrics and consumption
data is provided by Assurance
Customer
View
Example
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 74
Leveraging
Microservices in vMS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
What Are Microservices?
• Each microservice is relatively small
• Easier for a developer to understand
• The web container starts faster, which makes developers more
productive, and speeds up deployments
• Each service can be deployed independently of other services - easier to
deploy new versions of services frequently
• Easier to scale development. Each team is responsible a single service
• Improved fault isolation. For example, if there is a memory leak in one
service then only that service will be affected
• Each service can be developed and deployed independently
• Eliminates any long-term commitment to a technology stack
http://microservices.io/patterns/microservices.html
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
Consume
Microservices Enable Architecture Extensibility
in vMS Portal
Consume’
(based on Python)
Register
Recommendation
Service
(based on C++)
Register
• Scale up a service
• Replace a service
• Add a service
• Write a service in any language
• Inter-microservice
communications also go through
the API gateway
Custom App
Symphony UI
Identity
Management
Manage
Monitor
API Gateway
Example
Unregister
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
Front End
Back End
UX/UI
SP Fulfillment
SP Identity Provider
SP BSS
vMS
Log Aggregation
Common
Infrastructure Services
Identity/RBAC
Ticketing SP Helpdesk
OSS Analytics SP Assurance
vMS Services
Orchestration
Who is the SP
customer?
Is there any physical/
un-orchestrated fulfillment?
Product/offer definition, pricing,
subscription, and
customer billing
Your system for handling
customer support requests
Your data collection engine can
provide deeper insights for vMS
customers as well as operators
Designed for SP Environment but Works
Fully Standalone
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
vMS 2.0 Deployment Architecture
HTTP Load Balancer / Router
Identity Mgmt.
As a Service
Cloud Controller
HealthManager
ESC NCS
PaaS-based to deliver manageability, cloud native scalability and
resilience
API Gateway
Service Discovery
As a Service
Logs/Metrics
As a Service
Service Assurance
Cassandra /
Hadoop / Redis
As a Service
Micro-Services
Cloud Storage
Identity Mgmt.
As a Service
Service Discovery
As a Service
Logs/Metrics
As a Service
Identity Mgmt.
As a Service
Service Discovery
As a Service
Logs/Metrics
As a Service
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 80
Demo:
vMS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
CPE
ISR 800, 1900,
2900, 3900, 4000
Series
VPN Managed
WAN
Managed
Security
vMS Demonstration
Firewall
(ASAv)
Web Security
(WSAv)
Branch
Branch
vRouter
(CSR1Kv)
CloudVPN
(IPSec)
Internet
Remote Access
CIS: VMS on IaaS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture
• vMS: Architecture
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 83
Demo:
HSS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
Agenda
• Introduction
• The Hosted Security Service Architecture
• Architecture
• HSS: Architecture and Demonstration
• vMS: Architecture and Demonstration
• vMS: Demo
• HSS: Demo
• Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
OSS/BSS Integration
Service Intent
Orchestration
Security Services
Public IP Addresses
Public Internet
Local LAN
WSAv ESAv
ASAv and/or CSR1000v
CPE CPE
Managed Access
(IPSec VPN)
IPSec
VPN
IPSec
VPN
AnyConnect AnyConnect
UnManaged Access
(Remote Access VPN)
SSL
VPN
SSL
VPN
Amazon Salesforce
Internet Sites
IP
Connectivity
IP
Connectivity
Internet - Public IP Address Space
Public IP Addresses
DDoSaaSIDaaSESaaSWSaaSIPSaaSFWaaSVPNaaS
Security as a Service Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
Summary
• Lower cost due to virtualization
• Faster time to service delivery
(zero touch deployment, no truck roll),
due to virtualization and service
provisioning automation
• Operational simplicity due to
virtualization
• Easy upsell for multi-service strategy
for additional services and revenue
with no additional truck roll
• Value of multi-service strategy for
virtualized managed security services
and Cloud hosted services
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
References
• Hosted Security as a Service (HSS) Documentation
http://www.cisco.com/go/hss
• Virtual Managed Services (vMS) Documentation
http://www.cisco.com/go/vms
• Cisco Adaptive Security Virtual Appliance (ASAv)
http://www.cisco.com/c/en/us/support/security/virtual-
adaptive-security-appliance-firewall/tsd-products-
support-series-home.html
• Cisco Web Security Virtual Appliance (WSAV)
http://www.cisco.com/c/en/us/support/security/web-
security-virtual-appliance/tsd-products-support-series-
home.html
• Cisco Email Security Virtual Appliance (ESAV)
http://www.cisco.com/c/en/us/support/security/email-
security-virtual-appliance/tsd-products-support-series-
home.html
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
Thank you.
Hosted Security as a Service - Solution Architecture Design

Weitere ähnliche Inhalte

Was ist angesagt?

Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018   cloud and on premises collaboration security exp...Cisco Connect Halifax 2018   cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the NetworkCisco Canada
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018   Cisco dna - deeper diveCisco Connect Halifax 2018   Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Canada
 
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018   Cisco Spark hybrid services architectural designCisco Connect Halifax 2018   Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Canada
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018   Accelerating the secure digital business through...Cisco Connect Halifax 2018   Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Canada
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Canada
 
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et HyperflexCisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et HyperflexCisco Canada
 
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural Design
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural DesignCisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural Design
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural DesignCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Canada
 
Ottawa e-NFV Session
Ottawa e-NFV Session Ottawa e-NFV Session
Ottawa e-NFV Session Cisco Canada
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Canada
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud AdoptionCisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud AdoptionCisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Canada
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018   dc-aci-anywhereCisco Connect Toronto 2018   dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Canada
 

Was ist angesagt? (20)

Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018   cloud and on premises collaboration security exp...Cisco Connect Halifax 2018   cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018   Cisco dna - deeper diveCisco Connect Halifax 2018   Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
 
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018   Cisco Spark hybrid services architectural designCisco Connect Halifax 2018   Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018   Accelerating the secure digital business through...Cisco Connect Halifax 2018   Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et HyperflexCisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
 
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural Design
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural DesignCisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural Design
Cisco Connect Vancouver 2017 - Cisco Spark Hybrid Services Architectural Design
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dc
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
 
Ottawa e-NFV Session
Ottawa e-NFV Session Ottawa e-NFV Session
Ottawa e-NFV Session
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network Intuitive
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud AdoptionCisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex update
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018   dc-aci-anywhereCisco Connect Toronto 2018   dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
 

