Viptela is now part of Cisco.

First American: Enabling Resiliency with SDWAN (FutureWAN ’17)

First AmericanLearn how one of the largest title insurance companies in the US is deploying Viptela SD-WAN to eliminate the word “backup” from their vocabulary.

In this session, CJ Metz of First American will discuss how their transformative strategy for the Wide Area Network (WAN) simplifies compliance and enables resiliency for their enterprise. He will cover the business drivers and demonstrate the viability of broadband usage for critical enterprise applications.

First American is able to reduce long term costs while boosting availability and performance at their branches; making them more resilient for business continuity in any economy.

Download Slides Here


CJ Metz
CJ Metz Senior IT Manager Network Engineering, First American

CJ has 12+ years of IT experience including his current role as IT Manager for First American Title, Director of Information Technology for Orange County United way, duties as a Systems Administrator & Backup Administrator for the US Air Force, hands on consultant position, and work with network security.

Archish Dalal Senior Systems Engineer, Viptela

Networking professional with the ability to translate complex technical concepts into business value propositions. Archish has 8+ years of experience in marketing, presenting, designing, implementing and troubleshooting data center and networking products for all types of customers.


First American: Enabling Resiliency with SDWAN (FutureWAN ’17)

Archish Dalal: Hey everyone. Good morning. Welcome to our first webinar of The Future WAN ’17 hosted by Viptela. I’ll go ahead and do a quick kickoff with some housekeeping items while we wait for most of the other folks to join in. But while we’re waiting, welcome to today’s event. We’re going to be talking about really what is it from a customer standpoint to deploy Viptela. And the customer that graciously accepted our invitation is First American Title down in Santa Ana, California. So CJ Metz and I will be going through just a brief overview of how we got started, what were some of the key drivers in the deployment and how things are going so far on the deployment. But before we do that, a couple of housekeeping items.

We do have a very interactive presentation set up for you guys. We want to go ahead and point out that we have an attachment of this presentation available in pdf format that you can download. It should be on the right-hand side under attachment at links. We also have a link available for you guys to register for other sessions including a Viptela demo, live demo, which is trending pretty popular right now. And we also have a quick survey from Viptela, it’s about 11 questions, if you guys can help us out and fill that out at any given time.

We also have some polls within the presentation. CJ and I thought it would be a good idea to ask a few polls as we go along so there’s a couple polls on the intro slide, slide number 7, slide number 10, so as we go through them, we’ll point them out again but please definitely give us some feedback live as we’re going through this so we can make this presentation better for the next time.

And lastly, we do want to do Q&A. The session is supposed to be for about 45 minutes but we only have about 25, 30 minutes of actual content so we can leave plenty of time for Q&A at the end of the presentation. So if you want to ask a question at any point, go ahead and click on the Q&A bar on the right-hand side and you’ll be able to ask us a question. And if you can help us out by saying what slide you’re specifically referring to or if it’s just a generic question, that’d be helpful as well.

So with that being said, we’ll go ahead and do some quick introductions of myself and CJ and we’ll kick it off.

So once again, thank you for joining this morning. My name is Archish Dalal. I am a Senior Systems Engineer over here at Viptela. I’ve been at Viptela for about two and a half years now. I’ve been covering First American since we started engaging with them about two years ago. So from the Viptela standpoint, we are a software-defined WAN organization. We really specialize in looking at all of our customers’ wide area network challenges and we see a common theme play out across our customers. I won’t go into too much detail because First American is a prime customer for pretty much how we engage with all of our opportunities.

So with that, I’ll go ahead and let CJ do a quick introduction of himself and also give some background on First American Title and some of the project background as well.

CJ Metz: Great. Thanks, Archish. So my name is CJ Metz and I am a Senior IT Manager at First American Corporation. So I’ve been working on SD WAN for about the last four years kindly broadly speaking. I’ve been working with Archish for like he said, the last two years.

My role at First American is I run our network services group and that includes all network operations, network engineering, routing, switching, data center, WAN. Basically anything network related that you can imagine. So lots of fun stuff going on there and I’ve been with First American for about seven years now.

So just to give you a little bit of background on the company so you’ve got some context around our deployment. So First American is fundamentally a title insurance company. So what we do is if you’ve bought a house, you’ve probably got title insurance. We basically protect that asset for you. We make sure no one else has a lien on your property or that there’s anything that would keep you from being the sole owner of the house that you purchased.

