huawei all cloud network - ateapre-integration with 20+ cloud platforms/container platforms...
TRANSCRIPT
Security Level:
Huawei All Cloud Network
Secure, Convergence, Simplicity, Openness
- Intend Driven Network Maximizing the Business Value
Yang Yu
Access and Enterprise Solution Director
2
Huawei at a Glance
180,000Employees
1480,000
No. 70 in170+
No. 83 in the
R&D institutes /
labs/centersR&D employees
Interbrand's Top 100
Best Global BrandsCountries
Fortune Global 500
3
World-Wide Recognition
No.70 in Interbrand's
Top 100 Best Global
Brands 2017
2nd most IETF
published drafts and
authors in the
industry
Top 10 in the 2017 EU
Industrial R&D Investment
Scoreboard
No. 10 in MIT
Technology Review 50
Smartest Companies
4
Huawei Network Organization Overview
A Global
Leader of Network Solutions
Professional Services
Access
Network
Transmission
Network
Router & Carrier
Ethernet
Switch & Enterprise
GatewayNCE
Enterprise Business
Enabler and preferred partner of
enterprise digital transformation
Carrier Business
Customers' best strategic partner
Serving Global CarriersServing Global Enterprises
and Industry Customers
5
Global R&D and NIC Contribute Cutting-Edge Technologies
R&D centers Network Innovation Center (NIC) Talented R&D colleagues
TorontoSanta
Clara New
Jersey
Dallas
Ireland
10+ 10+ 17,000+
NIC
R&D Center
France
Germany
Italy
Shenzhen
Beijing
Chengdu
Xi’an
HangzhouShanghai
Russia
Japan
6
Vision and Mission
Bring digital to every person, home and organization for a fully
connected, intelligent world
7
Digitalization Accelerates Industry Transformation
30%Improved Efficiency
40xImproved Quality
+3 Trillion-Dollar Industries
Big Data, IoT, Intelligence
3.7%Digitalization Brings GDP Growth
Source: Accenture 2016 (China)
The government, finance, and manufacturing industries urgently require digital transformation
Cloud Cloud + IoT
Information Industry Real EconomyService Industry2000-2015 2012-2020 2012-2020
3.64 2.86
8.9110.3
8.2
3.18
15%20%
40%
50%
20%15%
0%
10%
20%
30%
40%
50%
60%
0
5
10
15
20
25
ISP & Carrier M&E Government Finance Manufacturing Energy
Unit: $ billion
Unit: $ billion
Digitalization investment scale and growth rate of each industry
8
Improving user
experience
Increasing operating
efficiency
Building new
ecosystem
"E3" — Three Key Drivers Behind Digital Transformation of Enterprises
30%higher efficiency
40xbetter quality
Source: BCG 2016
Real-time, On-demand, All
online, DIY, Social (ROADS)
Source: Huawei MI
3.7%growth in GDP as a result of
digital transformationSource: Accenture 2016 (China)
Interconnection creates values
User interconnection Machine interconnection Service interconnection
9
Makes networks understand
service intentions
Enables networks to
optimize themselves
Enables networks to
predict threats
Automates complex
networks
Intelligent edge
Efficiency-centric
Non-intelligent
edge
Cost-centric
Device-centric User-centric
Autonomous Network in Enterprise Digital Transformation
10
Cloud Based Intent Driven Network Unlocks the Potential of Business
Business logic/policy
Predictive
maintenance
Intent-driven
automation
Intent
Digital twin
Intent engine
Intelligenceengine
Automationengine
Analyticsengine
Network infrastructure
Real-time awareness
ETH, PON, Wi-Fi, microwave, ZigBee, RS485, DI/DO, Bluetooth, PLC, RS232, V.35,
G.703, 802.11ax/ac/n, BeaconUnderlay network
