expereo sd-wan management overview....expereo sd-wan management overview – january 2019 2 1...

www.expereo.com/sd-wan

Expereo SD-WAN management overview.

Managed Services and Technical Service

Building Blocks

Expereo SD-WAN Management Overview – January 2019 1

Contents 1 INTRODUCTION ........................................................................................................................ 2

2 WHAT IS EXPEREO SD-WAN: .................................................................................................... 3

3 EXPEREO SD-WAN MANAGED SERVICES BUILDING BLOCK ................................................... 4

3.1 Consult & Design ..................................................................................................................... 5

3.2 Procurement & Logistics......................................................................................................... 5

3.3 Install & Stage ........................................................................................................................... 5

3.4 Configure & Integrate ............................................................................................................ 6

3.5 Incident Management (CPE) ............................................................................................... 6

3.6 Incident Management (SD-WAN) ....................................................................................... 6

3.7 Change Management .......................................................................................................... 7

3.8 Network Management Services........................................................................................... 7

3.9 Security ...................................................................................................................................... 7

4 EXPEREO SD-WAN NETWORK OVERVIEW ................................................................................ 9

4.1 High-Level Architecture ......................................................................................................... 9

4.2 Site Typologies ........................................................................................................................ 11

5 EXPEREO SD-WAN TECHNICAL SERVICE BUILDING BLOCKS ................................................ 13

5.1 Underlay Network .................................................................................................................. 13

5.2 Managed Edge Device ....................................................................................................... 16

5.3 Overlay Network .................................................................................................................... 17

5.3.1 Secure Transmission of all Enterprise Traffics............................................................. 17

5.3.2 Application-Driven Service Assurance ..................................................................... 17

5.3.3 WAN Optimization ...................................................................................................... 18

5.4 Service Orchestration and Customized Reporting......................................................... 18

6 EXPEREO EXPERTISE ................................................................................................................ 20

APPENDIX: RACI .......................................................................................................................... 21


1 INTRODUCTION

Expereo is a global provider of managed internet and hybrid networks, SD-WAN and Cloud

connectivity solutions. Our XDN portfolio provides Internet Connectivity, Cloud Acceleration

and network optimisation, SD-WAN, network security managed services, and Xpertise –

managed professional and field services for network solutions.

With an unmatched global reach, Expereo powers enterprise & government sites in 190+

countries, helping our customers improve productivity and powering Cloud with the agility,

flexibility and value of the Internet, with optimal performance.

24/7 network monitoring and customer service incident support – 5 global support centres

covering every continent, staffed by certified support engineers with fluency in 20+

languages.

This document describes the Expereo SD-WAN managed services offering, its technical

building blocks and how it fits into the Expereo Defined Networking (XDN) portfolio.


2 WHAT IS EXPEREO SD-WAN:

The goal of the Expereo SD-WAN Service is to provide the next generation of connectivity

for Business. Expereo offers different vendor implementations under the name Expereo SD-

WAN Management.

Expereo supports the following Vendor Solutions:

• Cisco SD-WAN

o Former Viptela

o Legacy Cisco Intelligent WAN Design (IWAN) [legacy]

• Silver Peak EdgeConnect

• VeloCloud

Even though the various Vendor solutions differ in their individual approach, they are similar

in many aspects.

The Expereo SD-WAN Management Service aims to provide the following key features:

• Flexible and cost-effective,

• High Availability and Resiliency options

• Best user experience and Application oriented performance,

• Highest security standard

• Highest Agility to adapt to fast-changing business needs and reporting.


3 EXPEREO SD-WAN MANAGED SERVICES BUILDING BLOCK

Expereo SD-WAN Management is a fully managed network service and provides end-to-

end managed services supporting multiple SD-WAN technologies (Cisco, Silver Peak and

VeloCloud), with complete lifecycle management - from Service Design, Service Transition,

Service Activation to 24/7 helpdesk for Service Assurance.

Our managed SD-WAN services in a modular design, as an overlay network to Expereo

managed Global Internet connectivity or as part of a Hybrid internet/MPLS WAN.