Beyond title insurance, we also offer a whole suite of services to lenders, real estate agents and you, the direct consumer, for anything you might want to do within the real estate space. There’s about 30 different divisions that we manage for. The company itself has been around for over 125 years. It’s been a longstanding organization, and I’m happy to say I have the pleasure of working in our first branch office here in Santa Anna and now work at our corporate campus.

Beyond that, like I said, we’re based here in Santa Ana, California but we have 800 branche office WAN location. We’re an international organization in seven different countries. Just good stuff. That’s a little bit of background on that.

So just kind of moving right into the whole project itself and all that good stuff. And we did throw a poll out there too. I think you guys are seeing it. I see you guys responding. Just wanted to get some feedback from you guys on where you stand, how much you know about SD WAN. That’ll kind of help us to properly cater this talk to all of you. While those votes are coming in, I’ll kind of jump into a bit of our project background.

So when we started this out back in 2013 the question that was addressed to me was how can we increase bandwidth to our branch offices without increasing cost. And four years later, that’s really spun itself off into a myriad of different projects, both hardware and circuit-related and Viptela ultimately coming out on top as our software-defined WAN service provider. So from a problem statement standpoint, where the high level objective turned into is we kind of broke it down into three key areas which is addressing bandwidth constraints, costs and up time.

So as far as the bandwidth constraints are concerned, we see that our organization and a lot of organizations are moving towards more SaaS platforms, you know, software as a service, things like ServiceNow, Salesforce, etcetera and the need for bandwidth is just rapidly increasing. Also, a lot of our internal applications are becoming more robust. More UI centric, prettier, nicer to work with and again, that just requires more bandwidth.

And lastly around the bandwidth constraint standpoint is that we just need to be ready for our business as they need to expand. So if something is hitting in a particular area and we need to double our workforce out there, we need to have the bandwidth readily accessible so that they can do so without an 8 to 12-week lead-time to get some kind of a business class circuit installed.

On the cost side of the house, traditionally we are an MPLS only organization and for those of you that have MPLS, you know that it’s a really high cost for relative low bandwidth. It comes with a lot of great benefits. Don’t get me wrong. You’ve got the whole mesh, you’ve got a lot of good security, uptime, latency guarantee and all that kind of stuff, but as everything on the web and everything that we’re doing becomes more future rich, you just need more bandwidth to meet that requirement and the cost and the capabilities don’t necessarily always match up.

And then lastly on the uptime side, so obviously what are we all here to do in the network space, we’re here to make sure that our business stays up and running and so one of the great benefits and we’ll touch more on this in a little bit is that Viptela allows us to just integrate additional circuits very, very easily for active solutions on the fly. So I can add different MPLS carriers, I can throw broadband into the mix, LTE, you name it. I just plug it I and it just works. It’s great.

Being able to effectively build our own overlay, our own mesh using Viptela without needing the MPLS provided one allows us to have much greater competition in that space and drive costs significantly down. So Viptela has been able to help us out dramatically there. Archish, is there anything you want to add to that?

Archish Dalal: We do have one question that you can probably take right away. Can you explain if you are using SIP or PRIs at each site and how does voice work with Viptela? If you want to just quickly answer that, CJ, and then we can jump on.

CJ Metz: Yeah. For sure. So we do have voice over IP with SIP and it’s fully rolled out to all of our branch office locations and it works… SIP we’re consuming, it’s currently through Verizon and what we’ve found is that we can just key couple the SIP service and just consume that on its own if we go, like let’s say a native broadband only but suffice it to say and we’ll touch on this a little bit more about voice quality but voice is not an issue whatsoever. We’ve had no voice problems at all. It’s been very, very easy to integrate. We have an existing internally managed voice platform and it’s worked great and flawlessly thus far.

Archish Dalal: Awesome. Thanks, CJ. So when we got started, we talked about a few things that came up during our initial conversations and also from the back and forth that we had with First American on what are the priorities that we want to test out, what are the priorities that we want to do and if you guys had a chance to kind of design your branch from scratch, what is important for the wide area network? We came up with about seven or eight key items that we wanted to incorporate into a test WAN and we see this as pretty common across all of our customers.

First and foremost we want to have our Apple or writing capabilities so being able to not only utilize all those circuits from all the different providers but also be able to see what the characteristics are of those circuits so that way we can predictability reroute across a brownout issue if you have a brownout on the MPLS or on the internet. Right? We also felt it was really important for us to integrate with the existing infrastructure since we understand that our customers can’t flip a switch and turn on SD WAN across all the sites overnight. We have to have integration into not only your monitoring tools but also with your routing protocol environment which you guys went VGP today and that kind of translated into being able to look at your branches and create some regional specific typologies.

