(upbeat music) >> Hello, everyone. Welcome to theCUBE Studios here in Palo Alto. We're here for our next segment, The future of networking. And we're going to experience the future of networking through a demo of SD-WAN in action with Riverbed. I'm here with Josh Dobie, the Vice President of Product Marketing, and Vivek Ganti, Senior Technical Marketing Engineer. We're going to give a demo of SteelConnect in action. Guys, thanks for joining me on this segment. Let's get into it. What are we going to show here? Showing SD-WAN in action. This is experiencing the future of networking. >> Thanks, John. So what's exciting about this next wave of networking is just how much you can do with minimal effort in a short amount of time. So in this segment, we're actually going to show typical transformation of a company that's going from a traditional 100% on-premises world. Into something that's going to be going into the cloud. And so we're going to kind of basically go in time lapse fashion through those phases that a company will go to to bring the internet closer to their business. >> Okay, Vivek, you're going to show a demo. Set up the demo, what is the state? It's a real demo? Is it a canned demo? What's going on under the hood? Tell us through what's going to happen. >> It's an absolutely real demo. Everything you'll see in today's demo is going to be the real appliances. The links you'll see are going to be real. The traffic is going to be real. And it's going to be a fund demo. >> Well, the future networking and experiencing it is going to be exciting. Let's get through the demo. I'll just say as someone who's looking at all the complexity out there, people want to be agile, just so much complexity with IoT and AI, and all this network connections. People want simplicity. So you need to show simplicity and ease of use and value. I'm all interested. >> That's exactly it. Step one is we have to get out of the world of managing boxes. And we have to get into a software-defined world that's based on policy. So one of the first things that a company needs to do to start realizing these benefits of efficiency is to get away from the provisioning work that's involved in bringing up a new site. So that's the first thing that Vivek's going to show right now. >> John: Jump into it. Show us the demo. >> Vivek: Absolutely, so what you're looking at right now is the web console of SteelConnect Manager. This is Riverbed's SD-WAN solution. You're looking at a bunch of sites, a file company called Global Retail, which is spread all over the world. What I'm going to do now is bring up a new site, really zero touch provisioning, in Dallas, sitting here in Palo Alto. So let's get started. I'm going to jump right into Network Design and look at sites. I'll click here on Add Sites, and really just enter a few physical location details for my site in Dallas. And the moment I click here on Submit, not only is a pointer being created on the map for me, but there's a lot of automation and orchestration happening in the backend. What I mean by that is that there's a default uplink created for my Dallas site. And there's also a VLAN created for my site in Dallas. Of course, I can go and add more uplinks and VLANs for my site. But then a lot of this heavy lifting in terms of creating days is automatically done for me by SteelConnect. But right now it's just a pointer on the map, it's not a real site, we don't have an appliance. But that's the beauty of it, John. What SteelConnect let's me do is it gives me the flexibility and the freedom to deploy my entire site from ground up, my entire network from ground up, before I deploy the first piece of hardware. The way I'm able to do that is with this concept called shadow appliance, which is really a cardboard cutout of what will be once I have the hardware appliance. So I'm going to click here on Add Appliances. I'm going to say Create Shadow Appliance-- >> So shadow appliance, the customer knows the appliance. It might have the serial number. >> Yeah. >> But it's not connected, it's not even there yet. >> No, it's not even there yet. >> They're doing all the heavy lifting preparing for the drop in. >> Yeah, think of it as just designing it or drawing it on a white paper, except you get to see what your network's going to look like before you deploy anything. So I'm going to drop, let's say, and SDI-130 gateway, add my site in Dallas, which I just created. And click here on Submit. And that's the beauty of this, that now with this Shadow Appliance, I can click on this and really configure everything right down to the very port level. And once I do have the hardware, which I ship to someone and have someone plug it in. >> So now you configure, now the appliance could ship there. It could be anybody, it could be a non-employee, just says instruction, plug it in, and put this ethernet cable in. >> I'm sitting here in Palo Alto, I'm entering my appliance serial number. Click here on Submit. And now that the appliance is connected to the internet, it knows to contact Core Services in the cloud, download its configuration, it knows what organization it belongs to. And it comes online in a matter of seconds, really. You'll see that it's already online as I was talking to you. >> John: Let's just look at that, hold on, Dallas right there. >> Vivek: Yeah. >> John: Online, okay. >> Vivek: And when it says Pending, it means that it's actually downloading its current configuration. It's going to be up-to-date in less than a minute. And once it does that, when I look at the dashboard, this check mark will be green and it's going to start forming all its Ipsec VPN tunnels. >> It just turned green. >> Vivek: There you go. It's going to now start forming all those IPsec VPN tunnels to all my other existing sites automatically for me so that I don't have to do any of the heavy lifting. >> John: So does the self-discovery of the network, it just went red there real quick. >> Josh: That's okay, this is where it's going to start creating the VPN tunnels. >> Vivek: Right, it's basically associating all those, it's negotiating all the security associations with all my other appliances. >> So no one's involved? No humans involved. This is the machine, get plugged in, downloads the code. Then goes out and says where do I got to connect to my other networks? >> Yeah, the power of this is what you're not doing. So you could do all this by hand. And this is the way that legacy networks are configured, if you're still in a hardware-based approach. You have to go in and really think hard about the IP addresses, the subnets for each individual box, if you're going to create that full mesh connectivity, you're going to have to do that at an exponential level every time you deploy a new piece of hardware. So with this approach, with the design first, you don't have to do any staging. And when you deploy, the connectivity's going to happen for you automatically. >> John: Let's take a look at the sites, see if it turned green. >> Vivek: It's right now, if I click on it, you'll see that my appliance is online. But right now all the lines are red because it's still in the process of creating those IPsec VPN tunnels. But you'll see that in the next couple of minutes or so, all these lights will turn green. And what that means is now I have a single unified fabric of my entire network. But while we're waiting on that, let's actually move ahead and do something even cooler. Let's say our company called Global Retail wants to transition some of its applications to the cloud, because as we know, John, a lot of companies want to do that. For a few pennies on the dollar, you can make a lot of things somebody else's problem. So we've worked really hard with AWS and Microsoft to make that integration really work well. What I mean by that is when I click here on Network Design and EWS, I have