EXAMPLE

NETWORK
ASSESSMENT

Proprietary & Confidential Statement: This document and the information disclosed within, including the document structure and contents, are
confidential and the proprietary property of Net Reply and are protected by copyright and other proprietary rights. Any disclosure to a third
party in whole or in part in any manner is expressly prohibited without the prior written permission of Net Reply.
 EXECUTIVE SUMMARY
Contoso Ltd, like most other global enterprises, is experiencing a “stretching to the limit” of its existing network infrastructure due to the
significant growth of applications, demand for collaboration / video and the utilization of cloud services. Investment in transforming its
network, through centralization, standardization and optimization is essential to Contoso Ltd.'s future business growth and productivity.

Contoso’s Current Strategic Goals Net Reply’s Key Recommendations Include

• Transform into one global network – • Achieve significant cost savings by utilizing regional access providers in lieu of a single global
managed globally to global standards – network provider (utilizing a 2-Tiered network architecture)
while continuing to meet ongoing • Increase functionality and network flexibility while driving down costs by utilizing Software Defined
business needs Networking solutions such as Cisco SD-WAN, VMware Velo or others
• Develop consistent architectural • Develop a standardized site configuration for all sites, to drive down support costs
designs and operational support • Execute Data Center consolidation, implementing the appropriate Data Center network fabric
• Increase network agility to respond to design
growing business needs • Develop the overall transformation strategy with an eye toward utilizing the agility and cost
• Evolve the network in light of future effectiveness provided by Software Defined Network (SDN) / Software Defined WAN (SDWAN)
needs and changes in technology capabilities
• Derive savings throughout the • Improve security posture at the edge of the network
transformation to help fund the needed • Allow for decentralized access to the internet from each remote site and teleworkers instead
investment forcing internet traffic through the hub sites
• Many network devices and firewalls are aging, and some are no longer supportable by the
manufacturer

PROPERIETARY – ALL RIGHTS RESERVED

ASSESSMENT
RESULTS
DATA CENTER ASSESSMENT
Area Roadmap Current state / Disruptive technology / Network trend
• Implement traditional Layer design (core, aggregation / access). HA of Networking components at NA,
single points of failure and geographic redundancy
• VSS extension and L2 stretching in with support for Virtualization mobility and geographic application
Architecture 1 2 3 4 5 clustering
• Layer 3 connectivity between DSs with Global Site Selector in North America
• Software Defined Data Center / SDN
• Multi-tenancy
• Not harmonized routing solution (Internal Routing architecture differences between geographies: OSPF-
1 2 3 4 5 EIGRP, BGP redistribution)
L3 Routing • Usage of proprietary protocols (EIGRP)
• Policy Based Routing
• Application Performance Aware Routing
• Multichassis Link-Aggregation Protocols (Virtual Port Channel Nexus 7K and VSS Cat 6500) are
1 2 3 4 5
implemented at all levels
L2 • Per VLAN Spanning Tree Protocol (PVSTP) as primary forwarding approach where required
Switching • Fabric Extender with Top of Rack Nexus 2K Line Cards
• Virtual Switching at Hypervisor Level
• Spine – Leaf topologies, VXLAN, L3 over L2 technologies

1 2 3 4 5
• WAN Optimization implementation based on Riverbed
• Deployment of 50+ Physical appliances
WAN
• Design configuration varies with in path / out path deployments
Optimization
• Virtual appliances
1 2 3 4 5 • SD-WAN
• Internet Traffic Filtering and Cache based in Websense
Web Filter &
• Regional deployment of 75+ boxes deployed around the world
Cache
• Cloud based SWG services (Zscaller or similar)

PROPERIETARY – ALL RIGHTS RESERVED

WAN AND CLOUD CONNECTIVITY
ASSESSMENT
Area Roadmap Current state / Disruptive technology / Network trend
• Scalable Global WAN designed over MPLS – VPN and Dynamic Multipoint VPN over Internet (back up /
primary connection for small branch office)
• Redundancy at MPLS / Internet and DMVPN Router
Architecture
1 2 3 4 5 • Regional WAN for site with no Direct Access with Backbone
• Replace MPLS with multiple DIA links
• SDI WAN / controller
• End to End consistent QoS implementation with 5 different classes
Quality of • Classification, marking, and bandwidth allocations aligned to the service provider, treatment end to end
Service 1 2 3 4 5 • Dynamic allocation of bandwidth resources by network programmability (SDN WAN)

• No current bandwidth issues (MS Azure)

• Bandwidth demand control (Riverbed)
Bandwidth 1 2 3 4 5 • Internet offloading / Policy Based Routing / Performance Routing

• Direct/Decentralized Internet Access not utilized

Internet • Proxy and Cache implementation – Websense
Access 1 2 3 4 5 • NGFW as part of SD-WAN
• Direct Internet Access

• Public Internet Virtual instances in Public Cloud, Redundant design

• Cloud to Public
Connectivity
1 2 3 4 5 • Virtual instances in Public Cloud, Redundant design
Methods
• Implement SD-WAN controllers at the public cloud
• Direct Internet Access for SaaS / Amazon Cloud

PROPERIETARY – ALL RIGHTS RESERVED

LOCAL AREA NETWORKS
Area Roadmap Current state / Disruptive technology / Network trend
• LAN architecture based on site classification (#users). Analysis based on a few sites in scope
• LAN architecture for major sites fully redundant at access and core layers (redundant core switches with
VSS configuration)
• LAN architecture for medium or small sites in scope provides a simplified but redundant configuration
(e.g., only one core switch with redundant supervisor)
LAN • Cisco Software Defined Access
Architecture • Cisco DNAC
1 2 3 4 5

