0:03 Hello, hello everybody. 0:05 Today we will talk about the SD lens solution. 0:08 So first of all, this is the version director screen. 0:12 Those of you who already upgraded to the version 22.1 can probably see some of these options and screens available. 0:20 For some of you who are still on the previous version, this interface might look new to you, but this is the new view of the director and how's it going to look like in the current design and the current topology. 0:33 In this director screen, we've got a new type of templates. 0:37 So previously all of us had the SD Wan templates which were created for different devices where you can create SD Wan devices, SD LAN device. 0:46 So technically anything with a detailed configuration. 0:49 But with the introduction of the switches, we got the new menu which is called SD LAN. 0:54 And here's where we can easily create configurations for the switches, for the for the newly upcoming switches for which we'll be using in our network now to show you how they created and modify it later. 1:11 When you open the workflow for creation of the switch, first thing it will ask you is what is going to be the model name that you'll be using and what is the solution tier. 1:20 So in the switching, we made it mandatory to select the type of the device because all the devices might be different and the port configuration and other parameters might differ between them very much. 1:32 So therefore, you always need to select this. 1:34 Also on the next screen, we have a new concept of the interface port profiles in the switches. 1:41 It's very often that we need to configure in the same way multiple ports just so that users can connect to any of them. 1:48 And here's an example of how to do this. 1:49 For example, we're selecting these ports and we want to use them all for the access communication or the access type of the ports. 1:59 In on the next screen for all of these ports simultaneously, we can select one of the predefined port profiles, for example, port profile, which is called device. 2:08 And we can see that in this port profile, it's configuring all the ports as trunk with this VLN IDs. 2:13 Or maybe we want to configure them as this as the access port, which again is pretty fine to the port profile. 2:20 The beauty of this new approach is that we don't need to configure for each of the new switches or new devices type of the ports, because all of the information about the type of the mode in which interface is running about the access list attached, enabled or disabled Poe and the VLAN numbers is going to be carried in the port profile. 2:41 Of course, if you want to modify this, you can always modify this on the fly. 2:44 You can enable those 1X additionally and some other parameters. 2:48 So anyway, this was just for the for the sake of example to show what we can do in here next. 2:55 Also one thing which I forgot to show, let's edit some of the ports. 3:00 So in the port profile we can also select whether we want to enable or not enable VXLAN for communication. 3:08 Because with the switches we support two type of operations, regular LAN and VXLAN based or so-called SDLAN software defined LAN. 3:19 Basically the biggest difference between the LAN and SD LAN that in the LAN we use spanning tree and regular avoidance of the loop technologies which were developed in the areas of the previous century. 3:30 But in the VX LAN, we use layer 3 as the core between all the switches and we're able to properly establish VX LAN connection and extend V Lan's across the switches and have superfast failover, load balancing and other capabilities. 3:48 Maybe just to summarize this very fast, let me show you a couple of slides. 3:56 Here's an example of the regular land. 3:58 Again, in the regular land we use spanning tree, the traffic is not always optimal, has not always optimal path and any reconvergence might take some additional time. 4:09 While with the SDLAN or EVPN approach we have the possibility to send traffic via multiple paths simultaneously. 4:17 So we can do load balancing, we can do super fast sub second failure because we can use BFD and and also a lot of cool technologies which VPN allows us to do. 4:28 And that's why specifically we call it SD LAN, because in the sloper we're defining how the LAN is going to operate for us. 4:36 Now let's get back to the configuration. 4:38 So anyway, on the port you can configure whether you want to enable or not enable VXLAN. 4:44 Also in here you can configure things such as multi homing, meaning that you can have multiple switches which will be acting as the single switch. 4:52 So if you need to do things such as link aggregation or multi chassis link aggregation, that's pretty easy to implement using VPN using standard based technologies. 5:02 Because it's already part of the standard. 5:04 You don't need to create any proprietary technologies such as VSSVPVPC and so on. 5:11 Anyway. 5:12 So after we've done the configuration of the ports, we can also configure which ports are going to be used for communication between the switches for the layer three communication. 5:20 And here's an example of the couple ports which are selected in here. 5:24 So they already are selected. 5:25 So I'm just going to show you the configure it and I'm going to show you what is configured in here. 5:29 We basically configure which ports are going to be acting for our communication, what will be the VLAN number and what is the IP prefix to establish BGP session to to the other switches in our network to establish EVPN. 5:42 So everything when you go in here is going to be guiding you through the steps as the wizard. 