a cross account access going between my SteelConnect Manager and AWS Marketplace so that I don't ever have to log back in to the AWS Marketplace again. Once I do that, I can see all of my VPCs across all of my regions, so that with a single click, and that's what I'm going to do here, I'm going to say connect to all my subnets in Frankfurt. I can choose to deploy a gateway instance of my choice in the Frankfurt site. So what I'm going to do now-- >> John: So you're essentially is telling Frankfurt, connect to my Amazon. And I'm going to set up some cloud stuff for you to work with. >> Vivek: So you already have your VPC infrastructure, or your VNET infrastructure in AWS or Azure. What I'm doing is I'm providing optimized automated connectivity for you. So I can choose to-- >> John: All with just one click of the button. >> Vivek: All with one click of a button. So you see that I can choose an EC2 and it's my choice. For the gateway I'm going to leave it to t2 medium. And then SteelHead, because WAN optimization, because the moment we start migrating huge datasets to the cloud in Frankfurt or say Ireland in Azure, latency becomes a real issue. So we want to be sure that we're also optimizing the traffic end-to-end. I'm going to leave redundancy to On so that there's high availability. And I'll leave AWS Routing to Auto. And I'll talk about that in just a bit. So when I click here on Submit, what's happening is SteelConnect is logging into my AWS account. It's looking at all my VPCs, it knows what subnets it has to connect to. It's going to plop a gateway appliance as well as a WAN optimization appliance, do all the plumbing between those appliances, and make sure that all the traffic is routed through the SteelHeads for WAN optimization. And it creates all the styles for me automatically. And the beauty of this solution, again, is that not only does it provide automated connectivity for me between say different regions of AWS, but also between AWS and Azure. We have suddenly become the cloud brokers of the world. We can provide automated optimized connectivity between AWS and Azure. So let me show that to you also. >> John: Yeah, show me the Azure integration. >> Vivek: So I'm going to search for maybe subnets in Europe, Ireland, I'm going to connect to that. The workflow is exactly the same. Once I do Connect, it gives me the option to deploy an instance of my gateway and my SteelHead. So I'm going to select that and then click on Submit. So now when I go back to my dashboard. You'll see that, oh, by the way, my Dallas site is now online and when I click on it, you'll see that all my tunnels have also come online. >> John: Beautiful. And Frankfurt and Ireland are up and running, 'cause you have the Amazon and Azure piece there. >> Vivek: It does take about four or seven minutes for those appliances to come online. They download their latest firmware, but that's not-- >> John: Minutes aren't hours, and that's not days. >> Vivek: Exactly, not hours, not days, not weeks. >> Right, I mean, a key use case here, when you think about cloud connectivity today, it's still rather tedious to connect your on-premise location into these cloud-based virtual environments. And so what network operators do is they do that in as few locations as possibly, typically in a data center. And what that means is now you're limited, because all the traffic that you need to go into those environments has to get back-called into your data center before going there. So, now, because this is automated, and it's all part of that same secure VPN, if you have some developers that are working on an app and they're using infrastructure as a service as part of their work, they can do that from whichever remote office they're sitting at, or their home office, or at a coffee shop. And there's no need to create that additional latency by back-calling them to the data center before going to the cloud. >> So all that stuff gets done automatically on the networking side with you guys. >> Exactly, exactly. So step one is really creating this easy button to have connectivity, both on-premises and in the cloud. >> Connectivity with all those benefits of the tunneling, and stuff that's either preexisting, or has been set up by (drowned by Josh). >> Exactly. Secure VPN, full mesh connectivity, across all the places where you're doing business or you need assets to run the cloud. Then the second phase is, okay, how do you want to dictate which applications are running over which circuits in this environment. And this is where, again, with a legacy approach, it's been really tedious to define which applications should be steered across one link, if you can identify those applications at all. So what Vivek's going to show next is the power of policy, and how you can make it easy to do some things that are very common, steering video, steering voice, and dealing with SaaS applications in the cloud. So you want to give 'em (mumbles) that? >> Vivek: Absolutely. So let's go to Rules and let's create a new traffic rule, say, I want to make sure that across all my sites for my organization, I want video, which is a bandwidth intensive application, as we all know. Doesn't really choke up my MPLS link, which is my most precious link across all my sites. I should be able to configure that with as much ease, as I just said it. So let's do that. We can do that with software defining intelligence of SteelConnect. I can apply that rule to all my sites, all my users, and I'm going to select applicationS where I search for video. There's already a pre-configured application group. For video, I'm going to select Online Collaboration and Video. And under Path Preference, I'm going to say that for this application, don't use my MPLS as my primary, >> John: And the reason for that is to split traffic between the value of the links cost or importance. >> Vivek: Exactly. Load balancing is really important. So I'm just going to save that is my primary-- >> John: Applying people that are watching YouTube videos or-- = (laughs) Yeah. Exactly, exactly. >> Video is one of the biggest hogs of balance. It's basically creating an insatiable demand. So you definitely need to look for your best option in terms of capacity. And with the internet broadband, maybe you're going to sacrifice a little bit on quality, but video deals with that pretty well. But it's just hard to configure that at each and every single box where you're trying to do that. >> Vivek: Yeah. As opposed to configuring that on each and every individual box, or individual site I'm creating that's globally applying rule to all my sites. And I'm going to select MPLS as a secondary. I'm going to set a path quality profile, which means that if there's some severe degradation in my internet link, go ahead and use my MPLS link. So I'm going to say latency sensitive metrics. And I'm going to apply a DSCP type of high. Click here on Subnet. And the moment I turn this rule on, it automatically updates all of the IPs, all of the uplinks, all of the routes across my entire organization. >> John: So you're paying the quality of service, concepts, to all dimensions of apps. >> Absolutely, whether it's from video-- >> Video, Snapchat, live streaming to downloading, uploading. >> Vivek: Yeah, and I can create the same kind of rule, even for voice where maybe I have my MPLS, since that's my primary and most precious link available for all my sites. Have as a primary in my secondary as my route VPN, which is my-- >> John: If you're a call center, you want to have, probably go with the best links, right? >> Vivek: Exactly, and assign it to DSCP type of urgent so that that traffic is set at the expense of all my other traffic. >> John: Awesome. That's great suff. Policy is great for cloud, what about security? Take us through a demo of security. >> So that's a really good question. I mean, as