These are summarised in the building blocks below in this document:

Figure 1: Managed Services Building Blocks

Consult & Design

Full SD-WAN network design, including underlay

Procurement and Logistics

Source and deliver SD-WAN CPE to the site

Install & Stage

Install & Initial configuration of SD-WAN CPE

Configure & Integrate

Migration/Integration of site into network

Incident Management (CPE)

CPE incident resolution (RMA)

Incident Management (SD-WAN)

SD-WAN network issue management & resolution

Change Management

Network configuration and Traffic Policies

Network Management Services

Ongoing support, design & performance reviews for CSI

Security

On premise and cloud-based SD-WAN security services


3.1 Consult & Design

Expereo Consult & Design is a start for the SD-WAN engagement where we first understand

your requirements and design a solution that fits. It includes the choice of appropriate

Internet access connectivity, addressing any non-SD-WAN requirements, and accurately

scaled SD-WAN equipment.

Expereo acts as your Global ISP, having built a complete overview of ‘best-fit’ internet

connectivity for 190+ countries and for specific customer requirements based on multiple

factors, strategic sourcing for the right supplier based on quality, last mile access methods,

redundancy options and limitations, routing/peering options and limitations, and overall

limitations of connectivity in certain geographies, to help you choose the best options.

Expereo has extensive experience for both SD-WAN and legacy DMVPN solutions

integration.

3.2 Procurement & Logistics

With the surge in interest for SD WAN equipment, we have established the optimal sourcing

strategy to ensure that delivery lead time is aligned with the project. Depending on

geographies, this process can be a blend of regionalised and centralised procurement. As

an example, Cisco equipment may be procured within emerging markets our supplier

relations team will evaluate based on delivery lead time and cost.

It is important to note that SD-WAN equipment is not readily available in all countries.

Expereo monitors the situation closely and can advise customers throughout the project

management stage on current availability and expected timelines.

3.3 Install & Stage

Alongside our partnerships to provide Internet access in 190+ countries, Expereo maintains

an extensive network of local system integrators and vendors (hands and feet locally) that

enables us to install and stage SD-WAN equipment globally.

During the initial stage of an SD-WAN order, Project Manager should work with the customer

to provide details of each site’s WAN and LAN design through an SD-WAN Questionnaire

form. This form should be completed and returned to Expereo no later than five working

days prior to the on-site installation of the SD-WAN device.


The supplier will hand over the Internet circuit’s information to Expereo after the installation

of the NTU at the Customer site. Expereo onsite engineer proceeds to confirm circuit

availability from service activation team. Expereo Service Activation engineer confirms

circuit availability and prepares the initial configuration required for ‘Zero Touch

Provisioning’ as per the Installation Guide for the field engineer as per the SD-WAN

Questionnaire document. After staging configuration is ready, SDM will request with

Customer for an on-site appointment, usually within the local office hours.

3.4 Configure & Integrate

The project management team will play a key role during this stage, as they will coordinate

with Expereo engineering team who are equipped with skill sets across all supported SD-

WAN technologies. Across these different technologies, our engineers will configure the

agreed setup for each site, as well as integrate it into the overall agreed network design. It

includes migration from legacy MPLS networks, coordination with Enterprise IT teams on

project plans and timelines, the coordination of third parties, and more.

Based on customer requirement, the integration will be based on customer’s methodology.

For standard practices, Expereo installs and implement SD-WAN solution when the Internet

circuit is ready, followed by migration of customer's existing LAN from MPLS to SD-WAN, then

migration of MPLS circuit to be the second access underlay leg of SD-WAN. If the customer

wants to start with MPLS, the pre-requisite will be that MPLS must have Internet breakout

somewhere to facilitate Zero Touch Provisioning as well as Orchestration and Management.

It is common that Configure & Integrate is carried out at a later stage and not during the

physical installation, to allow customer IT to prepare for the change. On some occasions,

for example, when adding a new site to an existing network deployment, this step is

completed together with Install & Stage.

The customer should arrange resources at each site, to connect existing LAN of each site to

the new SD-WAN CPE from Expereo and to test the Intranet and Internet connectivity (UAT)

before actual migration. Expereo will provide Customer with an engineer to be standby for

remote assistance when each site is connected to Expereo SD-WAN network.