Andere mochten auch

IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A ServiceMichael Davis
 
How to avoid your website from keep getting hacked
How to avoid your website from keep getting hackedHow to avoid your website from keep getting hacked
How to avoid your website from keep getting hackedmounika k
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...Amazon Web Services
 
Security Service Management
Security Service ManagementSecurity Service Management
Security Service ManagementSakti Sumarna
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceGeorge Fares
 
Cyber Security as a Service
Cyber Security as a ServiceCyber Security as a Service
Cyber Security as a ServiceUS-Ignite
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
Elite Force Security Service Brief
Elite Force Security Service BriefElite Force Security Service Brief
Elite Force Security Service BriefNishongo Gangchil
 
Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?Javier Losa
 
Security as a Service = JSOC
Security as a Service = JSOCSecurity as a Service = JSOC
Security as a Service = JSOCSolar Security
 

Andere mochten auch (14)

IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
 
How to avoid your website from keep getting hacked
How to avoid your website from keep getting hackedHow to avoid your website from keep getting hacked
How to avoid your website from keep getting hacked
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AW...
 
Security Service Management
Security Service ManagementSecurity Service Management
Security Service Management
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Cyber Security as a Service
Cyber Security as a ServiceCyber Security as a Service
Cyber Security as a Service
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Elite Force Security Service Brief
Elite Force Security Service BriefElite Force Security Service Brief
Elite Force Security Service Brief
 
Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?
 
Security as a Service = JSOC
Security as a Service = JSOCSecurity as a Service = JSOC
Security as a Service = JSOC
 

Ähnlich wie Hosted Security as a Service - Solution Architecture Design

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
 
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...Indonesia Network Operators Group
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit kimw001
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Cumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaCumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaFelipe Lamus
 
Making Networks More Agile, Open, and Application Centric - Cisco Insights
Making Networks More Agile, Open, and Application Centric - Cisco InsightsMaking Networks More Agile, Open, and Application Centric - Cisco Insights
Making Networks More Agile, Open, and Application Centric - Cisco InsightsCisco Service Provider
 
Cisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 
Fostering the Evolution of Network Based Cloud Service Providers.
Fostering the Evolution of Network Based Cloud Service Providers.Fostering the Evolution of Network Based Cloud Service Providers.
Fostering the Evolution of Network Based Cloud Service Providers.Cisco Service Provider
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud worldLew Tucker
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Canada
 
Presentation cisco service oriented infrastructure
Presentation   cisco service oriented infrastructurePresentation   cisco service oriented infrastructure
Presentation cisco service oriented infrastructurexKinAnx
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Canada
 
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...Nur Shiqim Chok
 
DEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsDEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsAmazon Web Services
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)SDNRG ITB
 
Cisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application DeliveryCisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application DeliveryShashi Kiran
 
Cisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudCisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudLora O'Haver
 

Ähnlich wie Hosted Security as a Service - Solution Architecture Design (20)

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
 
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...
08 (IDNOG02) SP Transition to NG Infrastructure based on NFV Service Offering...
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Cumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaCumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America Latina
 
Making Networks More Agile, Open, and Application Centric - Cisco Insights
Making Networks More Agile, Open, and Application Centric - Cisco InsightsMaking Networks More Agile, Open, and Application Centric - Cisco Insights
Making Networks More Agile, Open, and Application Centric - Cisco Insights
 
Cisco Powered Presentation - For Customers
Cisco Powered Presentation - For CustomersCisco Powered Presentation - For Customers
Cisco Powered Presentation - For Customers
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
 
Fostering the Evolution of Network Based Cloud Service Providers.
Fostering the Evolution of Network Based Cloud Service Providers.Fostering the Evolution of Network Based Cloud Service Providers.
Fostering the Evolution of Network Based Cloud Service Providers.
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud world
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
Presentation cisco service oriented infrastructure
Presentation   cisco service oriented infrastructurePresentation   cisco service oriented infrastructure
Presentation cisco service oriented infrastructure
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
 
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...[Cisco Connect 2018 - Vietnam] Cisco connect 2018   sanjay - cisco sda v1.0-h...
[Cisco Connect 2018 - Vietnam] Cisco connect 2018 sanjay - cisco sda v1.0-h...
 
DEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsDEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS Extensions
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
Cisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application DeliveryCisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application Delivery
 
Cisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudCisco UCS for OpenStack Cloud
Cisco UCS for OpenStack Cloud
 

Mehr von Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018   iot demo kinetic frCisco connect montreal 2018   iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018   enterprise networks - say goodbye to vla nsCisco connect montreal 2018   enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018   compute v finalCisco connect montreal 2018   compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018   an introduction to Cisco kineticCisco Connect Toronto 2018   an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018  DevNet OverviewCisco Connect Toronto 2018  DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018  DNA assuranceCisco Connect Toronto 2018  DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018   network-slicingCisco Connect Toronto 2018   network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018   the intelligent network with cisco merakiCisco Connect Toronto 2018   the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018   sixty to zeroCisco Connect Toronto 2018   sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 

Mehr von Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018   iot demo kinetic frCisco connect montreal 2018   iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018   enterprise networks - say goodbye to vla nsCisco connect montreal 2018   enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018   compute v finalCisco connect montreal 2018   compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018   an introduction to Cisco kineticCisco Connect Toronto 2018   an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018  DevNet OverviewCisco Connect Toronto 2018  DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018  DNA assuranceCisco Connect Toronto 2018  DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018   network-slicingCisco Connect Toronto 2018   network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018   the intelligent network with cisco merakiCisco Connect Toronto 2018   the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018   sixty to zeroCisco Connect Toronto 2018   sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 

Kürzlich hochgeladen

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 

Kürzlich hochgeladen (20)