soon as you're starting to use internet broadband connectivity in these remote locations. One of the first things you think about is security. With the secure VPN connectivity, you're assuring that that traffics encrypted, end to end, if it's going from branch to data center, even branch into cloud. And that was really step one that Vivek showed earlier. Step two is when you realize, you know what? There's certain applications that are living in the cloud, things like Office 365, or Salesforce.com that truly are a trusted extension of our business. So let's turn that spigot up a little bit and let's steer those applications that we trust direct from branch to the internet. And by doing that, we can avoid, again, that back-call into the data center. And with an application-defined approach, this becomes really easy. >> Vivek: Yeah, and I can do that with a very simple rule here, too. I'm going to apply that rule to all my sites. I'm going to say for application, let's say, trusted SaaS apps, like Salesforce, Dropbox and Box. I'm going to select a group called Trusted SaaS apps. And now under Path Preference I'm going to say for these applications, I know that I've said on organization default, that for all my traffic, go over my MPLS link, and break out the internet that way, but for some applications that I've defined as trusted SaaS apps, break out to the internet directly. >> John: Those are apps that they basically say are part of our business operations, Salesforce, WorkDay, whatever they might be. >> Vivek: Absolutely. So you're opening that spigot just a little bit, as Josh was talking about. And I can choose to apply a path quality profile so that there's a dynamic path quality based path selection, and apply, of course, priority. I'm going to leave it to high and Submit. And the powerful thing about this is even though I've applied this to all my sites, I can choose to apply this to individual sites, or maybe individual VLAN in a site, or an individual user group, or even a single user for follow the user policies. And that's the entire essence of the software-defined intelligence of SteelConnect. The ease with which we can deploy these rules across our entire organization or go as granular to a single user is a very powerful concept. >> Josh: One of the things, too, John, in terms of security, which you were asking about earlier is that not only is a policy-base approach helping you be efficient, how you configure this, but it's also helping you be efficient in how you audit, that your security policies are in place. Because if you were doing this on a box-by-box basis, if you really truly wanted to do an audit with a security team, you're going to have to look at every single box, make sure there's no typo whatsoever in any of those commands. But, here, we've just made a policy within the company that there are certain applications that are trusted. We have one policy, we see that it's on, and we know that our default is to back-call everything else. And so that becomes the extent of the audit. The other thing that's interesting is that by just turning off this policy, that becomes your rollback. The other thing that's really hard about configuring boxes with lots of commands is that it's almost sometimes impossible to roll things back. So here you have a really easy button on a policy-by-policy basis to rollback if you need to. >> John: And just go clean sheet. But this path-based steering is an interesting concept. You go global across all devices. He has a rollback and go in individually to devices as well. >> Josh: That's right, that's right. Now this next click of bringing that internet closer to you is where you say, "You know what? "In addition to trusted SaaS applications, "let's go ahead and half even recreational "internet traffic, go straight from the branch out to the internet at large. >> John: Love that term recreational internet. (Josh laughs) I's just like the playground, go play out there in the wild. (all laughing) There's bad guys out there. But that's what you mean, there's traffic that's essentially, you're basically saying this is classified as assume the worst, hope for the best. >> Right, exactly, and that's where you do have to protect yourself from a network security standpoint. So that next step is to say, okay, well, instead of back-calling all of that recreational dangerous internet traffic, what if we could put some more powerful IDS/IPS capabilities out there at the edge. And you can do that by deploying traditional firewall, more hardware at those edge devices. But there's also cloud-based approaches to security today. So what Vivek is going to show next is some of the power of automation and policy that we've integrated with one cloud security broker named named Zscaler. >> Vivek: Zcaler, yes. >> John: Jump into it. >> Vivek: Our engineers have been working very closely with engineers from Zscaler. And really the end result is this. Where we do a lot of the heavy lifting in terms of connecting to the Zscaler cloud. What I mean by that is what you're looking at on the SteelConnect interface, going back to that entire concept of a single pane of glass is that you can see all your Zscaler nodes from SteelConnect right here. And on a side-by-side basis, we will automatically select for you what Zscaler nodes are the closest to you based on minimum latency. And we select a primary and a secondary. We also give you the option of manually selecting that. But, by default, we'll select that for you. So that any traffic that you want to break out to the internet will go to the Zscaler cloud like it's a WAN cloud by itself. So I can go to my organization and networking default and say that, hey, you know what? For all my traffic break out, by default, to the Zscaler crowd as the primary, so that it's all additionally inspected over there for all those IDS and IPS capabilities that Josh was talking about. And then break out to the internet from there. And that's, again, a very powerful concept. And just to remind you, though, the traffic patrol that we just created for trusted SaaS apps will still bypass the Zscaler cloud, because we've asked those applications to go directly out the internet. >> John: Because of the path information. But Zscaler about how that works, because you mentioned it's a cloud. >> Vivek: Yes. >> John: Is it truly a cloud? Is it always on? Whats' the relationships? >> I mean, this is what's interesting. And the cloud is basically a collection of data centers that are all connected together. And so some of the complexity and effort involved in integrating a cloud-based security solution like Zscaler is still often very manual. So without this type of integration, this collaboration we've done with them, you would still have to go into each box and basically manually select and choose which data center of Zscaler's should we be directing to. And if they add a new data center that's closer, you would have to go and reconfigure it. So there's a lot of automation here where the system is just checking what's my best access into Zscaler's cloud, over and over again. And making sure that traffic is going to be routed (drowned by John). >> And so Zscaler's always on, has like always on security model. >> Active, backup, exactly, there's many of those locations (drowned by John) as well >> All right, so visibility now as the internet connections are key to the zero-touch provisioning you guys demoed earlier. IoT is coming around the corner and it's bringing new devices to the network. That's more network connections. So we're usually there, who was that person out there? Who was that device? A lot of unknown autonomous... So how do I use the visibility of all this data? >> Yeah, visibility's important to every organization. And once we start talking about autonomous networks, it becomes even more important for us to