Overlay network
Network service
VXLAN VPNs
Security SD-WAN On-premise intelligence
• Device-centric
• Reactive
• Skill-dependent
• Closed architecture
• User-centric
• Predictive
• AI/Automation
• Open platform
11
Simplified Sites• Wi-Fi & IoT convergence, site integration
Simplified Ultra-broadband Network Infrastructure
Simplified O&M• Configuration automation, on-demand policy orchestration
Simplified Architecture• Uniform architecture for the hybrid cloud or multiple clouds
Underlay Network
Overlay Network
Ultra-broadband
Sim
plif
ied
IDN Ready Infrastructure
Insight
400G DCI, 10G Wi-Fi,
10GPON
Connection Latency Bandwidth
Superfast AI-powered
lossless Ethernet network
All-scenario Wi-Fi, connecting
more people and things
12
SD-WAN
AgileWAN
SDSec
CloudFabric
IDN: Maximizing Your Business Value
AgileCampus
Campus
network
Branch
interconnection
Network
security
WAN
DCN
13
IDN for Agile-Campus:Adopt User-Centricity and Achieve Visualized, Predictable, and Manageable
Experiences for Each User, in Each Application, at Each Moment
SES Cloud4Wi
Asset
positioningMDM
ESLAAA
BluePath AirWatch
Fault prediction
Network analysis
Big Data/AI
Campus
Insight
Cloud management Intelligent O&M
Network virtualization
Open API
Configuration/Policy
automation
Telemetry NETCONF/YANG
Intelligence
• O&M: fault prediction and analysis based on machine learning
• User experiences: a VIP high-quality campus network built to
guarantee key user services
Simplicity
• Management: full lifecycle cloud management
• Deployment: virtual networks and policy deployment automation
• Architecture: Wi-Fi & IoT convergence
Security
• MACSec-based end-to-end physical layer security
• Big Data-powered security policy automation
Ultra-broadband
• Industry's first 10G Wi-Fi network
• Industry's first 100G fully programmable modular switch
Openness• 150+ APIs
• Easy integration with third-party AAA systems, policy
systems, and LBS systems
Virtual office
network
Virtual security
network
Virtual
production
networkAll-wireless access
Wi-Fi & IoT convergence architecture,
with TCO 50%↓
Z
insideIoT & Wi-Fi convergence
Smart antenna, allowing signals to move with
users and achieving coverage distance 20%↑
Enterprise OAHigh-density Wi-Fi
Industry's highest-density Wi-Fi, with
performance 30% ↑
14
LIDL, CloudCampus Solution Improve Service Deployment Efficiency
Network construction
costs reduce 1/5
20% 8X
Network
deployment for
one shop:
4 days -> 0.5
day
Fast deployment, decreased OPEX
In 5 years
saving the
OPEX 69%
80%
LIDL
Need to deploy WLAN and LSW for its over
15000 Retail-shop and provide online
marketing.
Huawei Cloud
Campus Solution
Cloud management
platform
Local DC
Gateway
SwitchSwitch
AP
PMS
HQ DC in Germany
Store network
VPN
VPN
NAT server
Management
traffic
AP4050DN-E
S5720-52P(X)-
PWR-LI-AC
Cloud Campus will perfume Big Data Analysis, including:
• terminal users’ service experience
• Service experience trend analysis
• Full-process tracking of user access
• Terminal Behavior Analysis
15
Intelligence• Pre-event: Inband Telemetry is used to implement real-time
assessment, avoiding global faults.
• During-event: AI-powered analytics enables network fault
detection in seconds.
• After-event: Applications and networks are intelligently
associated, achieving minute-level fault locating and repairs.