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 

Hosted Security as a Service - Solution Architecture Design

  • 1. Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1 Hosted Security as a Service – Solution Architecture and Design Albra Welch – Security Solutions Architect, SBG Michael Geller – Principal Engineer, CTAO May 19, 2016 T-SP-30-I
  • 2. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Objectives • This session targets hosted security services for Enterprises and Service Providers • Understand the impact of orchestration and automation for hosted security • Cool applications of elastic security services delivered from the cloud • Performance and scalability considerations • Security services with NfV and SDN • Future thinking applications of security from the Cloud to YOUR network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  • 5. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Session Description This session provides in depth discussion on cloud based security services leveraging Cisco security solutions. This session is appropriate for service providers who are interested in delivering managed security services to their customer from their cloud infrastructure. We will provide detailed designs and guidance on: • Cloud security services including FW, VPN, Web, Email and Routing services • Architecture layers through influence of NfV and SDN • Orchestration flexibility and options • Day 0 and Day 1 provisioning • Day 2 monitoring and reporting
  • 6. OSS/BSS Integration Service Intent Orchestration Security Services Public IP Addresses Public Internet Local LAN WSAv ESAv ASAv and/or CSR1000v CPE CPE Managed Access (IPSec VPN) IPSec VPN IPSec VPN AnyConnect AnyConnect UnManaged Access (Remote Access VPN) SSL VPN SSL VPN Amazon Salesforce Internet Sites IP Connectivity IP Connectivity Internet - Public IP Address Space Public IP Addresses DDoSaaSIDaaSESaaSWSaaSIPSaaSFWaaSVPNaaS Security as a Service Architecture
  • 7. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 IT Transformation More devices and more apps mean the attack surface has increased, and attack tools are evolving too Do more with less Users will get stuff done any way they can The hardware we use has never changed so fast
  • 8. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 MSSP Market Segmentation Source: Frost and Sullivan, Global Managed Security Services Market, March 2015 SAMM (Security Asset Monitoring and Management) Managed Security Services TRIDR (Threat Research, Intelligence, Detection and Remediation) RCM (Risk and Compliance Management) AEM (Advanced and Emerging MSS) Computer Premises Equipment (CPE)-based SAMM Hosted SAMM
  • 9. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Where Do Managed Security Services Live? Public AWS, Google, Azure, etc Private (SP Infrastructure) Hybrid Mix of Public and Private Seamless End-to-End Experiences, Cross Workload Size and Type Required Regardless of App, Service or Environment; Secure Flexibility Critical Requirement
  • 10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Evolution of Managed Security Services Premise to Cloud CloudHybridCPE Managed CPE SP IPS WEB EMAIL MALWARE CONTEXT W W W NGFW VPN IPS WEB EMAIL MALWARE CONTEXT SWITCHING NAT DHCP AP VOICE ROUTING W W W SWITCHING AP VOICE SWITCHING AP VOICEROUTING NAT DHCP NGFW VPN NGF W VP N IPS WE B EMAI L MALWAR E CONTEX T W W W NAT DHCP ROUTING
  • 11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Cloud Based Security Service Offerings SaaS or Hosted Cisco Managed Security Cloud SP Hosted Security Cloud VPN, FW, NGFW, NGIPS, AMP, Web Security, Email Security as a Service NGFW VPN IPS WEB EMAIL MALWARE CONTEXT W W W Cloud Web Security (CWS) Cloud Email Security (CES) WEB EMAIL W W W Pre-Packaged NFV Security Service Bundles (vMS) A La Carte Hosted Security as a Services (HSS) SP/MSSP Resell to Enterprises
  • 12. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Comparison of Cloud-Based Security Service Offerings Attribute Solutions for SP Managed Security Cloud Cisco Managed Security Cloud ServicesHSS vMS (e.g. Cloud VPN) Services Flexible A la Carte Security Services: VPN, Firewall, Web Security, Email Security or any combination bundles Pre-Packaged NFV Security Services: Cloud VPN, Cloud VPN + Web Security SaaS: Web Security or Email Security Delivery Model SP hosted within a virtual private cloud SP Hosted within a virtual private cloud Public Cloud – Cisco hosted SP acts as a reseller or MSSP Pricing Model SP price per bandwidth usage with per user add-on SP price per bandwidth usage with per user add-on Price per user SP CapEx Costs Infrastructure + security software + orchestration Infrastructure + Security software + orchestration None SP OpEx Costs Yes. Data center operation + service operation Yes. Data center operation + service operation Reduced Reporting / log data Owned by SP, stays at SP DC Owned by SP, stays at SP DC Centralized in Cisco Cloud/Local log Orchestration / Management With third-party tools (e.g. Ubiqube) Cisco Tail-F orchestration, with NFV service chaining Cisco turnkey service. Transparent to SP Cloud Platform Cisco VMDC/VSA, VMware Openstack with KVM Transparent to SP
  • 13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 $0 $2 $4 $6 $8 $10 $12 $14 CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 CY18 CY19 Revenue(US$Billions) Worldwide Cloud-Based Service Revenue Share by Technology Content security Managed firewalls Other security services DDoS mitigation IDS/IPS $7.2B Market Opportunity Cloud Service Delivery Shows Higher Growth, but CPE Based Still Growing © 2015 IHS / Infonetics Research: Cloud and CPE Managed Security Services Market Size and Forecasts; March 2015 $0 $2 $4 $6 $8 $10 $12 CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 CY18 CY19 Revenue(US$Billions) Worldwide CPE-Based Service Revenue Share by Technology Content security Managed firewalls Other security services DDoS mitigation IDS/IPS
  • 14. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Technical Drivers and Challenges Driver Challenge Scalability Scale to support increasingly large numbers of transactions and sites Sizing capacity planning Challenges in sizing the service delivery platform, virtual CPE platforms Pay as you grow solution High cost / upfront investment impact on service ROI Ease of deployment and service agility Complexity limits service adoption and the addressable market Ease of operation Implementing a set of management solutions that require that service operation people perform complex and frustrating task using disparate management systems Business and technical view Business focused reporting versus technical oriented