dive deeper and make sure that our networks are performing the way we want them to perform. It goes back to that entire concept of trust but verified. So I'm creating all these policy rules, but how do I know that it's actually working? So if you look at my interface now. Actually, let's pause for a second and just enjoy what we've done so far. (John and Josh laugh) You'll see that my-- >> A lot of green. >> Vivek: A lot of green and a lot of green lines. So this is my site in AWS, which I just brought up and this is my site in Ireland. So if I click on the tunnel between-- >> John: Are those the only two cloud sites or the rest on-premise? >> Vivek: The rest are all on-premise, exactly. So if I want to, say, click on the tunnel over here between my Azure site and my AWS site, which I just brought up. It gives me some basic visibility parameters like what's my outbound and inbound true port, what's my latency jitter and packet laws? We don't see any real values here because we're not sending any data right now. >> John: Well, if you would, you would see full connection points. You can make decisions, or like workloads to be there. So as you look at connection to cloud-- >> Vivek: It's all real-time data, but if you want to dive in deeper, we can look at what we call SteelCentral Insights for SteelConnect. So you can look at-- >> Whoa, you're going too fast. Back up for a second. This is an insights dashboard powered by what data? >> Vivek: Powered By the data that is being pulled from all of those gateways. >> Those green, all those points. >> Vivek: All those green points. >> John: So this is where the visualizaiton of the data gives the user some information to act on, understand, make course corrections, understanding success. >> Exactly. >> John: Okay, now take us through this again, please. >> Vivek: So you can look at what your top uplinks. Also I'm looking at my site in New York City, so I can look at what my top uplinks are, what my top applications are, who are my top users. Who's using BitTorrent? I can see here that Nancy Clark is using BitTorrent, so I might have to go ahead and create a rule to block that. >> Talking about what movies she's got. >> Or have a chat with her. Yeah. >> What kind of movies she just downloaded, music. So you can actually look at the application type. So you mentioned BitTorrent. So same with the video, even though you're passed steering, you still see everything for this? >> Vivek: Absolutely. >> Exactly, I mean, this is application-defined networking in action, where the new primitives that network administrators and architects are now able to use are things like application, user, location, performance SLA, like the priority of that application, any security constraint. And that's very much aligned to the natural language of business. When the business is talking about which users are really important for which applications that they're sending, to which locations. I mean, now you have a pane of glass, that you can interact with that is basically aligned to that. And that's some of the power there. >> John: All right, so what are you showing here now? Back to the demo. >> Vivek: Back to the demo. The next part of the demo is actually a bonus segment. We're going to talk about integration with Xirrus Wifi. We recently announced that we are working with Xirrus. We bought them. And we're really excited to show how these two products, Xirrus Access Point, Xirrus Wifi and SteelConnect can work hand in glove with each other, because this goes back to the entire concept of not just SD-WAN, but SD-LAN for an end-to-end software-defined network. So what I want to show you next is really hot off the pressess-- >> John: And this is new tech you're showing? New technology? >> Vivek: Yes. >> Josh: So when SteelConnect was launched last year, there are wifi capabilities in the gateways that Vivek showed during the zero touch provisioning part. Xirrus is well regarded as having some of the most dense capabilities for access hundreds-- >> John: Like stadiums, well, we all know that, we all live that nightmare. I've got all these bars on wifi but no connectivity. >> Exactly, so stadiums, conventions. When you think about the world of IoT that's coming, and just how many devices are going to be vying for that local area wifi bandwidth. You need to have an architecture like Xirrus that has multiple radios that can service all those things. And so what we've been doing is taking the steps as quickly as possible to bring the Xirrus Wifi in addition with the wifi that SteelConnect already had into the same policy framework. 'Cause you don't want to manage those things necessarily going forward as different and distinct entities. >> So SteelConnect has the wifi, let's see the demo. >> Exactly. So I'm now moving to a different overview where we have about four or five sites. And I'm going to go ahead and add an appliance. And I'm going to add the Xirrus access point, and deploy it in my site at Chicago. So I just click here on Submit and you'll see that the access point will come online in less than a minute. And once it does come online, I can actually start controlling the Xirrus access point, not just from the XMS cloud, which is the Xirrus dashboard, but also from SteelConnect Manager. Going back to that concept of single pane of glass. So-- >> John: We have another example of zero-touch provisioning. Scan the device, someone just plugs it in and installs it. Doesn't have to be an expert, could be the UPS guy. Could be anybody. >> Vivek: Anybody. Just connect it to the right port, and you're done. And that's what it is here, so you'll see that this appliance in Chicago, which is a Xirrus Access Point, is online. And now I can go ahead and play with it. I can choose to deploy an SSID and broadcast it at my site in Chicago. You see that I'm already broadcasting Riverbed-2. And when I go to my XMS dashboard, I can see that one access point is actually op. This is the same access point that we just deployed in the Chicago site. And that profile called Chicago is already configured. So when I click on it, I can see that my SSID is also displaying over here. And I can do so much more with this interface. >> John: It really brings network management into the operational realm of networking. Future experience of networking is not making it as a separate function, but making it integral part of deploying, provisioning, configuring. >> Exactly, and the policies to automate how it's all used. So if we just take a step back. What we literally did in just a few minutes, we deployed a new location in Dallas without anybody needing to be there other than to plug in the box. We extended the connectivity from on-premises, not only into one cloud, but two clouds, AWS and Azure. We started leveraging public internet in these remote sites to offload our MPLS for video. We steered SaaS applications that were trusted out there directly to the internet. And then we pulled in a third-party capability of Zscaler to do additional security scrubbing in these remote locations. That applies to every single site that's in this environment. And we literally did it while we were talking about the value and the use cases. >> Great demo, great SD-WAN in action. Josh, Vivek, thanks for taking the time to give the demo. Experiencing the future of networking in real time, thanks for the demo, great stuff. >> Thanks, John. >> This is theCube watching special SD-WAN in action with Riverbed. Thanks for watching, I'm John Furrier. (electronic music)