Simplicity• Architecture: hybrid cloud; unified architecture for multiple
clouds
• Deployment: drag-and-drop; network automation; service
deployment in minutes
Openness
Pre-integration with 20+ cloud platforms/container platforms
Ultra-broadband
• Industry's first high-density 400G line card
• Superfast, lossless AI-powered Ethernet network
SecurityVM-level micro-segmentation
VM VM
Controller Analyzer
IDN for Cloud Fabric: Application-Centric, Network-wide All-Traffic Visibility, Proactive Risk Prediction
16
NPCSNational Payment
Card System
• 10 million transactions per day
• 1,000 TB of data for settlement
• 400+ financial DCs access NPCS
• 20+ payment systems integration
• 12,000+ payment agencies
• 18K servers for settlement
Unified payment
Unified settlement
EVN
TRILL
CE12800
32 DCs2 DCs
12 Nodes 500+ Nodes
64Tbps 178Tbps
Massive
Data
100%secure
isolation
10-year
evolution
Current Future
Central Bank of Russia’s NPCS: 3-Level Scalability Enables Smooth
Expansion
Cross-DC expansion
Large-capacity core switches
System-level network
17
IDN for SD-WAN: Guaranteeing Application Connectivity Experiences and Maximizing Link Efficiency
Controller Analyzer
Intelligence• AI-powered fault prediction, fault backtracking in minutes
• Application-level intelligent routing for optimized
experiences and bandwidth
Simplicity• Device plug-and-play; automatic orchestration of VAS chains
• Interconnection between full series of high-performance
CPEs in all scenarios
Security• Flexible association between uCPEs and Huawei or third-party vFWs
• Encrypted transmission of services through IPSec; end-to-end
secure isolation
Openness
• Open uCPEs (X86 & ARM64) supporting 10+ mainstream VASs
• Easy deployments on multiple public clouds, such as those from
Microsoft, Amazon, and Huawei
BSS/OSSSelf-service portal
VAS store
vFW vWoC…
uCPEBranch 2
Branch 1 …
ERP,
Video…
HQ
vCPE
vCPE
Gateway
Internet
LTEMPLS
Public cloud
Private cloud
Application
and network
status insight
Fault prediction and
backtracking
Policy
execution
18
Challenges Benefits
• Global 1000+ branches, with annual bandwidth costs
increased by 20%
• Bandwidth conflicts for 600+ applications; poor experiences
with cloud applications such as Office365
• Traditional WAN optimization controller (WOC), time-
consuming security device deployment (> 3 months)
• No visibility to applications; difficult fault locating
Building a Global 100 ms-Latency Circle Inside Huawei, with
Optimized Connectivity and Application Experiences
20% 10X
AR1000V cloud gateway
collaborates with the
Microsoft cloud to
optimize cloud application
access.
Bandwidth costs
A mix of MPLS and
Internet links increases the
bandwidth utilization from
60% to 90%.
Application experiences VAS rollouts
Riverbed vWOC, F5
Proxy, and other VASs
are quickly rolled out.
30 minutes
O&M costs
45+ reports based on
applications, links, sites,
and users; fault
prediction
80%
19
Intelligence• AI-powered awareness of advanced threats
and security policy O&M
• AI-powered synergy network security defense
Simplicity
• Security services that can be obtained on demand
• Configuration automation; on-demand policy
orchestration
Openness• Adaptation to 6+ mainstream cloud platforms
• Huawei security alliances
IDN for SDSec:Situational Awareness of Network-wide Security, AI-powered Proactive Defense
DCNCampus network
Branch network
SDSec ControllerAnalyzer
Detection
Disposal
Policy
Executor
Ultra-broadband• All-in-one gateway that integrates LAN,
WAN, and security functionalities
• 128 VMs, 2.5T vFWs
• Clustering of 16 firewalls
20
Huawei Help a Famous Commercial Bank Fend Off Security Risks
Through Intelligence Enhancements
• Big Data-capable CIS platform for security analytics
• Network-wide probes across HQ and branches, situational awareness of security
BenefitsChallenges
• Key information theft: leakages of user names, passwords, and bank cards
• Terminal hosts penetrated: Extranet access of zombie hosts in branches
• Emails infected with viruses: 19 malicious emails found in 2 weeks
Proactive threat detection and network-wide united action based on intelligence enhancements
• Early threat discovery: 2 weeks -> 2 hours
• 20% more advanced threats found; prevention from asset losses of up to 40%
• First-month findings since its debut: 8 first-of-their-kind advanced malwares, 9 servers controlled by hackers, 34 viruses for which no alarm is reported
21
IDN for AgileWAN: Creating All-Scenario WAN Connectivity
Intelligence
• AI-like second-level network fault detection and self-healing
• Proactive network optimization and traffic prediction based on
real-time data collection, detection, and SLA
Simplicity
• Soft and hard pipe network architecture simplifies the network and
reduces TCO by 40%.