  • 15. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Service Needs Category Requirement Management Multi-Tenant / Multi-Role / API for integration with existing SP OSS/BSS tools Customer Web Portal Customer self service portal for service monitoring and self care change management Hardware Low CapEx / OpEx integrated solution Bandwidth Up to multi-Gb per customer tenant Malware / Anti-Virus Update In-Service upgrades without service interruption Performance Monitoring Monitor traffic profile and virtual appliance health for capacity planning purpose Security Policy Management Centralized management of security policies Virtualization Solution must be available as virtual appliance for private and public cloud deployment Data Retention Service management platform need to support data retention policies Security Event and Incident Management Centralized event and incident management Security Reporting Custom security reports for security appliances
  • 16. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Cisco Business Case Modeling to Predict ROI, TCO, Profit Market segments (Tenant) input parameters Business and system input parameters Service pricing Service provider revenue and profit
  • 17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Focus of Service Creation Team Service Discovery and Service Creation Workshops Part of the Wider Process of Building Services Service Portfolio Country Planning Service Discovery Workshop Per Service Exec sponsorship SC Workshop Partner Selection Solution Design Operation and Service Delivery Marketing Plan Marketing Sales Enablement Sales Engagement Business Case Partner Qualification Service Development Lifecycle Cisco leads Joint CSP and Cisco CSP or Cisco AS leads Proposal Cloud Service Market and Sell Cloud Service Build Cloud Service Envision Cloud Service Discovery Identify/Qualify the Opportunity Stages
  • 18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Cisco Security Vision and Strategy Covering the Entire Attack Continuum DDoS Visibility / Mitigation Services Firewall NGFW Secure Access + Identity Services VPNUTM NGIPS Web Security Email Security Advanced Malware Protection Network Behavior Analysis Malware Sandboxing Vulnerability Assessment Attack Continuum Before Control Enforce Harden After Scope Contain Remediate Detect Block Defend During
  • 19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  • 20. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Security as a Service Architecture Hypervisor Compute Storage FWaaS WSaaS ESaaS Tenant 1 NGFW/IPSaaS VPNaaS IDaaS Tenant 2 FWaaS DDoSaaS Tenant 3 Policy Analytics Reporting Security Service Examples: FWaaS – Firewall as a Service VPNaaS – Virtual Private Networking as a Service NGFW/IPSaaS – Next Generation Firewall and Intrusion Prevention System as a Service WSaaS – Web Security as a Service ESaaS – Email Security as a Service IDaaS – Identity as a Service DDoSaaS –Distributed Denial of Service Mitigation as a Service ORCH.LAYER SERVICES LAYER INFRA-STRUCTURE
  • 21. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Firewall as a Service: FW-aaS Centralized Management and Reporting ASAv or CSR1000v Firewall Support • Stateful inspection • Application inspection • Network address translation • Encrypted traffic inspection • Protocol inspection Advanced Firewall • Identity-aware policy enforcement • Malware traffic detection and blocking • Botnet traffic filter • Voice and video security Per throughput and per feature service pricing
  • 22. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Firewall-aaS Tiers Example Feature Category Service Tiers Bronze Silver Gold NAT Address Translation Stateful Inspection High Availability Advanced Management          BEFORE DURING AFTER  Included
  • 23. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Firewall-aaS Tiers Example Category Feature Service Tiers Bronze Silver Gold Network Address Translation NAT/PAT    Stateful Inspection L3 firewall    Transparent firewall Proxy authentication   Application hosting private zone Application control (IM, peer to peer) Voice security support High Availability Within SP data center   Between SP data centers Management Customer self service portal   Streamlined management  Auto generated reporting    Custom reporting  Data log retention (1 month)    Extended data log retention (>1 month)  … … …… … … … … … …  Included … Option Reference Slide BEFORE DURING AFTER
  • 24. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 VPN as a Service: VPN-aaS Centralized Management and Reporting ASAv or CSR1000v Per throughput per user service pricing VPN Services • Site-to-site VPN through Internet FW VPN Services •Remote access VPN • IPSec, SSL VPN • Session persistence (always on VPN)
  • 25. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 VPNaaS Tiers Example Feature Category Service Tiers Bronze Silver Gold Customer Site to Cloud IPSec VPN Service Remote Access VPN High Availability Advanced Management           Included BEFORE DURING AFTER
  • 26. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 VPNaaS Tiers Example Category Feature Service Tiers Bronze Silver Gold Customer Site to Cloud IPSec VPN Service Support for multiple crypto policies (DES, 3DES, AES …)    Pre-shared key VPN authentication    Digital certificate VPN authentication Multiple class of services / traffic prioritization policies   Remote Access VPN IPSec based remote access VPN    Client-less SSL remote access VPN    Client-based SSL remote access VPN Authentication integration with enterprise's radius, LDAP, AD servers Basis authentication (username and password based)    Strong authentication / Token based authentication Digital certificate based authentication High Availability Active / Passive within SP data center  Active / Active within SP data center  Active / Passive between SP data center Active / Active between SP data center Management Customer self service portal   Streamlined management  Auto generated reporting    Custom reporting  Data log retention (1 month)    Extended data log retention (> 1 month)  … … … … … … … … … … … … Reference Slide  Included …Option BEFORE DURING AFTER
  • 27. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Web Security as a Service: WS-aaS Centralized Management and Reporting WSAV • Anti-Malware protection • Web content analysis • Web usage controls • Application visibility • Bi-Directional control Per user pricing model driven by features
  • 28. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Web Security-aaS Tiers Example Feature Category Service Tiers Bronze Silver Gold Real Time Threat Protection Services Acceptable Use Services Policy Control High Availability Advanced Management             Included BEFORE DURING AFTER
  • 29. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Web Security-aaS Tiers Example Category Feature Service Tiers Bronze Silver Gold Real Time Threat Protection Services Web reputation filtering    Malware scanning    Acceptable Use Services Web URL monitoring by category   Web URL filtering (blocking) Web application monitoring  Web application control SaaS access control Transparent user authentication Advanced Malware Protection  Policy Control Granular access and control policies  Remote access user control policies High Availability Within SP data center   Between SP data centers Management Customer self service portal   Streamlined management    Auto generated reporting  Custom reporting  Data log retention (>1 month)    Extended data log retention (>month) … … … … … … …… …… …… Reference Slide  Included …Option BEFORE DURING AFTER