(bright music) >> Hello, everyone. Welcome to theCUBE Studio here in Palo Alto. We're here for our next segment, The Future of Networking. We're going to experience the future of networking through a demo of SD-WAN in action with Riverbed. I'm here with Josh Dobies, the vice president of product marketing, and Vivek Ganti, senior technical marketing engineer. We're going to give a demo of SteelConnect in action. Guys, thanks for joining me on this segment. Let's get into what are we going to show here, showing SD-WAN in action. This is experiencing the future of networking. >> Thanks, John. So what's exciting about this next wave of networking is just how much you can do with minimal effort in a short amount of time. So in this segment, we're actually going to show a typical transformation of a company that's going from a traditional, 100% on-premises world into something that's going to be going into the cloud. And so we're going to kind of basically go in timelapse fashion through those phases that a company will go through to bring the internet closer to their business. >> Great, Vivek, you're going to show a demo, set up the demo, what is the state? It's a real demo, is it a canned demo, what's going on under the hood? Tell us through what's going to happen. >> It's an absolutely real demo. Everything you'll see in today's demo is going to be real, the real appliances, the links you'll see are going to be real. The traffic is going to be real. And it's going to be a fun demo. >> Well the future of networking, and experiencing it is going to be exciting. Let's get through in the demo. I'll just say, as someone who's looking at all the complexity out there, people want to be agile. There's so much complexity with IoT and AI and all this network connections, people want simplicity. >> Right. >> So you can show simplicity and ease of use and value, I'm all interested. >> That's exactly it. Step one is we have to get out of the world of managing boxes. And we have to get into a software-defined world that's based on policies. So one of the first things that a company needs to do to start realizing these benefits of efficiency is to get away from the provisioning work that's involved in bringing up a new site. So that's the first thing that Vivek's going to show right now. >> John: Vivek, jump into it, show us the demo. >> Absolutely, so what you're looking at right now is the web console of SteelConnect manager. This Riverbed's SD-WAN solution. You're looking at a bunch of sites for a company called Global Retail, which is spread all over the world. What I'm going to do now is bring up a new site, really zero touch provisioning in Dallas, sitting here in Palo Alto. So let's get started. I'm going to jump right into network design and look at sites. I'll click here on add sites and really just enter a few physical location details for my site in Dallas. And the moment I click here on submit, not only is a pointer being created on the map for me, but there's a lot of automation and orchestration happening in the backend. What I mean by that is that there's a default uplink created for my Dallas site, and there's also a VLAN created for my site in Dallas. Of course I can go and add more uplinks and VLANS for my site, but then a lot of this heavy lifting in terms of creating these is automatically done for me by SteelConnect. But right now it's just a pointer on the map. It's not a real site. We don't have an appliance. But that's the beauty of it, John. What SteelConnect lets me do is it gives me the flexibility and the freedom to deploy my entire site from ground up, my entire network from ground up, before I deploy the first piece of hardware. The way I'm able to do that is with this concept called shadow appliance, which is really a cardboard cutout of what will be once I have the hardware appliance. So I'm going to click here on add appliances. I'm going to say create shadow appliance. >> So shadow appliance, the customer knows the appliance, they might have the serial number. >> Yeah. >> But it's not connected, it's not even there yet. >> No, it's not even there yet. >> They're doing all the heavy lifting, preparing for it to drop in. >> Yeah, think of it as just designing it or drawing it on white paper, except you get to see what your network's going to look like before you deploy anything. So I'm going to drop, let's say an SDI-130 gateway, add my site in Dallas, which I just created, and click here on submit. And that's the beauty of this, that now with this shadow appliance, I can click on this and really configure everything, right down to the very port level. And once I do have the hardware, which I ship to someone and have someone plug it in. >> So now you're configured. Now the appliance gets shipped there, someone, it could be anybody, could be a non-employee, just says, instructions: plug it in and put this ethernet cable in. >> Yeah, and sitting here in Palo Alto, I'm entering my appliance serial number. Click here on submit, and now that the appliance is connected to the internet, it knows to contact core services in the cloud, download its configuration, it knows what organization it belongs to, and it comes online in a matter of seconds, really. You'll see that it's already online as I was talking to you. >> John: Let's look at that, hold on. Dallas, right there, online, okay. >> Vivek: Yeah, and when it says pending, it means that it's actually downloading its current configuration. It's going to be up to date in less than a minute. And once it does that, when I look at the dashboard, this checkmark will be green, and it's going to start forming all those IPSec VPN tunnels, there you go. It's going to now start forming all those IPSec VPN tunnels to all my other existing sites, automatically forming so that I don't have to do any of the heavy lifting. >> John: So it does a self-discovery of the network. It just went red there, real quick. >> Josh: That's okay, this is where it's going to start creating the VPN tunnels. >> Vivek: Right, it's basically associating all those, it's negotiating all the security associations with all my other appliances. >> So no one's involved? No humans involved, this is the machine, get plugged in, downloads the code, then goes out and says where do I got to connect to my other networks. >> Yeah, the power of this is what you're not doing, right? So you could do all this by hand. And this is the way that legacy networks are configured, if you're still, you know, hardware-based approach. You have to go in and really think hard about the IP addresses, the subnets for each individual box, if you're going to create that full mesh connectivity, you're going to have to do that at an exponential level every time you deploy a new piece of hardware. So with this approach, with the design first, you don't have to do any staging. And when you deploy, the connectivity is going to happen, you know, for you automatically. >> John: Let's take a look at the site, see if it turned green. >> Vivek: Yeah, it's right now, if I click on it, you'll see that my appliance is online, but right now all the lines are red because it's still in the process of creating those IPSec VPN tunnels. But you'll see that in the next couple of minutes or so, all these lights will turn green, and what that means is now I have a single unified fabric of my entire network. But while we're waiting on that, let's actually move ahead and do something even cooler. Let's say our company called Global Network, Global Retail, wants to transition some of its applications to the cloud, because as we know, John, a lot of companies want to do that. For a few pennies on the dollar, you can make a lot of things somebody else's problem. So we've worked really hard with AWS and Microsoft to make that integration really work well. What I mean by that is when I click here on network design and AWS, I have a cross-account access going between my SteelConnect manager and AWS Marketplace so that I don't ever have to log back into the AWS Marketplace again. Once I do that, I can see all of my VPCs across all of my regions so that with a single click, and that's what I'm going to do here, I'm going to say