• SDN-based minute-level service deployment and delivery contribute
to business innovations.
Ultra-broadband
• Industry's first 4T line card with a high level of integration
• Industry's first 400GE interface
Security and reliability
• Three-level (chip-, device-, and network-level) security assurance
achieves high reliability of 99.999%.
• Hardware BFD (with detection packets sent at intervals of 3.3 ms) and
10+ switchover technologies enable the network to run reliably.
Configuration
delivery
Physical and virtual
networks
ManagementAnalyzer
ControllerNetwork
information
Suggestions
Telemetry for
information collection
Application ToolNetwork
service
Open API
22
Helping EPM in Colombia to Build a Highly Reliable Smart Grid
Challenges Benefits
• Aged network; an urgent need to migrate SCADA
and relay protection services to an IP network
• Coexistence of dual networks, resulting in high
operating costs
• Many PCM devices; no unified management system
for devices from multiple vendorsMission-critical services
are reliably carried on an
IP network.
IP
hard pipeUnified
bearing
Multiple networks are
integrated into one,
reducing TCO by 40%.
PCM
card
E2E unified management
increases O&M efficiency
by 30%.
23
Northbound RESTCONF/YANG APIs and
southbound NETCONF/Telemetry APIs, hundreds
of online API developer communities
Openness: Joining Hands with Partners to Provide Optimal Solutions
Open architecture
Open API
Standard protocol
Open source architecture–based controller
Kafka architecture–based Big Data analytics
Interoperability with third-party network devices,
saving network investment
NETCONF/YANG
Huawei
Third-party
domain controller
Traditional
OSS
Orchestrator
/Third-party controllerBig Data
platform
RESTCONF/YANG Kafka/SFTP
RESTful/YANG
Cloud
platform
Third party
Analyzer
Manager
Controller
MTOSI/CORBA
SNMP/CLI/Qx Telemetry
SDNLegacy
Inte
llig
en
ce
Op
en
nes
s
24
BYOD Alliance
http://developer.huawei.com
Developer community
Innovation tools
Remote laboratory
OpenStackFusionSphere
Microsoft
EasyStack CloudStack
XenKVM
VMware
RedHat Mirantis
Honeywell
SONY Infosys
Richfit
LongShine
Walkbase
Cloud4Wi
SOFTSTO
NE
BluePath
SAP
GEMS AD
Puppet
Srun Dr.COM
SplunkBrocade
Ansible
NSX ONOS
F5Check Point
Wasion
Fortinet Riverbed
CitrixPalo Alto
Infoblox
Brocade CLOU
All-Scenario Ecosystem Cooperation, 50+ Partners
Cloudification &
VirtualizationManagement &
Control
Device
ManufacturersApplication Layer
Cooperation
50+ Partners 3 AlliancesDeveloper
Platform
25
Ultra-broadband Simplicity Intelligence Security
Embracing a fully connected, intelligent world
Intelligencereshapes user experiences.
Simplicityenables service agility.
Ultra-broadbandkeeps network advantages.
Openness & Securityushers in a win-win ecosystem.
Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without
limitation, statements regarding the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could cause actual
results and developments to differ materially from those expressed or implied in the
predictive statements. Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei may change the
information at any time without notice.
Thank You.