  • 30. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Email Security as a Service: ES-aaS Inbound and Outbound Security Control ESAV Inbound Security Virus and Malware Defense Spam Defense Data Loss Prevention Secure Messaging (Encryption) Outbound Control Centralized Management and Reporting Per user pricing model driven by features
  • 31. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Email Security-aaS Tiers Example Feature Category Service Tiers Bronze Silver Gold Inbound Email Protection Outbound Email Protection Policy Control High Availability Advanced Management  Included BEFORE DURING AFTER           
  • 32. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Email Security-aaS Tiers Example Category Feature Service Tiers Bronze Silver Gold Inbound Email Protection Reputation scoring and SMTP blocking    Anti-spam    Outbreak filters, Sophos anti-virus   Inbound email content filtering  Quarantine Advanced Malware Protection  Outbound Email Protection Anti-virus  Outbound email content filtering  Integrated RSA data loss prevention DLP RSA enterprise manager integration (enterprise provided) Large volume Quarantine Policy Control Granular policy control Roaming users protection High Availability Within SP data center   Between SP data centers  Management Self service portal   Streamlined management  Auto generated reporting    Custom reporting option  Data log retention (1 month)    Extended data log retention (> 1 month) … … … … … … …… … … … …… Reference Slide  Included …Option BEFORE DURING AFTER
  • 33. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 NGFW/IPSaaS Tiers Example Feature Category Service Tiers Bronze Silver Gold Application Visibility and Control (NGFW) Threat Protection (NGIPS) High Availability Advanced Management           Included
  • 34. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Category Feature Service Tiers Bronze Silver Gold Application Visibility and Control (NGFW) Network, user and application discovery    Application traffic filtering   URL filtering  File blocking (block xyz file type)  Threat Protection (NGIPS) IPS Basic Threat Protection Services (SNORT signatures)    IPS premium security signatures and content    Security intelligence feeds  AMP (Advanced Malware Protection – disposition from the cloud/policy)  High Availability Configurable “fail open” – Appliance only  “Fastpath” and Trust Rules – Exclude/Include velocity  Management Streamline management   IPS signature update    Advanced/Custom reporting  Automated policy tuning – Advanced/Custom policy tuning  Event correlation – Customized event correlation services   Impact analysis  … NGFW/IPSaaS Tiers Example Reference Slide  Included …Option BEFORE DURING AFTER
  • 35. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  • 36. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Hosted Security as a Service (HSS) • Enables Cisco partners to deliver security services from their Cloud infrastructure or as a managed private cloud offering • Cisco’s virtual security appliance product (ESAV, WSAV, ASAV, CSR1000v, …) and third party products • Comprehensive management system using UBIqube as a security domain manager • Fulfillment • Assurance • Northbound API for integrating with Cloud Orchestration Solutions • Solution supported with IaaS solutions: VMDC 2.3 and VSA 1.0 • Platform based on Cisco Unified Computing System (UCS) • Flexible deployment models
  • 37. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 Orchestration Layer Services Layer Infrastructure HSS Architecture • Delivered from service provider’s infrastructure • UBIqube MSActivator used as the Security Domain Manager • Orchestration SW interfaces with native appliance configuration mechanisms • All customer data lives inside the SP Cloud environment • Security on virtual form factor available today VMware ESXi Cisco UCS Storage WSAv WSAv ASAv Tenant 1 ESAv WSAv ASAv Tenant 2 ESAv CSR1Kv Tenant 3 Policy Analytics Reporting SP existing orchestration, reporting, billing infrastructure • Provisioning API • Reporting API • Billing API Multi-Tenant Security Appliance
  • 38. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 ASR9000 Global Tenant 1 Site AD DNS MS Exchange Customer VRF MPLS VPN or IPSec VPN Internet Tenant 1 Private Zone Tenant 1 DMZ Zone Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi0/6 gi0/7 gi0/5 mgmt0/0 gi0/2 gi0/3 gi0/4 WSAv ESAv VSA 1.0 Expanded Gold Container ASAv, WSAV, ESAV ASAv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi0/1 Tenant 1 Mobile Worker SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 39. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 ASR9000 Nexus 5000/7000/9000 L2 Fabric ASA5585X VSA 1.0 Expanded Gold Container CSR1Kv, WSAV, ESAV Global UBIqube vCenterM1 M1 Customer VRF Virtual Machine on UCSInternet gi6 gi7 gi5 gi8 gi2 gi3 gi4 Tenant 1 Expanded Gold Container WSAv ESAv CSR1Kv Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes gi1 P1 Tenant 1 Mobile Worker Tenant 1 Site AD DNS MS Exchange MPLS VPN or IPSec VPN Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 40. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 ASR9000 GlobalCustomer VRF Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi6 gi7 gi5 gi8 ESAv CSR1Kv Tenant 1 Expanded Gold Container VSA 1.0 Expanded Gold Container CSR1Kv, ASAv, WSAV, ESAV gi0/2 gi0/3 gi0/4 WSAv ASAV Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs Note: Not showing redundant notes gi1 gi0/5 P1 mgmt0/0 Tenant 1 Mobile Worker Tenant 1 Site AD DNS MS Exchange MPLS VPN or IPSec VPN Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone
  • 41. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 ASR9000 Global Tenant 1 Site AD DNS MS Exchange Customer VRF MPLS VPN or IPSec VPN Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi0/6 gi0/7 gi0/5 mgmt0/0 gi0/2 gi0/3 gi0/4 WSAv ESAv VSA 1.0 Expanded Gold Container Customer Hosted Email Inbound Flow ASAv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi0/1 Tenant 1 Mobile Worker Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 42. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 ASR9000 Global Tenant 1 Site AD DNS Customer VRF MPLS VPN or IPSec VPN Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi0/6 gi0/7 gi0/5 mgmt0/0 gi0/2 gi0/3 gi0/4 WSAv ESAv VSA 1.0 Expanded Gold Container SP Hosted Email Inbound Flow ASAv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi0/1 Tenant 1 Mobile Worker MS Exchange Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 2 VMs Private Tier 3 VMs