So First American, which is a pretty common theme you’ll see across a lot of enterprise, they have different requirements. Voice should be full mesh, data should be going back to the data centers and you guys have two data centers in the U.S., the west and the east, and then your internet actually comes from different locations. So we have quite a few headings deployed across your infrastructure and being able to intelligently route traffic from an east coast branch versus a west coast branch to the nearest available service, was definitely key for First American. You guys also have file sharing services that are located all across the US so having quickest access to those file sharing hubs was really what drove the regional specific typologies.

Some of the benefits that we gain from a centralized device management which we’ll go into during the test plan is being able to tie everything to a template. That way you guys are good from an audit standpoint. You guys are good to deploy new branches rapidly. It’s very powerful. And also taking all the routing policies and all the routing decisions and putting them into a centralized dashboard was also very powerful for us to showcase and to test early on.

Lastly, we just have everything should be highly available. So in the Viptela solution, we came in, we talked about if you’re deploying two devices at a branch, whether it’s a layer two branch or a layer three hub, we’re going to do ECNP routing or we’re going to do VRP so everything is highly available from a device standpoint, but also across multiple data centers. If one data center goes away and you guys have a backbone link that connects the two data centers, we should be able to see a little bit of the overlay to the other data center as well. So we definitely were able to showcase the high availability functionality, not only on the device level but also across multiple data centers.

We also encrypted all transports so one of the things that Viptela does is irrespective of what the transport is, whether it’s MPLS, whether it’s LTE, whether it’s internet, we’re going to encrypt it all. So we treat all transport as path one, path two, path three and so on. Then that gives you a lot of control over how you use those paths. That encryption does not involve any traditional IPSec baggage. It doesn’t involve any key servers, it doesn’t involve any pre-shared keys. It’s something that happens automatically and the keys are actually rotating by default every 24 hours.

We also wanted to showcase the zero touch functionality. So if you were to deploy a branch, when we just ship a device directly to a branch or even just to make your staging easier, how quick and easy it is to deploy new locations, but at the same time, when you deploy new locations, how do you conflict parity with your existing designs and your existing QoS was also important. We understand that our customers have invested quite a bit in their existing QoS infrastructure and their existing branch configuration and the branch policy. So being able to translate all the ACLs, all of the QoS prioritizing was something that we put into a test early on.

This is some of the high level criterias that we came up with that transcribe into our design and then eventually into our test plan.

CJ Metz: Yeah, we can dig into any of those. If you guys want us to dig in deeper, this will not only keep it interactive with all of you guys but feel free to throw your questions out there. Two of those I’d really like to kind of highlight is the first one is the centralized device management. So one of the things that’s become increasingly relevant, I think for all of us in the IT space is security. So having one place I can go to manage all my devices and push out version upgrades and all that good stuff has been huge for me. I no longer have to go on a device by device basis into our traditional CLI base legacy into the routing and switching platforms. I can just go straight there to the centralized management console and I can push out the updates for any kind of vulnerability, which just a note, we haven’t had any vulnerabilities on Viptela yet. We have done a couple of version upgrades but it’s been incredibly easy.

One of the great features that Viptela has offered is an auto rollback feature. So in the event that we push out a config and it has some kind of a problem, the devices will automatically rollback to the last known good configuration. So it kind of keeps us from pushing out changes to somewhere out there on the WAN where I don’t have a physical IT presence and then breaking the site. Essentially breaking the router. Then needing to pay for a service to go out and all the delays and all the stuff that happens because of that. But having one centralized place I can go to manage all of it is really, really huge and not something that we’ve had in the past without purchasing third-party softwares.

The other one that I want to highlight that is really big for us is the easy encryption. So one of the things we do at First American is there’s always some form of an M&A going on. As with most of the large organizations, there’s some sort of mergers and acquisitions taking place. One of the things that Viptela has been able to provide to us is a much easier onboarding process when we do acquisitions.

Leveraging Viptela, if that organization that we’re trying to bring in has a broadband circuit, we just re-terminate it directly into the Viptela vEdge and the site just comes right online onto our network, fully encrypted and ready to talk. So that’s been really huge for us. While we wait for our circuits to get installed, that takes time. We can just reutilize what they already have. That makes our business really happy which makes everyone really happy.

Archish Dalal: Great point, CJ. Just on that point, we also have other customers in the retail space that will deploy our LTE device and since we can now do Zero Touch provisioning over LTE, it makes a great use case for things like pop-up stores. You’ve got new locations or you can either bring up a device or a branch quickly. It definitely helps out in those use cases quite a bit.