3.5 Incident Management (CPE)

Expereo provides full Incident Management for RMA on Expereo managed SD-WAN CPE.

As outlined in Procurement & Logistics, Expereo recognises there is a limited SLA on RMA

support globally. Therefore, Expereo proposes dual equipment (PRM) or cold standby based

on the priorities of the site, and other factors applicable to specific geographies.

3.6 Incident Management (SD-WAN)


Expereo support engineers provide support and service assurance on the SD-WAN overlay

network for all supported SD-WAN technologies. Expereo acts as a single point of contact

to triage and investigate any SD-WAN incident reported by Enterprise IT. It includes Incident

Management related connectivity issues in the network underlay issues.

3.7 Change Management

Based on our experience, changes occur most often in three areas of SD-WAN

deployments:

a) The physical layer - equipment changes, cabling changes,

b) The overlay (SD-WAN design and policies), and;

c) The underlay (WAN IP, BGP routing).

Throughout the service lifecycle, Expereo works together with the customer to develop and

fine-tune change management scenarios that best fit the customer environment.

3.8 Network Management Services

It is very common for further network optimisations to be made as a customer’s SD-WAN

environment matures. For example, when an application flow is moved from MPLS to

Internet-based SD-WAN, reviews of application policies might be required. Alternatively,

when the customer is opening a new data centre or cloud location, the existing internet

routing/peering might need to change. Expereo carries out ongoing optimisation services

to identify the most optimal solution to meet the enterprise requirements, supported by

Xpertise - Professional services including project management and dedicated account

management. Network management services also include 24/7/365 NOC and CSC

support, backed up by a comprehensive customer portal for complete network

management visibility.

3.9 Security

Securing SD-WAN overlay, local internet breakout and underlay access handoffs are

already integrated into Expereo SD-WAN managed service suite. However, the scope does

not include managed security for additional service handoff such as additional public IP

subnets provisioned through the same underlay networks, meant for public hosting by the

customer or zone-based security for granular control of traffic flow.

As an optional module, Expereo provides a comprehensive suite of on-premise and cloud-

based security services for enterprises to securely operate SD-WAN and move to the cloud


with confidence. For SD-WAN deployments, Expereo SecureXDN services deliver services

including security infrastructure management for internet break-out services and firewall

management, threat monitoring and response, and vulnerability lifecycle management.


4 EXPEREO SD-WAN NETWORK OVERVIEW

4.1 High-Level Architecture

Figure 2: High-Level Architecture

Figure 2: High-Level Architecture showcases the components in a typical SD-WAN

deployment. It makes up of:

• SD-WAN Management platform

• ZTP*: Only minimal configuration of the global IP addresses on the SD-WAN CPE is

required to form the connectivity to the SD-WAN Controller;

• Management: Centralized portal to run and operate the SD-WAN controller and the

SD-WAN CPEs.

• Controller: Ease of operation to apply global traffic/application policies with a single

click. Troubleshooting is also performed from the same platform;

• Visualization: Provides real-time and historical data and other statistics of the GI

circuits and the SD-WAN overlay network.


• Underlay Transport/Handoff

o Expereo SD-WAN network is transport independence and can run on any

underlays, such as MPLS, Dedicated Internet or Broadband Internet access

circuits.

• SD-WAN Overlay/Handoff

o Expereo proposes three SD-WAN resiliency models (refer to 4.2 Site Typologies)

to fit the customer’s business continuity requirements and budget.

• Customer Network

o Expereo simplifies WAN and SD-WAN management by connecting the GI

CPEs directly to Expereo managed SD-WAN CPEs. Customer has the flexibility

to connect their local network to Expereo SD-WAN solution using switches,

firewalls, IPS/IDS devices as they preferred.


4.2 Site Typologies

Sites can have flexible deployment profiles, with Expereo standard models such as:

• Premium Resilient Model (PRM): Dual Access + Dual SD-WAN CPE

• Standard Resilient Model (SRM): Dual Access + Single SD-WAN CPE

• Non-Resilient Model (NRM): Single Access + Single SD-WAN CPE

Figure 3: Standard Site Typologies


Bespoke Resiliency Models (i.e. Multiple Access + Multiple SD-WAN CPE) are available per

individual case basis.