  • 43. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 ASR9000 Global Tenant 1 Site AD DNS MS Exchange Customer VRF MPLS VPN or IPSec VPN Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi0/6 gi0/7 gi0/5 mgmt0/0 gi0/2 gi0/3 gi0/4 WSAv ESAv VSA 1.0 Expanded Gold Container ASAv Web traffic flow – Explicit Proxy ASAv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi0/1 Tenant 1 Mobile WorkerWSAv is setup as the web proxy on user’s endpoint Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 44. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 ASR9000 Global Tenant 1 Site AD DNS MS Exchange Customer VRF MPLS VPN or IPSec VPN Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi0/6 gi0/7 gi0/5 mgmt0/0 gi0/2 gi0/3 gi0/4 WSAv ESAv VSA 1.0 Expanded Gold Container ASAv Web traffic flow – Transparent Redirection with Policy Based Routing ASAv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi0/1 Tenant 1 Mobile Worker Policy Based Routing in ASAv provides transparent redirection Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 45. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 ASR9000 Global Tenant 1 Site AD DNS MS Exchange Customer VRF MPLS VPN or IPSec VPN Internet Global Nexus 5000/7000/9000 L2 Fabric UBIqube vCenter ASA5585X M1 M1 gi6 gi7 gi5 gi8 gi2 gi3 gi4 WSAv ESAv VSA 1.0 Expanded Gold Container CSR1Kv Web traffic flow – Transparent Redirection with WCCP CSR1Kv Tenant 1 Expanded Gold Container Virtual Machine on UCS Shared Transit VLAN Per-Tenant VLAN Note: Not showing redundant notes P1 gi1 Tenant 1 Mobile Worker WCCP in CSR1Kv provides transparent redirection Tenant 1 Private Zone Tenant 1 DMZ Zone SP Management Zone Private Tier 1 VMs Private Tier 2 VMs Private Tier 3 VMs
  • 46. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 HSS VSA 1.0 Components HSS Components Version Required/Recommended/Optional ASAv 9.52(204) Required WSAV 9-0-1-162 Required ESAV 9-7-1-066 Required AnyConnect 4.2 Required UBIqube MSActivator 15.3.2 Recommended Virtual Services Architecture 1.0 Recommended
  • 47. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 VSA 1.0 Expanded Gold Container VSA 1.0 Component Version HSS Required/Recommended/Optional Unified Computing System (UCS) B-Series 2.2(3d) UCS B or C Required UCS C-Series 1.5(1f) UCS B or C Required ASR 9000 IOS XE 5.1.2 Cisco 7600/ASR 1000/ASR 9000 Recommended Nexus 7000 NX-OS 6.2(2) Nexus 7000/Nexus 9000 Recommended Nexus 5000 NX-OS 6.0(2)N2(6) Recommended UCS 6200 NX-OS 5.2(3)N2(2.23g) Recommended NetApp FAS8020 ONTAP 8.1 NetApp, EMC or VMware virtual SAN Recommended VMware vSphere 5.5.0 Build 1623387 Required VMware vCenter 5.5.0 Build 2183111 Required
  • 48. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Customer Site AD DNS ASR1006Customer VRF MS Exchange Global VMDC 2.3 Expanded Gold Container Nexus 7004 ASA5555 ASA5585X Customer PVT Outside VRF Customer PVT Inside VRF Global Customer DMZ VRF Remote Access VPN Customer Private Context ASA5585X Customer DMZ Context Customer Private Context UCS Citrix/F5 UCS UCS Citrix/F5 Citrix/F5 UBIqubeESAV vCenterESAV M1 WSAV M1 UCS M1 M1 UCS ASA5585X UCS WSAV VM VM VM VM VM VM * Not showing redundant notes Shared Transit VLAN Per-Tenant VLAN Private Zone 3 VLANs DMZ 2 - 1 VLANDMZ 1 - 1 VLAN SP Management MPLS VPN Internet
  • 49. Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 49 HSS Security Domain Management
  • 50. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 Sales Presence in Europe, USA, ME, Far East, India Partners: Network and security vendors, OSS vendors, MSPs Customers: Service Providers, Enterprise (multivendor IT security management) MSActivatorTM = Automated Device configuration and Service orchestration framework Any device, Any service, Any vendor UBIqube is a privately funded Network Software specialist About UBIqube
  • 51. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 HSS Security Domain Manager – UBIqube MSActivator Southbound Interface SSH SNMPTELNET SyslogHTTP OpenflowFTP OBMF Mediation Layer Netflow TR069 Web Portal GUI Service Profiles Service Designer Templates and Objects 3rd Party OSS/BSS Web Services Verbs and Web Services API, Order Stack Management Device Adaptor Update Conf Restore Conf Get Asset Update Firmware Device Adaptor (SDK) Update Conf Restore Conf Get Asset Update Firmware VOIP
  • 52. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 MSActivator Adaptable Framework SDK for Adapting/creating new function over the MSA framework (analytics, services, etc.) (Web based object editor, central repository, couple of days per service) SDK for integrating new devices (physical and virtual)/vendors (syntax) and protocols over the MSA framework (php based, couple of weeks per vendor) Service Provider Third Party Tool Service Designer Service Orchestrator Northbound API Network Provisioning Security Policy Provisioning VIP Provisioning Cloud Provisioning Service Designs SDK OBMFTM Core Engine Adaptor SDKPhysical Device Adaptor Virtual Device Adaptor
  • 53. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 MSA Features Highlighted Platform Mediation Portal • Telco grade scalability • Modular building blocks • Multi vendor • Multi-Tenant (RBAC) • Highly abstracted provisioning • Day 0 (ZTD) to Day 2 change management • Brown field deployment • Comprehensive APIs • Flexible Platform via open SDK • Auto Order -> Activation • Network and Services inventory • Big Data Analytics • Customer self service • Network operation center • Partitioned views • Enable remediation by lower skilled operators • Customizable by language, look and feel • Centralized control and workflow automation
  • 54. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Multi-Tenant – Multi-Roles Privileged Administrator (ncroot) Administrator A Administrator B Administrator CTenants Customer Site Devices Privileged Manager PM1 Manager M1 Manager M2 Customer Wells Fargo Customer ABC Tech Site1 Site2 Site1 Site4 Operator ABC Operator DEF Privileged Manager PM2 Customer YTT Corp
  • 55. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
  • 56. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 Securing the Application Delivery • Security is all about two concepts: Visibility & Control • Threats are mitigated as close to the source as possible • Security services are dynamically chained together and instantiated to form a service chain to mitigate a specific threat and/or to provide a managed security service on distributed compute resources • Threat defense provides a distributed capability to mitigate threats – targeted at the network, the Data Center, the Cloud and the applications that they serve Endpoints and Customer Premises Equipment Service Provider Data Center and Cloud SP Virtualized Network Edge Private Cloud Internet and Intercloud Public and Partner Cloud Cable or DSL Enterprise Mobility
  • 57. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 CPE Device CPE Device Orchestration Layer Network Service Lifecycle Mgmt Network Layer Control and Data Planes • Service models • Soft-real time service to device mappings • Event driven • Creation of cloud devices • Discovery of devices • Network topology • Physical devices • Virtual devices • Service immediacy and speed • Freedom of choice, service customization • Personalized experience, user in charge • Consumption based economics • Bring your own device, craft your own design Goal Defined • Automated service delivery simplicity and efficiency (“IT-less”) • Automated service creation, high cadence of new services • Self-service creation and reporting • Elasticity of network and compute resources • Open architecture, extensibility Goal Realised Background
