Business class telecommunications

Maxim  PopovHead  of  R&D

kCloud

Platform  for  IT/Telco  service

VALUESCustomer focusedWe  know  about  our  clients  concerns  and  care  about  them  by  creation  of  products  and  solutions  that  will  be  valued  and  serve  our  clients  in  accordance  with  our  promises  and  their  expectations

ResponsibilityWe  achieve  our  goals  and  execute  our  commitments

Innovation  abilityWe  are  constantly  looking  for  new  technologies  and  creating  solutions  dedicated  to  significant  improvement  in  business  efficiency

ProfessionalismWe  are  taking  deep  knowledge  in  our  business  and  rich  experience  of  its  practical  realization

3The  case  for  OpenStack

Virtualize  Network  Control  Plane

OpenStack  -­ solid  foundation  for  telco  virtualization

Reduce  provisioning  time  &  costsLower  OpEx  on  common  virtualized  infraEndorse  short-­lived  cases

Deploy  faster,  with  optimal  sizingScale  &  relocate  easilyNatural  fit  to  integrate  client's  NW  &  Cloud

Virtualize  Enterprise  Customer  Premises  Equipment

Minimal  CapEx  &  OpEx  on  virtualized  x86-­COTS  Painless  scaling  with  Software  Defined  Storage

Virtualize  Video  Processing  and  Storage

4DPI

DPIDeep  Packet  Inspection

-­ functionality  allows  you  to  analyze  the  traffic,  manage  it    and  collect  statistical  information.

Restricting  the  use  of  the  Internet  access  for  any  purpose,  for  example-­ enterprise  policy,  low  policy  etc.

Management  and  collection    traffic  usage  statistics.

Centralized automatic  update lists of  prohibited Internet  resources, with  the  possibility of  configuration  in  manual  mode.

5DPI  functionality

DPI

Controlling  filtering  rules

Collection  and  analysis  of  statistical  

information

Centralized  configuration  &  management

Monitoring  Internet  channel  load

4Manage  lists  of  prohibited  Internet  resources

4Control  Management  Access:  by  dates,  schedule,  content,  speed  (managers)

4Notify  /  redirect  users  when  they  attempt  to  visit  a  blocked  web  site.

4Filtering  traffic  based  on  the  categories  (Database  system  continuity  sites  continuously  updated  and  contains  more  than  500?  million.  sites)

4Perform  URL  categorization  and  interlock,  black  /  white  lists

4By  domain  names,  websites,  protocols,  dates,  etc.

4Running  for  any  arbitrary  period  of  time  indicating  the  load  on  the  incoming  and  outgoing  traffic

6How  it  deployed

TH

kCloud

kCloudTH

TH

management  subsystem

clients

internal

Hardware  traffic  handler.  Where  we  can’t  set  virtual  

handler

TH  -­ traffic  handler

Internet

Data  traffic Data  traffic

Management  traffic

7DDoS  Protection

DDoSProtection

– Efficient counteraction  to DDoS-­attacks  at  any OSI  Level

Maintenance  of  Internet  resources  smooth  functioning  at  24/7

Funds  savings  on  qualified  IT-­specialists,  expensive  hardware  and  software

Protection  from  overload

Legitimate    traffic  in  usual  mode

Legitimate    traffic  at DDoS-­attack

DDoS-­traffic

8How  it  deployed

Legitimate  usersInternet

Control

Hacker

DDoS-­attack

Botnet

DDoSController

DDoSAnalyzer

API

DDoS-­GUARD  Traffic  Filtration

Blackhole

Internet  Service

BGP-­session

sFlow

BGP-­Session

GRE-­tunnel

9kSpot  

kSpot -­ Managed  Wi-­Fi  with  analytics

organization  of  access  to  the  Internet  via  Wi-­Fi  technology  for  your  customers

personalized  delivery  of  advertising  and  information  messages  to  mobile  devices  your  customers

authorization  your  customers  via  SMS  according  law

– Wireless  LAN  Controller– Authorization  portal– Management  portal

AP.  .  .

Client’s  side

How  it  deployed

AP

.  .  .

vWLC

Authorization  Server

Management  portal

10

Internet

1111CSR1000v   (Enterprise  cloud  border  router)  

CSR1000v

-­ Extending  Enterprise  WAN  to  Cloud

Security   IPSec  VPN,  L2TP  Route-­based  VPNs  (DMVPN,  ..)  Firewall,  ACL,  AAA

Enterprise  Services  NAT,  QoS,  OSPF,  BGP,  Tunneling,  IOS-­XE  CLI,  

Flexible  policies  for  bandwidth  and  features  set  (from  10  Mbps  up  to  1  Gbps)

Cisco  ASAv (Enterprise  cloud  firewall)   1212

ASAvAdapative Security  Virtual    Appliance

-­ Protects  enterprise  cloud  

Security firewall  functionality

Secure  mobility VPN  virtual  appliance  used  in  a  virtual  environment.    It  runs  within  your  cloud    as  a  VM,  and  supports  site  to  site    VPN,  remote  access  VPN,  and  clientless  VPN  functionality.

Scalability  ASAv15,  ASAv30

13How  it  works

SLA

CPE InternetvASA

vRouterClient’s  office

TENANT  in  kCloud

…SDNL2/3  VPN

kServers

kServers

SDN

14Future  plan

kVideovSaaS

-­ Remotevideo-­control  for  business

Cost effective

Fast  and  easy  deplay

Always  on  Access

15How  it  works

PC

Smart-­phones

Laptop

Videostreamer

Videostorage

IP  cams

IP  cams

Web  portal  management  system

Business-class telecommunications

© KazTransCom,   2016

Thank  you  for  attention!