connect to all my subnets in Frankfurt, I can choose to deploy a gateway of instance of my choice in the Frankfurt site. So what I'm going to do now- >> John: So you're essentially telling Frankfurt, connect to my Amazon. >> Vivek: Yes. >> John: And I'm going to set up some cloud stuff for you to work with. >> Vivek: So you already have your VPC infrastructure or your VNet infrastructure on AWS or Azure. What I'm doing is I'm providing optimized, automated connectivity for you. So I can choose to deploy- [John] All with just one click of the button. >> Vivek: All with one click of the button. So you see that I can choose an EC2 instance of my choice for the gateway. I'm going to leave it to t2.medium, and then SteelHead, because, WAN optimization because the moment we start migrating huge data sets to the cloud in Frankfurt or, say, Ireland in Azure, latency becomes a real issue. So we want to be sure that we're also optimizing the traffic end to end. I'm going to leave redundancy to on so that there's high availability, and I'll leave AWS routing to auto, and I'll talk about that in just a bit. So when I click here on subnet, what's happening is SteelConnect is logging into my AWS account. It's looking at all my VPCs, it knows what subnets it has to connect to, it's going to plop a gateway appliance as well as a WAN optimization appliance, do all the plumbing between those appliances, and make sure that all traffic is routed through the SteelHeads for WAN optimization, and it creates all those downloads for me automatically. And the beauty of this solution, again, is that not only does it provide automated connectivity for me between, say, different regions of AWS but also between AWS and Azure. We've suddenly become the cloud brokers of the world. We can provide automated, optimized connectivity between AWS and Azure. So let me show that to you also. >> John: Yeah, show me the Azure integration. >> Vivek: So I'm going to search for maybe subnets in Europe, Ireland, I'm going to connect to that. The workflow is exactly the same. Once I do connect, it gives me the option to deploy an instance of my gateway and my SteelHead. So I'm going to select that and then click on submit. So now when I go back to my dashboard, you'll see that, oh by the way, my Dallas site is now online. And when I click on it, you'll see all my tunnels have also come online. >> John: Beautiful. >> Vivek: Going back to what we just talked about- >> John: Frankfurt and Ireland are up an running. >> Vivek: Exactly. >> John: With Amazon and Azure piece there. >> Vivek: Yeah, it does take about four or seven minutes for those appliances to come online, they download their latest firmware, but that's nothing- >> John: Minutes aren't hours, and that's not days. >> Vivek: Exactly, not hours, not days, not weeks. >> Right, I mean a key use case here, when you think about cloud connectivity today, it's still rather tedious to connect your on-premise location into these cloud-based, virtual environments. And so what network operators do is they do that in as few locations as possible, typically in a data center. And what that means is now you're limited, because all the traffic that you need to go into those environments has to get backhauled into your data center before going there. So now, because this is automated, and it's all part of that same secure VPN, if you have some developers that are working on an app and they're using infrastructure as a service, you know, as part of their work, they can do that from whichever remote office they're sitting at or their home office or at a coffee shop. And there's no need to create that additional latency by backhauling them to the data center before going to the cloud. >> So all that stuff gets done automatically, on the networking side, with you guys. >> Exactly, exactly. So step one is really creating this easy button to have connectivity, both on premises and in the cloud. >> Connectivity with all those benefits of the tunneling and stuff, that's either pre-existing or that's been set up by an instance. >> Exactly, secure VPN, full mesh connectivity across all the places where you're doing business or you need assets to run in the cloud. Then the second phase is, okay, how do you want to dictate which applications are running over which circuits in this environment? And this is where, again, with a legacy approach, it's been really tedious to define which applications should be steered across one link, if you can identify those applications at all. So what Vivek's going to show next is the power of policy and how you can make it easy to do some things that are very common: steering video, steering voice and dealing with, you know, SaaS applications in the cloud. So you want to give them a taste of that? >> Vivek: Absolutely. So let's go to rules, and let's create a new traffic rule, say, I want to make sure that across all my sites for my organization, I want video, which is a bandwidth-intensive application, as you all know, doesn't really choke up my MPLS link, which is my most precious link across all my sites. I should be able to configure that with as much ease as I just said it. So let's do that. We can do that with the software defined intelligence of SteelConnect. I can apply that rule to all my sites, all my users, and I'm going to select applications, where I search for video. There's already a pre-configured application group for video. I'm going to select online collaboration and video. And under path preference, I'm going to say that for this application, don't use my MPLS as my primary, but use my internet link as the primary. >> John: And the reason for that is to split traffic between the value of the link's cost or >> Vivek: Exactly. >> John: Importance. >> Vivek: Exactly. Load balance gets really important. So I'm going to save that as my primary- >> John: So plenty of people that are watching YouTube videos or, you know. >> Vivek: (laughs) Right, exactly. >> Exactly, video is one of the biggest hogs of bandwidth. It's basically creating an insatiable demand, right, so you definitely need to look for your best option in terms of capacity. And with internet broadband, maybe you're going to sacrifice a little bit on quality, but video, you know, deals with that pretty well. But it's just hard to configure that at each and every single box where you're trying to do that, so. >> Vivek: Yeah, as opposed to configuring that on each and every individual box or every individual site, I'm creating this globally applied rule to all my sites. And I'm going to select MPLS as a secondary. I'm going to select a path quality profile, which means that if there's some severe degradation in my internet link, go ahead and use my MPLS link. So I'm going to say latency sensitive metrics, and I'm going to apply a DSCP tag of high, click here on submit, and the moment I turn this rule on, it automatically updates all of the IPs, all of the uplinks, all of the routes across my entire organization. >> John: So you're paying the quality of service concept to all dimensions of apps. >> Vivek: Absolutely, whether it's video- >> John: Video, Snapchat, livestreaming, to downloading, uploading. >> Vivek: Yeah, and I can create the same kind of rule even for voice, where maybe I have my MPLS, since that's my primary and most precious link available for all my sites, have that as a primary and my secondary as my route VPN, which is my- [John] If you're a call center, you want to have it probably go over the best links, right? >> Vivek: Exactly. And assign it the DSCP tag of urgent so that that traffic gets sent at the expense of all my other traffic. >> John: Awesome, that's great stuff. Policy is great for cloud. What about security? Take us through a demo of security. >> So that's a really good question. I mean, as soon as you're starting to use internet broadband