  • 58. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Evolution of Managed Services – Premise to Cloud Customer Premise Cloud (SP Hosted) Network Functions from the Cloud Network Functions on the CPENetwork Functions Virtual Network Functions Network (Connect Premise to Cloud) Secure IP Overlays MPLS (L2/L3) Carrier Ethernet Intelligent / Hybrid Cisco Cloud SP Private Cloud Cisco Cloud Virtual Private Cloud Public Cloud Cloud Application Containers Applications from the Cloud SP Hosted Cloud Cloud (SP Hosted or Public Cloud) L3 “classic” L2 NIDL3 CPE + x86 on premise Simple L3 CPEx86 on premise
  • 59. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Virtual Managed Services Common Software Elements - Flexible Network Access Models Common Service Orchestration and Automation Consistent Portal and Service Dashboard Instrumentation vRouter vFirewall vWSA Cloud VPN Cloud IWAN Remote Access vRouter WaaS AVC PfR Branch Offices Private Cloud Public Cloud Internet HQ Dedicated internet Business Locations Private Cloud Public Cloud HQ Secure Broadband Service Provider Cloud Internet Secure MPLS
  • 60. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 Customer Experience in Brief Order / Customize Your Services 1 CPE ships (if needed)2 CPE is connected (if needed) 3 Orchestration occurs automatically 4 10.12.162.x Internet Customer VPN Service is up and running Service Provider Cloud
  • 61. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 vMS Value-Adds Developing Managed Services on Platform • A Service Blueprint is an abstract representation of a service that can be ordered through the UI or NB API • Every Service Blueprint is associated with a given Service Offering A ‘Function Pack’ is the components needed to instantiate a given service request • Service topology, written in Yang, modeling the “Intent” to instantiate a particular service offering A Service API is exposed from the Virto Model northbound (automatically created at compile time) A Service Request is the user calling the model with defined variables according to the service • The orchestrator is already aware of all Service Models that may be requested and these are preloaded into the Orchestrator Service Request Service API Compiled Infrastructure Service Topology Model (Virto) Instantiation Logic Device Models Function Pack Device Drivers
  • 62. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 CSR ASAv WSAv VTF (DC Overlay) SDN ControllerOVS (DC Overlay)VNFs vMS Orchestration Component Mapping NSO Orchestrator (VNF-O) ESC (VNF-M) OpenStack Service APIs Operator Portal Physical ISR OSS/BSS Customer Facing Services Resource Facing Services SSHSSH
  • 63. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63 End User Portal Exposing Service Blueprints to the Operator • The Orchestration Process can be kicked off through a Portal • The Portal is aware of different Service Blueprints that can be exposed to an operator • The values that are selected in the Service Selection process result in the subsequent API call into NSO • The portal was developed with 2 Modules • Front-End: Skinned to the Customer’s Requirements • Back-end: Modified to support the Service Blueprints that can be orchestrated
  • 64. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64 vMS VNF-O; NSO from Tail-F PnP Server Transaction Database (CDB) Open PnP Service Manager Device Manager Network Element Drivers x86ISR Virtual Service Intent Service Intent Service Intent Zero Touch Deployment (ZTD) Open Method for ZTD Access Transactional Datcapabilities abase Allows full CRUD to Services Service Manager Interprets Service Intent with Service Instantiation Rules and derives configuration deltas Device Manager manages derived and validated configurations in a transaction manner towards derived infrastructure Network Element Drivers Abstract the interfaces to the devices allowing 3rd party infrastructure to participate in Service Instantiation Service Models written in Yang Abstract Service from underlying physical devices Domain Controller Rest/NetConf/Yang NSO Mapping ControllerMaps the Service Intent to the Derived Device Topology. Known as “Fastmap”
  • 65. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65 vMS VNF-M; Elastic Service Controller Rules Engine Service Monitor Custom DHCP SNMP Ganglia Service Provisioning Scale Up/Down Elasticity Custom Day 0 Config VM Provisioning and Configuration Module VNS Bring-up & Initial Configuration Application. Multi-vendor Support Allows Modular Communication with NSO. Data Model Driven Affinity Rules and Scale Requirements for the VNF components. Also manages the startup sequences ESC uses multidimensional approach to VNF Monitoring/Restartability Programmable Interface to ESC allows Functional Interaction to ESC Subcomponents Elastic Services Controller (ESC) NSO API Confd Public Clouds Open Stack
  • 66. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66 VNFVNF vMS VIM; OpenStack, OVS, and SDN Controller • OVS will be supported by ODL in coming release • Common Neutron Plugin gives upgrade path on SDN Controller Nova OVS Plugin Neutron Port OVS ODL Plugin ODL Controller Image Management ML2 Plugins PortPort PortPortPort MGMT External InternalEdge Network Internet VNF PortPortPort NSO Management VNF Port VPP PortPort PortPortPort MGMT External Internal Internet VNF PortPortPort ESC NSO Model Driven (MDSAL)Network Management Edge Network Confd
  • 67. Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 67 vMS Use Cases and Its Service Topologies
  • 68. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68 vMS Release 2.0: Delivering Comprehensive Cloud VPN Services CPE Cust-A CPE Cust-A CPE Cust-B ASA Over The Top Access Flex-VPN Internet VR VR ASA CPE Cust-C CPE Cust-C NSO – NFV Orchestrator Cloud VPN Services • 3 Service Models for Enterprise deployment flexibility: • CloudVPN Foundation • CloudVPN Advanced • CloudVPN Advanced w/Web Security • vIPS option for both Advanced and Advanced w/Web Security • CSR1Kv: Virtual Router for Site-to-Site VPN with Secure IP Overlay using FlexVPN/IKEv2 for IPSec Tunnels • ASAv: vFW with NAT and Policy (*) • ASAv: vFW with IPSec/SSL Remote Access (*) • WSAv for Enhanced Web Security (*) Management and Orchestration • Enterprise Admin Service Interface (Portal) driven service instantiation • Zero-Touch Deployment of enterprise CPE (ISR G2) • Model driven Network Services lifecycle management with Network Service Orchestrator (NSO) from Tail-f • VNF lifecycle management with Elastic Services Controller (ESC) • Virtual Infrastructure Management with Openstack featuring: OVS and ODL/VPP as SDN Controllers Advanced VR Foundation CPE Cust-B ESC – VNF Manager WSA∂ ∂ ∂ Advanced w/Web Security PnP RFS VirTo RFS API CPE Managed Orchestration Link Foundation Service Direct Internet Access via “Split Tunnel” Access Model: Flex-VPN Links IPSEC VPN Service Access vRouter Internet Access/ Remote Access Openstack – Virtual Infrastructure Manager