So we took these requirements and we kind of made into a pretty standard design. This is pretty much what we test with all of our customers during a POC. So the way this transcribed into a design was you had MPLS cloud and you had the internet cloud. The Viptela control components live on the internet cloud, on the middle right-hand slide and then there’s a couple of data centers. So DC1, DC2, we started off with one device each in the POC pilot and now we have two for high availability. And these devices appeared with their MPLS routers and they have a link into your DMZ so to build the internet tunnel and then they have a link using VGP into your core. So very similar to an MPLS head-end, Viptela devices just act like head-ends and they appear with all these different endpoints to be able to either build tunnels, talk to the control plane or build the actual data point.

And then we picked a few branches and the branches, we went ahead and left the legacy equipment in there for quick sail overs. So we have the existing equipment and then we have the Viptela devices that kind of took over all the vLAN of the branch. We took over all the functions and we went directly into the switch and this is also giving you a quick out. If you wanted to turn off Viptela, you could easily sail back over to the existing equipment and the existing MPLS routing would still work just fine.

So the way we do our POC is we’ll go ahead and deploy in a couple of test branches or lab environment and then these devices on the bottom will automatically build tunnels to all the head-ends and all the other branches if our policies permit. So we build tunnels automatically. The routes they’re coming from, the remote sites, are advertised automatically to the Viptela head-ends which in turn will advertise into your network using VGP. That’s kind of why it was important to run VGP into your environment so we can create some routing policies to prioritize things coming from Viptela over the existing MPLS environment. And this was kind of the foundation of our testing. We built out different permutations of this as we progressed on to test out a two-device branch of LTE and so on and so forth. It was just kind of the foundation of most of our PoCs and it was not really much different from First Americans.

CJ Metz: So the only thing I’ll note here is when we were first looking at this a couple of years ago with Archish, it’s totally new and something that not a lot of people were doing yet. So the information out there was pretty scarce. But I will say is that working with Archish was great. He was able to come in and very quickly ask the right questions to try to figure out what does our network look like, what are we trying to do and then come back with this design that you’re looking at. So being able to very rapidly kind of figure out what is SD WAN, how does it work and how does it work here more importantly? The team at Viptela has been incredibly supportive and very quickly able to address all of our needs, all of our concerns, always bringing the right resources to bare whenever necessary.

We do have a couple questions here just to hit on a few of these. So one of them was around WAN optimization. So we are not using WAN optimization at First American. It just has to do with the kind of data that we’re pushing. It’s not really a great use case for us. I know that there’s probably other folks out there, maybe Archish can speak more to any kind of integrations but we don’t have much of a use case for it.

Archish Dalal: Yeah. Just to quickly hit on that. We do have integrations and other customers using WAN optimization. It works well in a transparent or layer two mode. I’m happy to follow-up a bit more on that question if you want to email us directly.

CJ Metz: Great. So a couple other ones here just to touch on these. It says is the solution utilizing only hardware of a mixture of hardware and software for vEdge sites?

So we’re using the vEdge platform, the hardware solution and then the console, the vManage console. Beyond that, nothing else. We haven’t needed anything else to be able to properly manage the solution. So it’s all fully housed, right there within the Viptela platform and it’s been great so far.

Archish Dalal: Yep. There’s another question on whether this would work over on dual-MPLS so one of our first customers is actually a dual-MPLS customer so Viptela does allow you to completely deploy the control components in-house so you don’t have to consume it from the Viptela cloud. So we will work across any kind of transport connectivity whether it’s MPLS, whether it’s dual broadband, LTE so we definitely have flexibility in how your network is laid out today.

Viptela does support – so what other routing protocols do we support other than VGP? We also have support for OSPF as well. So we do VGP and OSPF today. So we’ll definitely come back and answer more questions as we come across.

I wanted to quickly go over some of the high level test plan which we were able to execute on. So this test plan, I’m not going to go through all the bullets but all of our requirements from the previous two slides kind of transcribed into a detailed test plan that we were able to work with First American on going through once we had the sites online. So we talked about the network functionality, being able to use both circuits simultaneously, doing all kinds of failover testing.

We spent quite a bit of time on failover testing at First American. Being able to establish full mesh for voice versus hub and spoke for rest. Then we did our basic routing testing. We did all of our policy testing. PoS configuration. We were able to go ahead and convert from what you guys had today on your existing TLI based equipment, and then we were able to also test out segmentation for potential future use cases. So Viptela does support the ability to deploy multiple VRFs and leverage those across any overlay. So we do show segmentation for First American as well. And then lastly we did some voice over IP call testing and quality testing to ensure that the experience is still good for the users.

