This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

CloudVPN: Service deployment has never been faster or easier

Feb 17, 2017 By Xu Rui

    Key takeaways:

  • CloudVPN has specific benefits for the carrier and enterprise markets.
  • It can be applied in more access scenarios than any other solution.

CloudVPN is Huawei's new generation enterprise VPN solution. It greatly simplifies service deployment for operators and provides convenient and flexible service options for enterprise customers, including on-demand enterprise interconnection services and VAS.

Hello, Cloud

Enterprises are migrating their services to cloud, gradually replacing services that use Internet broadband access with VPN interconnections, security, and voice services. However, three main problems exist with traditional enterprise VPN solutions:

One: A long provisioning period. Enterprise customers cannot obtain services quickly, because operators need an average of 30 working days to provision VPN services.

Two: Enterprise VPNs are expensive to provision and maintain. Enterprises have to pay a lot for bandwidth, service hardware, and maintenance engineers.

Three: Operators only provide VPN connectivity, and more complex services require on-site deployment and maintenance. In addition to connecting company branches, enterprises need to deploy other functions, such as security, voice, load balancing, and WoC, to support cloud service deployment. This is a major undertaking.

A VPN solution supported by SDN and NFV technologies can resolve all these issues. The innovative service model of Huawei's new CloudVPN solution supports plug-and-play network hardware, automated service configuration, and automated, visualized O&M to solve problems with traditional VPN services.

Huawei’s CloudVPN redefines enterprise interconnections. For operators, it greatly simplifies service deployment. For enterprise customers, it provides convenient and flexible service options with on-demand interconnections for maximum convenience. 

The architecture 

The architecture comprises four elements: 

The network infrastructure layer includes hardware such as virtualized and physical customer premise hardware (CPE) and firewalls. These support physical interconnections between enterprise tenants and cloud DC elements (CloudCPE). 

Ther control layer leverages a unified controller called Agile Controller (AC), which provides control and service configuration functions for CPE and DC hardware. 

The orchestration layer enables E2E cross-overlay and WAN controller orchestration, including orchestrating tenant resources on the enterprise and cloud sides and orchestrating CPE and virtual network function (VNF) NEs. Tenant and operator control commands are converted into a language that the unified controller can read, and then issued to the bearer device. 

The user interface includes a service portal and mobile app. It provides a unified graphical interface for tenant and operator administrators, and supports self-service customization on CloudVPN services.

To maintain openness, the southbound and northbound interface interconnections between each layer use open protocols such as RESTful and NETCONF.

The industry's only complete E2E solution 

Huawei is the only full-service provider that can integrate different components from an e-commerce platform, mobile app, orchestrator, SDN controller, NFV Infrastructure (NFVI) to CPE, vCPE, and vNGFW. We can quickly provide operators, MSPs, and enterprise customers with a complete customer experience to quickly respond to market opportunities and attract users. 

The core component of Huawei's CloudVPN solution is the SDN controller. Unlike other vendors that provide non-integrated products, our AC is a full-scenario unified controller that supports unified control on the enterprise Managed LAN, Managed VPN, Managed VAS, and public cloud access. AC enables E2E resource allocation and automated deployment, providing one-stop interconnection and VAS for enterprises.

For the carrier market, the unified architecture dynamically integrates internal network cloud management, VPN services, VAS applications, and public cloud solutions, providing operators with a complete solution for developing B2B services.

For the enterprise market, lightweight solutions integrate cloud management into the SD WAN and VAS to meet the requirements of enterprise applications, setting the solution apart from competitors’ separate solutions.

Full-scenario cloudified interconnection and VAS

CloudVPN can be applied in more access scenarios than any other solution in the industry, because it provides the most complete range of CPE types, including fat and thin CPE, and interface types, including G.fast, PON, and hybrid access.

It also offers the highest-capacity secure virtualized VAS in the industry, with over 12 types of VAS: NAT, access control, SSL VPN, application control, web filtering, anti-virus and anti-intrusion, anti-DDoS, anti-leakage, anti-APT, compliance, load balancing, and WAN acceleration. 

The solution also enables minute-level rapid service scheduling via the orchestrator and automated service combination. It has the capability for virtualized, secure, and flexible capacity expansion up to 2.5 T. These benefits provide users with simple, quick, and low-cost interconnections and VAS.

Fully open system maximizes collaboration

Unlike competitors' closed systems, Huawei's CloudVPN solution was developed based on the principles of openness and collaboration. Each layer of CloudVPN is based on standard interfaces so third-party connections can be selected, including VAS, NFVI, MANO, e-commerce platforms, and CPE. 

Commercial value

Huawei's CloudVPN solves the problems with traditional enterprise VPN solutions: It cuts average service provisioning periods from several weeks to minutes; migrating network functions and VAS to the cloud enables flexible enterprise services; and integrating cloud and pipe services allows operators to provide one-stop ICT services for enterprises. 

For enterprises

Rapid service acquisition is possible through the self-service purchase of devices and services, plug and play deployment, remote hardware configuration and maintenance, and E2E whole-process automation. Service provisioning for traditional solutions is slashed from 30 days to 20 minutes, enabling rapid enterprise VPN service provision. 

Flexible service selection via CloudVPN's e-commerce-style platform enables enterprise customers to purchase enterprise interconnection services and VAS on-demand, avoiding the high costs of a service package. 

One-stop ICT services are provided by the solution’s one-stop, online provisioning of VPN and VAS for enterprises on the integrated cloud and pipe.

For operators

Rapid service provisioning and lower O&M costs are made possible with the streamlined processes offered by CloudVPN, with automated service deployment and configuration. Plug-and-play hardware reduces the need for on-site service and labor costs. Complex functions are migrated to the DC, enabling centralized O&M, further reducing the need for on-site services.

Increased cloud service competitiveness and revenue through the cloud and pipe services via ICT service synergy provide flexible VAS, increasing revenues for operators.

The wrap up

The SDN controller and CloudCPE are deployed in the DC. Users are able to purchase devices and services and upgrade services on the self-service app. Thin CPE with plug-and-play, zero configuration, and automatic registration functions are deployed in an enterprise’s headquarters and branch offices. Video and telephony services are then immediately available in headquarters and branch offices once the controller service is issued. 

In addition to network interconnection, CloudVPN also provides cloud VAS such as a firewall, IPS, NAT, and SSL VPN. Users can activate service functions in real time on the service portal or mobile app. Service functions become effective immediately, providing a true "Any Service Online" experience for enterprise users. 

Mobile reading