5:49 So basically it's going to be next, next, next, next. 5:51 First select the ports for, for all the, for for all the ports required. 5:57 If you didn't select something, the system will give you an error and pop up that you need to finish configuring, for example, layer 3 ports if you configure at VX LAN or if you need to configure additional IRB interfaces for something. 6:09 Anyway, the system is intelligent enough to explain to you how to do and configure certain things. 6:14 Later system will also guide you through the configuration of the EVPN for you basically which V lens you're going to have in total and what is the route reflector to which we want to connect to establish this communication. 6:26 So again, everything is going to be in the wizard format and at the end will generate you configuration which you can apply to the device. 6:33 So the same configuration can be changed on the fly and then reapplied to the device. 6:38 The idea was to make a single and unified, simple to use interface for configuring switches for the most common day-to-day operations. 6:49 Now as we review the workflow, let's go and review a little more of the configuration which is going to be generated. 6:56 The software which we use on the switches, the Flex panel diverse OS software is exactly the same as on any SD Wan devices. 7:04 So if you will have your, let's say controllers or your switches or your hub devices and so on, they all will use the same image. 7:13 The view of the configuration is gonna look also the same. 7:17 So pretty much familiar interface for those of you who work with our SDN. 7:21 The same is going to be for the switches. 7:22 The only difference is that now we're going to have the more use into the virtual switches menu, which again existed before, but now it's just going to be much more often used and it's already preconfigured for you by the workflow. 7:38 This was about the SGLAN and about how we create configuration. 7:42 Now a couple of interesting advantages that we have. 7:46 First of all, instead of using stacking of the switches or aggregation of the switches, we decided to go with a single unified approach in terms of the console configuration from the same interface. 7:59 Example, let me show you. 8:06 OK, so here is the CLI of the director. 8:08 From this CLI, you can configure all of your devices from the same place. 8:13 So you can select which device you want to configure. 8:15 For example, demo switch #2 and you want to configure something on the interfaces of this device, maybe on the interface two, we want to add some description test 12345. 8:28 Maybe we want to do the same on the other switches, on the switch number, maybe one and so on. 8:35 So the idea is that we don't need to connect to each devices individually to do certain configuration. 8:41 We can do everything from a single pane of glass. 8:43 It's much more easier and convenient to do it from the same page than to connect to each of these switches. 8:49 Plus it eliminates the need to do to do things such as stacking of multiple switches to get a single console. 8:58 We already have the single console using Director and connecting multiple devices to it. 9:04 Now from the advanced features which we have or specifically the Zero Trust which Clint was mentioning, we have a couple of interesting features which are already implemented in the Switch. 9:15 So the first feature is going to be the dynamic IoT security. 9:22 IoT security works in the way that we dynamically identify device which is connecting to the port. 9:28 For example, if you have a phone or maybe camera or some other machine which doesn't have the possibility to install the client on them, we can automatically detect it. 9:40 We detected based on multiple parameters. 9:41 We sniff what is the DHCP request coming from the device, DNS request, HTTTP, some TCP data. 9:47 So multiple parameters are used in our logic and we properly classified devices into various categories. 9:54 Let me show you an example of the final results. 9:56 So here is the monitor screen. 9:59 And if we're gonna go in the services, IoT security will be able to see all the devices that were identified connected to this switch. 10:07 So we identified that couple more switches are connected to us. 10:11 Also we identified that here we have some voice over IP device, here we have some device with operating system windows and others. 10:18 So everything which is connected to your switches will be able to identify on the fly. 10:24 And based on this detection, we'll be also able to create rules to properly behave with this traffic. 10:31 So we eliminate human factor. 10:33 Instead of somebody coming and plugging in the device to the correct port, we automatically detect the type of device and apply rules appropriately according to the detected devices on the ports. 10:46 Example can be following. 10:48 So here's where we enable all of our all of our sniffing, how we detect the device on which networks. 10:56 Later we just say that we have a policy which is saying all the devices which are matching the description of the phones, tablets or voice over IP devices should be allocated to the micro segment voice over IP. 11:10 Or as an example, all the devices which are identified as the printers or scanners should be allocated to the micro segment printers. 11:21 And later we can do very fast filtering so we can create access lists where we can use those micro segments. 