CJ Metz: So a couple of things just to point out here. It’s a pretty standard test plan. Something you’d probably have at your company as well but a couple things I just want to point out is receiving the hardware was incredibly quick. So as we’ve continued to order Viptela into our production deployment, it’s typically a 5 to 7 business day lead time and the hardware arrives on the dock.

So getting the hardware was super quick and then integrating into the data center, it just took the better part of a week and it could’ve been a lot faster but the reason it took even just the week was because there was a lot of training taking place, you know, Archish making sure that the engineers fully understood the solution, what we were aiming to do, why we were doing what we were doing but a week is super quick. Then the actual test plan itself, we executed it again in just a day and a half. So in under 30 days we were able to get this thing ordered, installed and fully tested and validated which is huge.

One of the other things to point out here at the bottom there is VoIP quality so I kind of alluded earlier I was going to talk about this. This was really cool for all of us. So what we did is we installed an MPLS circuit and a broadband circuit at a branch location. A real live production branch location and we did a voice call. So over VoIP we had someone dialed in and they just were counting from 1 to a 100 and what we did is we physically removed the MPLS circuit that they were traversing just to see what would happen. Is it going to failover or is it going to work? You wouldn’t even know that the circuit went down.

The user counting just 1, 2, 3, 4, 5, not a single drop. Then we plugged in the MPLS circuit, unplugged the broadband, again, not a single drop. Nothing. You could completely hear the continuous just stream of 7, 8, 9, 10. And then back and forth. We did that twice. Removing MPLS, plugging it back in, broadband, MPLS, broadband and there was not a single drop in voice whatsoever which was incredibly exciting.

Archish Dalal: Yeah, that was a great use case.

CJ Metz: Go ahead.

Archish Dalal: No, go ahead, CJ.

CJ Metz: Oh okay. Gotcha. So these are really the main benefits of going with a software defined WAN platform. So it’s really these key five things that we took away. This is what we’ve been able to socialize within our business. It’s pretty consumable by just about everybody. You can kind of down the list here. This is what you’re really going to get at the end of the day by going with Viptela and going with software defined WAN. Inherent redundancy like we were just talking about with the voice quality. There was no drops whatsoever. No need to, you know, have any kind of internal protocols, you know, working behind the scenes. Everything just worked and it worked great from a failover standpoint.

Dashboard management like we already talked about. Baseline templates, being able to push those out so everything is standardized, having one place to go to for all your monitoring, your configuration, your upgrades, it’s been great. I can group together devices and push the updates to kind of a test set to validate and then push it out to the rest of my WAN very easily. Zero Touch Provisioning. Obviously it’s huge. I no longer have to ship the gear to my data center, have somebody unbox it, tinker around with it at their desk and then ship it to the branch. They can just ship it directly to the branch, plug it in and it just downloads its config.

Transport Independence is really big. I mean, the transport independence is really what’s been able to lead us to the cost savings because now I can have multiple MPLS service providers, I can have a myriad of any broadband service provider and being able to have that competition in the space really helps to drive the costs significantly down. And then increase network capacity so we’re still able to get bigger circuits out there. We’re no longer constrained by legacy hardware that has artificially low constraints on the max throughput. The vEdge devices can handle pretty much anything we throw at it. So these are really, really huge benefits for us.

Archish Dalal: Yeah, and on that note, there was a question on how do we size these devices, right. So Viptela has a few offerings. We have a software offering and we have three different hardware flavors and they are typically sized by the amount of throughput as CJ mentioned at a branch. So we have devices that can do up to a 100 MBs of IPSec throughput. We have devices that can do up to a GB of IPSec throughput and our traditional head-end devices can do up to 10 GBs and all of these devices can be deployed side-by-side and leverage ECMP routing or additional group of requirements as well.

CJ Metz: Great. And we do have a lot of questions coming in so we’ll work to get to those as we can. Just try to intercept some of the content and we’ll get onto that. So I wanted to touch a little bit more on the new circuit standards. Beyond obviously all of the great benefits that you get with SD WAN, you know, where things really start to kind of coalesce is around the new circuit standards. So now we’re able to deploy broadband to a branch office site and have that just simply, easily manageable without the need for a lot of overly complex configurations and designs. We just plug it straight into a preconfigured templatized config right there on the vEdge device and it comes up and it works. But to address that earlier question again, we also are doing MPLS-MPLS on Viptela as well. So we can really take any transport whatsoever, plug it into this device and it works without any issues, without any problems. There was some more specific data on here earlier on the slide but we’ve seen a significant cost reduction. Somewhere between 3 to 10% per branch site and their monthly recurring costs for a circuit while we’re able to increase the bandwidth at that site from anywhere from 4 to 20 times while still saving money. Three to 10% may not be a huge cost savings but the important thing is we can really start pushing that additional bandwidth out to the branches without dramatically increasing the costs. So really good stuff.