connectivity in these remote locations, one of the first things you think about is security. With the secure VPN connectivity, you're assuring that that traffic is encrypted, you know, end to end, if it's going from branch to data center or even branch into cloud. And that was really step one that Vivek showed earlier. Step two is when you realize, you know what, there are certain applications that are living in the cloud, things like Office 365 or Salesforce.com that truly are a trusted extension of your business. So let's turn that spigot up a little bit, and let's steer those applications that we trust direct from branch to the internet, and by doing that we can avoid, again, that backhaul into the data center. And with an application-defined approach, this becomes really easy. >> Vivek: Yeah, and I can do that with a very simple rule here, too. I'm going to apply that rule to all my sites. I'm going to say for applications, let's say trusted SaaS apps like Salesforce, Dropbox, and Box, I'm going to select a group called trusted SaaS apps, and now under path preference, I'm going to say for these applications, I know that I've set an organizational default that for all my traffic, go over my MPLS link and break out to the internet that way, but for some applications that I've defined as trusted SaaS apps, break out to the internet directly. >> John: Those are apps that they basically say are part of our business operation. >> Vivek: Yeah. >> John: Salesforce, Workday, whatever they might be. >> Vivek: Absolutely. So you're opening that spigot just a little bit, as Josh was talking about. And I can choose to apply a path quality profile so that there's a dynamic path quality-based path selection and apply a QoS priority. I'm going to leave it to high and submit. And the powerful thing about this is even though I've applied this to all my sites, I can choose to apply this to individual sites or maybe an individual VLAN in a site or an individual user group or even a single user for follow the user policies. And that's the entire essence of the software-defined intelligence of SteelConnect. The ease with which we can deploy these rules across our entire organization or go as granular to a single user is a very powerful concept. >> Josh: One of the things too, John, in terms of security, which you were asking about earlier, is that not only is a policy-based approach helping you be efficient at how you configure this but it's also helping you be efficient in how you audit that your security policies are in place because if you were doing this on a box-by-box basis, if you really, truly wanted to do an audit with the security team, you're going to have to look at every single box, make sure there's no typo whatsoever in any of those commands. But here we've just made a policy within the company that there are certain applications that are trusted. We have one policy, we see that it's on, and we know that our default is to backhaul everything else. And so that becomes the extent of the audit. The other thing that's interesting is that by just turning off this policy, that becomes your roll back, right? The other thing that's really hard about configuring boxes with lots of commands is that it's almost sometimes impossible to roll things back. So here you have a really easy button on a policy-by-policy basis to roll back if you need to. >> John: And just go, you know, clean sheet. But this path-based steering is an interesting concept. You go global, across all devices, you have the roll back, and go in individually to devices as well. >> Josh: That's right, that's right. Now, this next click of bringing that internet closer to you, is where you say, you know what? In addition to trusted SaaS applications, let's go ahead and have even recreational internet traffic go straight from the branch out to the internet at large. >> John: Love that term, recreational internet. (laughing) It's basically the playground, go play out there in the wild. (laughing) >> Josh: Exactly. >> John: There's bad guys out there. But that's what you mean, is traffic that's essentially, you're basically saying, this is classified as, assume the worst, hope for the best. >> Right, exactly. And that's where you do have to protect yourself from a network security standpoint. So that next step is to say okay, well instead of backhauling all of that recreational, dangerous internet traffic, what if we could put some more powerful IDS, IPS capabilities out there at the edge? And you can do that by deploying traditional firewall, more hardware, at those edge devices. But there's also cloud-based approaches to security today. So what Vivek is going to show next is some of the power of automation and policy that we've integrated with one cloud security broker named Zscaler. >> Vivek: Zscaler, yeah, so- >> John: Jump into it. >> Vivek: Our engineers have been working very closely with engineers from Zscaler, and really the end result is this, where we do a lot of the heavy lifting in terms of connecting to the Zscaler cloud. What I mean by that is what you're looking at on the SteelConnect interface, going back to that entire concept of single pane of glass, is that you can see all your Zscaler nodes from SteelConnect right here. And on a site-by-site basis, we will automatically select for you what Zscaler nodes are the closest to you based on minimum latency. And we select a primary and a secondary. We also give you the option of manually selecting that, but by default, we'll select that for you so that any traffic that you want to break out to the internet will go to the Zscaler cloud like it's a WAN cloud by itself. So I can go to my organization and networking default and say that hey, you know what, for all of my traffic, break out by default to the Zscaler cloud as the primary so that it's all additionally inspected over there for all those IDS and IPS capabilities that Josh was talking about. And then break out to the internet from there. And that's, again, a very powerful concept. And just to remind you though, the traffic path rule that we just created for trusted SaaS apps will still bypass the Zscaler cloud because we've asked those applications to go directly out to the internet. >> John: Because of the path information. But Zscaler, talk about how that works because you mentioned it's a cloud. >> Vivek: Yes. >> John: Is it truly a cloud, is it always on? What's the relationship with- >> I mean, this is what's interesting. And the cloud is basically a collection of, you know, data centers that are all connected together. And so some of the complexity and effort involved in integrating a cloud-based security solution like Zscaler is still often very manual. So without this type of integration, this collaboration we've done with them, you would still have to go into each box and basically manually select and choose which, you know, data center of Zscaler's should we be redirecting to. And you know, if they add a new data center that's closer, you would have to go and reconfigure it. So there's a lot of automation here where the system is just checking, what's my best access into Zscaler's cloud, over and over again and making sure that traffic is going to be routed that way. >> John: And Zscaler's always on, is an always-on security model. >> Yeah, active backup, exactly. There's many of those locations. >> Alright, so visibility. Now, as the internet connections are key to the, you know, zero touch provisioning you guys demoed earlier, IoT is coming around the corner, and it's bringing new devices to the network. That's more network connections. >> Josh: Right. >> Usually they're who is that person out there, what's that device, a lot of unknown, autonomous, so how do I use the visibility of all this data? >> Yeah, visibility's important to every organization, and once we start talking about