11:29 Basically, you have the possibility to use access list as in here and say maybe we want to download the communication with the device which has firewall enabled and voice over IP and we are allowing this. 11:43 But maybe next rule to block the traffic from the devices which has the disabled firewall. 11:48 So again, we can create the rules based on the device types and this can be executed with a super high speeds because it's all going to be processed in the Broadcom AC and we can get terabits feeds with the filtration based on the device types. 12:03 And again, this is all will happen automatically in the background. 12:06 So we eliminate human factor. 12:08 We don't need to know where exactly the person is connecting, what device. 12:11 We just know that the type of the device might be this and we create a rule for it. 12:18 I'm going to stop here for a second and ask if there's any questions, maybe clarification questions when somebody has. 12:24 Yeah, there was a question from Allen. 12:26 It's kind of integrate Cisco Wireless LAN controllers to pull those endpoint analytics in. 12:33 We have an open REST API, so any information which can be pulled using REST API can be definitely integrated. 12:40 I'm not sure if Cisco Wireless line controller can pull this information using a REST API, but if they do, we can definitely be integrated. 12:49 Thank you. 12:51 OK, so next thing which I wanted to show you, what if we have the possibility to install the client on the on the machine. 13:01 Like let's say that we have the possibility to install a versa versa a SASE client or the unified client for connection. 13:11 But can but in this case install it on the device which connecting to the switch we have the possibility to collect the information about the current state of the device. 13:21 A lot of details. 13:22 For example, we can build a confidence score if the device has all the required services running all the let's say all the ports are properly blocked and firewall is properly configured. 13:36 We can allow access everywhere. 13:38 But the client software which is installed on the Windows or Linux machine or Mac as which you'll be using will periodically send what was changed on the device. 13:47 For example, if somebody disabled firewall, this device can be relocated to a different micro segment, let's say to the micro segment which will not allow them access to certain locations in the network. 14:02 Or if you change configuration even more, it can move you to a different micro segment which has even more blocking to your network. 14:11 So a lot of granularity can be done with the Versa client which can be installed on the VM running or on the machine which is connecting directly to the switch. 14:22 The idea is that the client which start on the Windows or Mac OS machine can automatically connect to the switch and this automatic connection will be used only for the control plane communication. 14:34 Basically, we'll just send information of what was changed or what is currently configured on this endpoint device. 14:43 To show you which parameters we can collect from the device and what we can use for different policies. 14:48 Let's go back to the director and in here. 14:54 Here we have objects and in the objects we can see can be configured. 15:00 Example can be test 123, let's say browser. 15:07 We can check whether we have a browser from maybe Google and we can check what is the version specifically of this browser needs to be running whether it is running or not. 15:18 Based on this we can again make different details or maybe we want to check the firewall state from any of the vendors whether it's running or not running. 15:27 We can even check things such as Windows registry. 15:29 Basically we can check registry keys from the windows or the presence of certain files and based on this change modify how the system behaves and how it acts on, on and changes with this registry or maybe with the parameters on the end machine. 15:45 So when we create these rules, for example for the firewalls enabled or for the check of the of the registry key and so on, we can use the same micro segmentation rules. 15:55 But in this case we can do them not based on the IoT security but based on the based on the endpoint posturing information. 16:04 So instead of using IT security module, we just doing the endpoint posturing, checking what is exactly was reported by the install it on the machine. 16:13 And again with this way we can properly do filtration with the line rate speed with basically terabit speeds which can be granted for this product. 16:27 Any questions? 16:32 What is the licensing model? 16:33 Okay so we have 3 tier license licensing model. 16:37 The first license is the essential. 16:41 Essential allows you to use VXLAN .1, X and a couple other features. 16:46 The premium Premier layer is the second one. 16:50 It allows you to use IoT security and point posturing, so basically micro segmentation on these devices. 16:57 The third level is called Elite. 16:59 That's the one which also enables UTM features. 17:02 Usually Elite used only on the CSG 3000 devices where we have a combination of the switches and the routers. 17:12 Let me see, are there any plans to extend versus software defined in the data center? 17:19 That's probably the question which I relate to Ramasami. 17:23 For the others, I think we answered all other questions. 17:26 So if there are no more questions, probably I'm gonna give it back to Clint and Daniel.