Archish Dalal: We just want to quickly wrap up the presentation with where we’re headed, both as Viptela as a company and also the partnership that we have with First American. So in 2017, we have a lot of focus on the next generation of the SD-WAN solution which is going to be analytics. From an analytics standpoint, we pulled a couple of reports to show you guys some real world examples of what’s really possible with the data that we now have and also with the ability to monitor all the stuff from the centralized dashboard. So what you’re looking at is two charts.

The first chart on the top is showing the total downtime across all the sites that are deployed at First American, where the users actually experience an outage. This is a 30-day chart that was pulled last week. So on the bottom is actually the total downtime of a circuit going down, whether it’s the MPLS circuit or the internet circuit, it’s just a counter of the number of total minutes that a particular circuit was down. And as CJ mentioned earlier on when we were just a single branch or single circuit branch, that would’ve resulted in a hard down for a site. But we have about two hours of downtime from circuit issues but only 2 and a half minutes of an actual site impact the downtime where we had an issue with the circuit over that last 30-day period. We can go back and look at these reports on a quarterly basis which we typically review with First American. We’re able to proactively look at these sites and if they have issues. A lot of powerful analytics from an outage standpoint.

We also have some cool analytics from how all the providers are doing at First American. So broadband, you’re not going to be able to get one broadband at all your locations continently. You’re definitely going to have different providers servicing different markets. Whether it’s Time Warner, whether it’s Comcast, Charter, AT&T, U-verse. What we’re able to now do is take a look at the entire footprint of not only at First American but also across all of our customers deployed at Viptela to give you a lot of analytics on how providers are doing in different markets. So just looking at this data for First American, we’re able to say that the provider with the highest jitter, in this case, it happens to be AT&T U-verse.

Now, it’s a pretty small sample size. We may not have U-verse deployed at a lot of branches. We may just see one problematic branch but it gives us a good starting point on where to look for potential issues in the future. Also as we expand the service for First American and as First American’s footprint grows with Viptela, we’ll have more and more predictable and reliable data for First American to talk with different providers and also take a look at their FLAs that were promised from various providers and have some data to go back and show whether or not those were met.

Also in planning for new offices if they want to say hey, in Boston, what’s a good provider if I have an option between AT&T and Comcast, which one has higher uptime or better performance, from not just our branches but also across all the branches at Viptela, we should be able to offer those kinds of insights for potential new opportunities and new locations.

CJ Metz: The big thing here for us at First American is really having that analytics like they were just showing. It’s one thing to say that our sites stay up because they have redundant circuits now. It’s another thing to be able to show it. So these dashboards, the information that’s showing here is incredibly relevant to our executives. This is the kind of stuff that they’re super interested in and being able to have the capability so they can just easily hand me that data from Viptela without me having to go and massage a bunch of information and try to figure this out on my own has been really huge. We’re all super busy and making this really easy has made my life really easy.

Archish Dalal: Absolutely.

CJ Metz: So in conclusion, because I want to keep some time open for questions, so this is kind of what we learned, the pros and the cons. So in summary, Viptela has met all of our business requirements. From a broadband or resiliency standpoint, there’s not been any challenges whatsoever in that regard. Being able to provide broadband, being able to make sure the sites stay up, as we already showed you guys with real data, our sites are staying up. We’re even looking now at the vEdge 100M to be able to provide a third tertiary LTE circuit. So you saw that in that 30-day period, we only had 2.5 minutes worth of downtime. Well, we want to get that to zero still. So we’re even going to look at integrating an additional component with Viptela to be able to provide LTE as well.

Network wide visibility for the circuits and applications, so having a single dashboard I can go into to view the network health and how everything is going. To be able to very quickly drill down, figure out what the issue is and resolve it. That’s been huge. Flexibility from the different circuits. So again, we’re developing our own overlays here. So I can use whatever carrier I want with whatever handoff sites that I need. That has dramatically dropped our costs across the board. Now we can consume a particular MPLS carrier where it makes the most sense.

Some food for thought. Some of our findings is I would encourage you all to look at “on net” services. So they may use different terminology depending on the MPLS carrier you’re working with but on net services means that the carrier owns the whole network end-to-end. From the LEC all the way through and they can provide much more competitive broadband-esque kind of pricing and capabilities to you and to your offices.