autonomous networks, it becomes even more important for us to dive deeper and make sure that our networks are performing the way we want them to perform. It goes back to that entire concept of trust but verify. So I'm creating all these policy rules, but how do I know that it's actually working? So if you look at my interface now, actually, let's pause for a second and just enjoy what we've done so far. (laughing) >> John: A lot of green. >> Vivek: You'll see that my, a lot of green, and a lot of green lines. So this is my site in AWS, which I just brought up, and this is my site in Ireland. So if I click on the tunnel between- >> John: Are those the only two cloud sites? Are the rest on premise? >> Vivek: The rest are all on premise, exactly. So if I want to, say, click on the tunnel over here between my Azure site and my AWS site, which I just brought up, it gives me some basic visibility parameters, like what's my outbound and inbound throughput, what's my latency and packet loss. We don't see any real values here because we're not sending any data right now. >> John: But if you would, you would see full connection points so you can make decisions or like, workloads to be there, so as you look at- >> Vivek: Absolutely. >> John: Connection to the cloud. >> Vivek: It's all real time data. But if you want to dive in deeper, we can look at what we call SteelCentral Insights for SteelConnect so you can look at- >> John: Hold on, you're going too fast. Back up for a second. This is an Insight's dashboard. >> Vivek: Yes. >> John: Powered by what data? >> Vivek: Powered by the data that is being pulled from all of those- >> John: Those green- >> Vivek: All those gateways. >> John: All those points. >> Vivek: All those green points. >> John: So this is where the visualization of the data gives the user some information to act on, understand, make course corrections. >> Vivek: Exactly. >> John: Okay, now take us through this again. >> Vivek: So you can look at what your top uplinks are. So I'm looking at my site in New York City. So I can look at what my top uplinks are, what my top applications are, who are my top users? Who's using BitTorrent? I can see here that Nancy Clark is using the BitTorrent. So I might have to go ahead and create a rule to block that. >> John: You know what kind of movie she just downloaded, you know, music? >> Josh: Exactly, exactly. >> John: So you can actually look at the application type. So you mentioned BitTorrent. So same with the video, even though you're path steering, you still see everything through this? >> Vivek: Absolutely. >> Exactly, I mean this is application defined networking in action, where, you know, the new primitives that network administrators and architects are now able to use are things like application, user, location, you know, performance SLA, like the priority of that application, any security constraint. And that's very much aligned to the natural language of business. You know, when the business is talking about, you know, which users are really important for which applications that they're sending to which locations, I mean, now you have a pane of glass that you can interact with that is basically aligned to that. And that's some of the power there. >> John: Alright, so what are you showing here now? Back to the demo. >> Vivek: Back to the demo. The next part of the demo is, it's actually a bonus segment. We're going to talk about our integration with Xirrus Wifi. We recently announced that we are working with Xirrus. We bought them, and we're really excited to show how these two products, Xirrus access points, Xirrus wifi, and SteelConnect, can work hand in glove with each other. Because this goes back to the entire concept of not just SD-WAN but SD-LAN for an end-to-end software-defined network. So what I want to show you next is really hot off the presses. >> John: This is new tech you're showing, new technology? >> Vivek: Yes. >> Josh: So when SteelConnect was launched last year, there are wifi capabilities in the gateways that Vivek showed during the zero touch provisioning part. Xirrus is well regarded as having some of the, you know, most dense capabilities for accessing- >> John: Like stadiums, we all know that, we all lived that nightmare. >> Josh: Exactly. >> John: I got all these bars on wifi but no connectivity. >> Josh: Exactly, so stadiums, conventions, you know, when you think about the world of IoT that's coming and just how many devices are going to be vying for that local area wifi bandwidth, you need to have an architecture like Xirrus that has multiple radios that can service all of those things. And so what we've been doing is taking, you know, the steps as quickly as possible to bring the Xirrus wifi, in addition with the wifi that SteelConnect already had, into the same policy framework, right? Cause you don't want to manage those things, necessarily, going forward as different and distinct entities. >> John: So SteelConnect has the wifi in the demo. >> Exactly, so I'm now moving to a different org, where we have about four or five sites, and I'm going to go ahead and add an appliance. And I'm going to add this Xirrus access point and deploy it in my site at Chicago. So I just click here on submit, and you'll see that the access point will come online within, in less than a minute. And once it does come online, I can actually start controlling this Xirrus access point, not just from the XMS cloud, which is the Xirrus dashboard, but also from SteelConnect manager, going back to that concept of single pane of glass, so- >> John: So we have another example of zero touch provisioning. >> Vivek: Zero touch provisioning. >> John: Send the device, and someone just plugs it in and installs it, doesn't have to be an expert. Could be the UPS guy, could be anybody. >> Vivek: Yeah, anybody. Just connect it to the right port and you're done. And that's what it is here, so you see that this appliance in Chicago, which is a Xirrus access point, is online. And now I can go ahead and play with it. I can choose to deploy an SSID and broadcast it at my site in Chicago. You see that I'm only broadcasting Riverbed dash two, and when I go to my XMS dashboard, and can see that one access point is actually up. This is the same access point that we just deployed in the Chicago site, and that profile called Chicago is already configured. So when I click on it, I can see that my SSID is also displaying over here, and I can do so much more with this interface. >> John: It really brings network management into the operational realm of networking. >> Vivek: Absolutely. >> John: Future experience of networking is not making it as a separate function, but making it an integral part of deploying, provisioning, configuring. >> Exactly, and the policies to automate how it's all used, right, so if we just take a step back, what we literally did in just a few minutes, we deployed a new location in Dallas without anybody needing to be there other than to plug in the box. We extended the connectivity from on premises, not only into one cloud but two clouds, AWS and Azure. We started leveraging public internet in these remote sites to offload our MPLS for video. We steered SaaS applications that were trusted out there directly to the internet. And then we pulled in a third-party capability of Zscaler to do additional security scrubbing in these remote locations. That applies to every single site that's in this environment. And we literally did it while we were talking about the value in the use cases, you know? >> Great demo, great SD-WAN in action. Josh, Vivek, thanks for taking the time to give the demo. Experiencing the future of networking in real time, thanks for the demo, great stuff. >> Thanks, John. >> This is theCUBE, watching special SD-WAN in action with Riverbed, thanks for watching. I'm John Furrier. (bright music)