  • 69. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69 G2 & 4000 Series VPNCPE ISR 800, 1900, 2900, 3900, 4000 Series Managed WAN Managed Security vMS Services Branch Branch vRouter (CSR1Kv) CloudVPN (IPSec) Branch Branch MPLS VPN (MPLS) Firewall (ASAv) Web Security (WSAv) Remote Access Internet CPE Branch Headquarters IWAN Internet (IPSec) MPLS VPN (MPLS) Internet DMVPN MPLS DMVPN IWAN (BR/MC) vMS on CIS
  • 70. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70 Cisco Intelligent WAN Solution Components for SPs Intelligent Path Control Load Balancing Policy-Based Path Selection Network Availability Secure Connectivity Scalable, Strong Encryption App-Aware Threat Defense Cloud Web Security Application Optimization Application Visibility App Acceleration Intelligent Caching Hybrid WAN Application-Centric Design Common Operational Model Deployment Flexibility
  • 71. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71 vMS Components for IWAN NSO Orchestration Service Assurance Operator Views CFS (Ordering Experience) Identity Management for SSO Portal for Network Visualization Living Objects for Network/App/ Perf View
  • 72. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72 Hybrid WAN: Leveraging the Internet Secure WAN Transport and Internet Access • Secure WAN transport for private and virtual private cloud access • Leverage local Internet path for public cloud and Internet access • Increased WAN transport capacity; and cost effectiveness • Improve application performance (right flows to right places) Branch Secure WAN Transport Direct Internet Access Virtual Private Cloud Public Cloud Private Cloud MPLS (IP-VPN) Internet
  • 73. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73 Operator View Each vMS Use Case Has Orchestration, Portal and Assurance Components Service Name: Cloud VPN service • Portal implements the ordering and self-service management UI as well as APIs • Service provisioning and service change are performed by Orchestration • Health, metrics and consumption data is provided by Assurance Customer View Example
  • 74. Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 74 Leveraging Microservices in vMS
  • 75. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75 What Are Microservices? • Each microservice is relatively small • Easier for a developer to understand • The web container starts faster, which makes developers more productive, and speeds up deployments • Each service can be deployed independently of other services - easier to deploy new versions of services frequently • Easier to scale development. Each team is responsible a single service • Improved fault isolation. For example, if there is a memory leak in one service then only that service will be affected • Each service can be developed and deployed independently • Eliminates any long-term commitment to a technology stack http://microservices.io/patterns/microservices.html
  • 76. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76 Consume Microservices Enable Architecture Extensibility in vMS Portal Consume’ (based on Python) Register Recommendation Service (based on C++) Register • Scale up a service • Replace a service • Add a service • Write a service in any language • Inter-microservice communications also go through the API gateway Custom App Symphony UI Identity Management Manage Monitor API Gateway Example Unregister
  • 77. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77 Front End Back End UX/UI SP Fulfillment SP Identity Provider SP BSS vMS Log Aggregation Common Infrastructure Services Identity/RBAC Ticketing SP Helpdesk OSS Analytics SP Assurance vMS Services Orchestration Who is the SP customer? Is there any physical/ un-orchestrated fulfillment? Product/offer definition, pricing, subscription, and customer billing Your system for handling customer support requests Your data collection engine can provide deeper insights for vMS customers as well as operators Designed for SP Environment but Works Fully Standalone
  • 78. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78 vMS 2.0 Deployment Architecture HTTP Load Balancer / Router Identity Mgmt. As a Service Cloud Controller HealthManager ESC NCS PaaS-based to deliver manageability, cloud native scalability and resilience API Gateway Service Discovery As a Service Logs/Metrics As a Service Service Assurance Cassandra / Hadoop / Redis As a Service Micro-Services Cloud Storage Identity Mgmt. As a Service Service Discovery As a Service Logs/Metrics As a Service Identity Mgmt. As a Service Service Discovery As a Service Logs/Metrics As a Service
  • 79. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
  • 80. Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 80 Demo: vMS
  • 81. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81 CPE ISR 800, 1900, 2900, 3900, 4000 Series VPN Managed WAN Managed Security vMS Demonstration Firewall (ASAv) Web Security (WSAv) Branch Branch vRouter (CSR1Kv) CloudVPN (IPSec) Internet Remote Access CIS: VMS on IaaS
  • 82. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture • vMS: Architecture • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
  • 83. Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 83 Demo: HSS
  • 84. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84 Agenda • Introduction • The Hosted Security Service Architecture • Architecture • HSS: Architecture and Demonstration • vMS: Architecture and Demonstration • vMS: Demo • HSS: Demo • Conclusion © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
  • 85. OSS/BSS Integration Service Intent Orchestration Security Services Public IP Addresses Public Internet Local LAN WSAv ESAv ASAv and/or CSR1000v CPE CPE Managed Access (IPSec VPN) IPSec VPN IPSec VPN AnyConnect AnyConnect UnManaged Access (Remote Access VPN) SSL VPN SSL VPN Amazon Salesforce Internet Sites IP Connectivity IP Connectivity Internet - Public IP Address Space Public IP Addresses DDoSaaSIDaaSESaaSWSaaSIPSaaSFWaaSVPNaaS Security as a Service Architecture
  • 86. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86 Summary • Lower cost due to virtualization • Faster time to service delivery (zero touch deployment, no truck roll), due to virtualization and service provisioning automation • Operational simplicity due to virtualization • Easy upsell for multi-service strategy for additional services and revenue with no additional truck roll • Value of multi-service strategy for virtualized managed security services and Cloud hosted services © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
  • 87. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87 References • Hosted Security as a Service (HSS) Documentation http://www.cisco.com/go/hss • Virtual Managed Services (vMS) Documentation http://www.cisco.com/go/vms • Cisco Adaptive Security Virtual Appliance (ASAv) http://www.cisco.com/c/en/us/support/security/virtual- adaptive-security-appliance-firewall/tsd-products- support-series-home.html • Cisco Web Security Virtual Appliance (WSAV) http://www.cisco.com/c/en/us/support/security/web- security-virtual-appliance/tsd-products-support-series- home.html • Cisco Email Security Virtual Appliance (ESAV) http://www.cisco.com/c/en/us/support/security/email- security-virtual-appliance/tsd-products-support-series- home.html © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87