Lastly on the pros side is it’s super simple to deploy and manage. So like we already kind of talked about earlier. Everything I need to manage it, Viptela gives me. I’ve got the vManage console. I’ve got the hardware platform and it just works. The ZTP, Zero Touch Provision, all that good stuff, super easy, super simple to use. Some other food for thought for you guys if you’re considering this is focus on performance and total bandwidth. Not necessarily the cost. Like I talked about earlier.

You may find that there’s a mild cost savings and in some instances, the cost savings will be incredibly significant. But I wouldn’t kind of lead with that. If you’re trying to sell this upline to executives and otherwise, what you really want to sell it as is more a performance game. I can tell you that at least from my experience, I was just meeting with some of our business partners the other day within our company and they told me unequivocally that performance is number one. Being able to click that button and have the results returned immediately is paramount. It is the top thing on their minds. And obviously we all know that there is a lot of complexity behind that but what I want to do is at least remove that equation from the WAN. Make sure the WAN is as fast and capable as possible.

In addition to that, also keep in mind, it’s obvious, but things to keep in mind is that when you’re getting broadband circuits, business class circuits, typically the upload speeds don’t match the download speeds. So it’s just something depending on your business, what you’re doing, you want to make sure that that upload speed isn’t going to be a major constraint.

Now, we can get a 100 MB broadband download with 20 MB upload and that’s still significantly in excess of we were offering previously but again, it’s just something to consider depending on where you’re coming from and where you’re at today.

Archish Dalal: I was going to say that was actually one of the questions on the Q&A as well is broadband is typically asymmetrical so how do we account for that? So from a broadband standpoint, a QoS standpoint, your upload shaping grade, the best practice is to make that your upload speed or the slower of the two… your actual shaping rate. That way you don’t have any quality experiences when QoS needs to kick in.

CJ Metz: Exactly. And I’ll just hit these last ones really quickly here. Some other things to keep in mind is Ethernet … all the carriers are kind of pushed up the Ethernet, away from TDM and it’s not rolled out everywhere so other things to keep in mind as you’re trying to push out new network upgrades. Similarly, broadband isn’t available everywhere. So we find that there is somewhere between a 60 to 80% hit rate. So again, if you’re selling this idea internal to your company, just keep that in mind is we’ve ended up going with what we call an aggregator’s aggregator.

So you’ve got Comcast and AT&T which are like the ISP and then you’ve got your higher level like your EarthLink that are going to aggregate a bunch of those together and then you’ve got even bigger organizations like the light stream or a bull’s-eye and they’re going to do an aggregator’s aggregator capability. What that really provide you with is single biller. One place to go to really capture, you know, cast the net as wide as possible so go with a aggregator’s aggregator is our recommendation.

And then lastly, this is kind of a high level one. It hasn’t been a huge challenge for us because like I said, everything we need is really within the vManage console but integrations on the receiving ends are not always the best. I’m not here to bash any particular company so I’m not going to do that but just bear in mind that whatever tools you’re using today to manage your network, you know, with Syslog and all that kind of stuff, may not have written appropriate APIs and integrations to work with different SE WAN platforms. Now, that’s not to say it’s a limitation of Viptela, they have APIs and they are open. They absolutely will work with you to address those challenges but your existing platform may not integrate as well yet.

So I think that’s it, Archish, unless there’s anything else you wanted to add?

Archish Dalal: No. That’s it for the content. We do have quite a bit of Q&A questions. I think we have five minutes or so to go through them. So we’ll try to get through as many of the questions as possible and if we don’t get to yours, we do have them recorded and we’ll follow-up with you offline.

A pretty relevant question was let me say we established full mesh for voice and hub and spoke for rest, can you kind of kind into a little bit more detail on how that’s done? I can take this one if you would like, CJ?

CJ Metz: Sure. Go ahead.

Archish Dalal: So from a connectivity standpoint, a lot of this comes down to how we learn and advertise routes to different branches and also how we prioritize various routes. So we may be learning the same prefixes from multiple locations and in the case of your data centers, we definitely learned the same prefixes from your west and east data center but then we’ll go ahead and prioritize the applications that are local to data centers by matching on things like BGP communities.

So in terms of establishing full mesh for one setup function versus hub and spoke for the rest, in First Americans case, we ended up matching up prefixes so voice prefixes got advertised from every branch to every branch. So that way the tunnels that were built between the branches are used for that connectivity. And the data prefixes only came from the data centers. And the default route only came from the internet pops. So that’s kind of how we’re able to on a routing and logical level, how we’re able to establish different data paths or different topologies for various applications.