Figure 4: Bespoke Resiliency Model


5 EXPEREO SD-WAN TECHNICAL SERVICE BUILDING BLOCKS

5.1 Underlay Network

By the term Underlay Network, Expereo understands the access technology that is used at

any Customer Location. In case of an Internet-only location, this will be provided by the

Global Internet as a Service (GIaaS) Solution of Expereo.

The Expereo SD-WAN supports hybrid networking, this means that multiple Access

Technologies can be utilized at the same time.

This creates an Access network technology independence, which offers a lower cost

alternative (GIaaS) to the often premium-priced MPLS technology and can also facilitate

replacing costly transport technologies.

The following Access technologies are currently supported:

• (existing) MPLS / Metro Ethernet networks

• Internet Access = Global Internet as a Service (GIaaS) Solution of Expereo

Note: The Internet service needs to be provided on an unfiltered publicly reachable fixed

IP address.


Examples of transport independence can be seen in Figure 5: Hybrid and Figure 6: Dual

Internet

Figure 5: Hybrid

Figure 5: Hybrid illustrates the connection model in a Hybrid solution, where the customer

has Internet Access and MPLS on a site. Both Connections can be utilized at the same time

by the SD-WAN Tunnels.

Figure 6: Dual Internet

Figure 6: Dual Internet illustrates the connection model in a dual Internet solution (service

provider independent), where the customer is provided with resilient Internet Access by

Expereo. The SD-WAN Tunnels can apply path optimization and load balancing depending

on the vendor solution.


5.2 Managed Edge Device

The XDN portfolio provides a Managed Edge device, that forms the demarcation point

between Expereo and the customer. The same applies to the Expereo SD-WAN portfolio,

where the SD-WAN functionality is being provided by the managed SD-WAN Edge device.

The Managed SD-WAN Edge functionality can be provided on either:

• a physical device, residing on the customer premises (CPE)

• a virtual device (Virtual Machine), residing on a Server in a customer data centre or

at a private cloud location such as Amazon Web Services (AWS) or Microsoft Azure

Cloud.

• (future) a software-based virtual network function (VNF), which may run on a virtual

CPE (vCPE) at the customer premises.

The Managed Edge Devices can also provide:

• local Direct Internet Access/Breakout by Network Address Translation (NAT)

• firewall capabilities

The LAN capabilities of the Managed Edge Devices, such as local routing or DHCP vary per

vendor solution. All Edge Devices have a feature parity, independent of the location where

they are installed, be it a remote Office, a data centre location, or a cloud location.


5.3 Overlay Network

The Overlay Network removes the complexity of the different Underlay Network

technologies. The Expereo SD-WAN Service connects enterprise locations, branch offices,

data centres and cloud locations independent of distance in a way that allows improving

the agility and performance of the enterprise WAN.

The Expereo SD-WAN Solution offers

• Secure transmission of all Enterprise traffic

• Application-Driven Service Assurance

• WAN Optimization

5.3.1 Secure Transmission of all Enterprise Traffics

Expereo SD-WAN uses the strongest available IPSEC encryption standards to securely

transmit the traffic over the non-secure underlay networks. The Edge devices are hardened

according to the industry standard specifications.

5.3.2 Application-Driven Service Assurance

Service assurance is a critical part of the Expereo SD-WAN managed services. QoS

performance, e.g., packet loss and latency, is measured over each SD-WAN tunnel in real-

time. These measurements determine whether a WAN meets the performance

requirements of an application, resulting in application-driven performance assurance. If

any WAN meets these criteria, the application can be forwarded, provided no pre-existing

policy disallows transmission over a particular WAN, e.g., only use MPLS VPN and not

Internet.

Customer specific policies can also be considered when making forwarding (or blocking)

decisions for the SD-WAN tunnels over each WAN. Policies can be based on each

application-level classification (up to OSI Layer 7), an application’s QoS, or application

grouping, e.g., real-time media or conferencing application. Policy enforcement considers

an application’s QoS performance requirements, or an organization’s security or business

priority policy requirements.

For example, a QoS policy may be set so Skype for Business packets are forwarded over

any WAN if its QoS performance requirements, e.g., latency and packet loss, are met, so

users get an acceptable quality of Experience (QoE). A security policy may be set so Skype

for Business packets are sent over the MPLS VPN and not the Internet. A business priority


policy may also be set so credit card payment transactions are sent ahead of any Skype

for Business packets.

5.3.3 WAN Optimization

WAN Optimization can seemingly increase WAN bandwidth and QoS performance and/or

WAN latency depending on the implementation. This can be accomplished by the means

of data deduplication, data compression/data caching to minimize the amount of data

transmitted over the WAN.

Methods of protocol spoofing / local acknowledgements can overcome packet size

limitations, and protocol waiting times, and therefore increase the throughput.

Forward error correction (FEC) compensates for WAN packet loss by sending duplicate

packets over multiple WANs and then reassembles the packets in the correct sequence at

the receiving end. FEC enables SD-WAN overlay tunnels to provide essentially zero packet

loss, a low Jitter by using lower cost, higher packet loss Internet broadband underlay

networks.

Since WAN optimization is not required at all SD-WAN sites, it is often delivered as a value-

added service.

5.4 Service Orchestration and Customized Reporting

A key feature of the Expereo SD-WAN Service is the Service Orchestration. Because of the

Service Orchestration, the whole infrastructure becomes agile and adaptable without

compromising on configuration consistency and reliability.

The SD-WAN Orchestrator simplifies and automates tasks such as adding, changing and

deleting SD-WAN services without disrupting the overall service.

It also provides physical and/or virtual device management for all SD-WAN Edges and SD-

WAN Gateways associated. This includes, but is not limited to, configuration and activation,

IP address management, and pushing down policies onto SD-WAN Edges.


The SD-WAN orchestrator maintains connections to all SD-WAN Edges and SD-WAN

Gateways to identify the operational state of SD-WAN tunnels across different WANs and

retrieves QoS performance metrics for each SD-WAN tunnel. These performance metrics

can then be used for customized reporting.


6 EXPEREO EXPERTISE

Xpertise removes the complexity from managing customer’s complete network lifecycle

and enables their organization to achieve innovation with complete logistics project

management for the SD-WAN deployments. Expereo provides a global footprint with

exceptional depth and breadth of in-country solutions for access technologies, equipment

and customer site professional services, ensuring delivery of technical, regulatory and

quality standards across the globe removes the complexity from managing.

The Expereo SD-WAN service can be tailored to the technical requirements and

preferences of the customer. For that reason, Expereo offers different vendor-based

solutions under the umbrella of Expereo SD-WAN managed services.

Expereo works closely together with the customer to select the best fitting vendor.

To be able to design the solution in accordance with the customer requirements, Expereo

needs to be made aware of all:

• existing network connectivity (including backend network connects between sites)

• IP address spaces

• routing protocols

• any special configurations

that are currently used or planned to be used, on all sites to be connected to the SD-WAN

Service.


APPENDIX: RACI

Tasks Customer Expereo

SD-WAN design & build C, I R, A

SD-WAN project management C R, A

SD-WAN orchestration hosting I R, A

SD-WAN on-site deployment C R, A

SD-WAN site provisioning C R, A

SD-WAN 24x7 monitoring & helpdesk I R, A

SD-WAN system configuration backup I R, A

SD-WAN software upgrades C R, A

SD-WAN incident management I R, A

SD-WAN hardware replacement C R, A

SD-WAN configuration fine-tuning C R, A

SD-WAN administration C R, A

SD-WAN reporting C R, A

SD-WAN security incident management C R, A

Access links availability and performance

monitoring I R, A

Access links incident management I R, A

Access links security incident management I R, A

Access links software upgrades I R, A

Site infrastructure availability

(i.e. power, rack space) R, A C

Site physical security and access control R, A I

Site-local network connectivity to SD-WAN

CPE R, A C


R = Responsible, A = Accountable, C = Consulted, I = Informed

expereo sd-wan management overview....expereo sd-wan management overview – january 2019 2 1...

Documents