For other customers, we mentioned being able to drill down one step further and actually do different segments. So we have customers that do a voice VRF and that VRF happens to be fully meshed versus a PCI VRF which is hub and spoke to the data center. So it really just depends on how your network is laid out, whether you guys are segmented based on prefixes, whether you’re segment is based on actual layers of VRF. We can go ahead and use those to create different topologies that meet your requirements.

We also had a question on the M&A and if you can explain a little bit more on that, CJ.

CJ Metz: Sure. Just trying to find the question itself here. There’s quite a few in here. So to talk about M&A that you’re involved in. Can you go into a little bit more detail? Explain how this helps or do you anticipate it helping in the M&A integration time.

Like I was talking about before. The nice thing is that all of these devices are templatized. If the company that we’re acquiring or merging with has a broadband circuit, broadband is broadband. There’s no real complexity or configurations that we need to make as far as the routing is concerned. So what it enables us to do is just remove that broadband circuit from their CPE, their customer provided equipment, that they’re terminating the broadband circuit into. Simply move it over to our Viptela upline, plug it in and they’re immediately brought online.

The traverse in the encrypted tunnels, Viptela is dynamically generating and they’re now immediately part of our network. So what it really is cutting down on is we still order new circuits and be able to facilitate for that branch so they have something that’s fully managed, properly managed but it’s that in between time. We can just reutilize their existing circuits without having to wait for our circuits to come in. So that’s the big benefit there.

Archish Dalal: Awesome.

CJ Metz: So then there was one here about you mentioned that you have increased demand for SaaS usage, how does SaaS provider integrate with your design. So Archish, if you want to go into a little bit about your capabilities around the enterprise connectivity with the SaaS solutions.

Archish Dalal: Yeah. Sure. So real briefly, from a Saas standpoint, we have Amazon AMIs available so if you have a presence in Amazon AWS, you can deploy a Viptela software instant directly into Amazon. We also have similar offerings into Microsoft Azure as well. We also peer with brokers like Equinix to deploy our devices and aggregate that traffic to brokers that have these direct connects or fast pass into the cloud providers. Lots of different ways to get to various SaaS platforms in our solutions.

CJ Metz: Great. We’ve got another one here about what level of equipment should be kept on the customer promise. So that’s just going to be your vEdge. The vEdge itself. The one device is all you would need to deploy out there. Of course it depends on your particular design and there’s different considerations to take but for us, with a private network establishing the secure tunnel, it’s largely just the vEdge and then a switch. So that’s what we’re deploying out at our branch offices today.

Archish Dalal: Sounds good. There’s also another question, CJ, on will a remote site have connectivity back to the control point if the directly connect to internet fails? We actually establish control sessions on both the internet circuit and also through the MPLS, through their egress points so that way our recommendation is to always have multiple connections to the control point. So if you have two circuits, we want to use both circuits to talk to the Viptela control plane in case one of the circuits has an interrupted chute.

CJ Metz: Great. I think there’s a handful of questions in here about how the traffic just moves so whether you’re talking about stuff that’s out there on the web, whether it be Amazon or SaaS or otherwise, this is kind of the bread and butter and the heart of what makes SD-WAN and Viptela in particular so powerful is the ability to intelligently, on the fly, based on latency, jitter and loss, figure out which path is best for you. Now, you can obviously set configurations in your template. If you want to pin particular traffic types over a particular circuit but what we typically aim to do in most all of our use cases is just let it do its thing and it’ll just pick the best possible path and it’ll go out there to the lowest, you know, latency, jitter and loss.

Archish Dalal: Sounds good. So with that being said, I do want to go ahead and point out some of the other sessions that we have. If you just go to the Future WAN, SD WAN Summit website, you’ll be able to take a look at the live demo which is another popular session and there’s a few other sessions related to this such as the building the business case as CJ and his peers did early on to executives. We also have a session on that. Another roundtable for similar conversation without engineers like CJ on how deploying SD WAN has been.

So CJ, thank you once again for helping out with this session.

CJ Metz: Thank you, all.

Archish Dalal: Yes, and thank you everybody for joining this morning. We definitely appreciate it.

CJ Metz: And we’ll work to get to all those other questions offline. We can send emails to get to the ones we didn’t address so don’t worry. We will get back to you so thank you everybody for joining and I appreciate you taking the time today with us.

Archish Dalal: Yes. We look forward to seeing you at another Future WAN session soon. Thanks, guys.

Watch Now