• Based on Cisco technology. Single, Double WLC and FlexConnect WLC deployment based on site
classification
• Performance issues in Real Time Communication and Video streaming requires deeper configuration
and coverage analysis
• New vendors with enhanced capabilities

Wireless LAN
1 2 3 4 5

PROPERIETARY – ALL RIGHTS RESERVED

BUSINESS
NEEDS
CHANGES IN CONTOSO’S BUSINESS NEEDS
KEY BUSINESS REQUIREMENT BUSINESS IMPACT

• Consolidation of
• Contoso Ltd is shifting from a regional structure, built through 10 years of targeted M&A activity, to One Global – Application/Services
Consolidation
Contoso Ltd with focus on two key areas: Medicine and Behavioral Health. With launches of SAP, and – Data Center
Salesforce, application rationalization and consolidation is underway. In order to support this shift, Contoso Ltd
must have a global approach and strategy to Network Infrastructure and Operations. • Consistent User Experience
• Global Operations
• Increased Demand on
• As the global workforce of 18k employees align under One Global Contoso Ltd, the need for collaboration is – Communication
critical. Communication, mobility and access become crucial – whether in the office or on the road. – Mobility
Collaboration
• External Partnerships, which represents 200 users across the globe, are key to Contoso’s growth strategy. • Connecting to
Such partnerships require online collaborative platforms and access to internal and external systems. – Joint Venture
– Trusted Partner

• To meet changing business needs, Contoso Ltd is looking toward SaaS and Cloud for globalization and • Application Consolidation
consolidation of their back office and customer facing applications. • Migration of workloads to
SaaS & Cloud
• IT will need the ability provide private agile development environments to support the development and Azure
evolution of sensitive applications that demand global access. • Increased reliance on O365

• Initiatives like SaaS and Azure cloud require a high volume of data feeds to and from Contoso’s internal and • Immediate need for improve
externally hosted systems from the edge of the network including remote workforce. Due to change in the way security at the edge
the network is consumed, the security controls should be shifted towards the edge as opposed to centralized
Security • Future increase in need of
hub-and-spoke model that in use today.
more robust security
• As Contoso Ltd expands its vision there will likely be specialized requests for more complex analytics from R&D posture
and Marketing.

PROPERIETARY – ALL RIGHTS RESERVED

CURRENT NETWORK INFOSTRUCTURE
CHALLENGES
BUSINESS IMPACT NETWORK GAPS

• Consolidation of • As applications shift from local to global the distance between them and the end users increases. Network
– Application/Services latencies increase, which impacts application performance. In addition, the amount of traffic over the Global
Consolidation – Data Center WAN will increase driving up bandwidth and cost.
• Consistent User Experience • A single instance of SAP serving Contoso Ltd Global footprint will increase bandwidth demands.
• Global Operations • Routing protocols are not harmonized across geographies. There is a need for Global Network standards.

• Increased Demand on
– Communication • Growth of mobility, voice and video traffic are stressing the infrastructure. These higher density are placing high
demand on endpoints and require infrastructure upgrades and better management of Real Time
– Mobility
Collaboration Communications with appropriate QoS, especially on the wide area network and wireless networks.
• Connecting to
• The cost of traditional MPLS network provided by global players is high. Alternative approach to guarantee the
– Joint Venture
delivery of sensitive data such as VoIP, Video and business critical applications should be considered.
– Trusted Partner

• Application Consolidation • Requirements for SaaS and Cloud Services and mobility result in WAN/Internet playing equally important roles
• Migration of workloads to for enterprise connectivity. Contoso’s current design positions Internet for casual connectivity as opposed to a
SaaS & Cloud
Azure permanent and integral part of the enterprise WAN to be leveraged for connectivity to corporate applications.
• Increased reliance on O365 • Increased reliance on the cloud workloads at Azure will require additional bandwidth.

• Immediate need for improve

security at the edge • The enterprise WAN is not engineered for to inspect traffic and enforce security policy at the edge of the
Security • Future increase in need of network. All Internet bound traffic is currently routed through the hub sites.
more robust security • IDS/IPS are not currently employed at the strategic points in the network and on the remote access endpoints.
posture

PROPERIETARY – ALL RIGHTS RESERVED

 NETWORK
ARCHITECTURE
CURRENT NETWORK STATE
1 Mobility Internal DC Internet Connectivity
Network Readiness for SAP application • Regionalized access in NA and Country level
• Need of ensure MPLS and Internet bandwidth to access elsewhere
EnterpRISE
avoid poor user experience and lack of productivity • Flexibility and performance can be improved with
SAP Public Cloud
Joint Venture optimization
application

Internet Internet DMVPN

DMVPN 3
MPLS Small office Small office
Leased line Core Data centers
Internet
Country 5 Access
MPLS
Large office or Mobile user
VPLs Production site
MPLs

MPLs
AT&T MPLS
2
Tier 1 MPLS Backbone
Local Area Network and Collaboration
• Obsolete hardware at some sites (switch, Wireless
4 Data Center Network
Controllers) • Inconsistent DC Network design
• Inconsistent configuration and obsolete wireless protocols • May require upgrades to support Applications and Data
(802.11b, WPA) WAN (Global and Regional) Center consolidation
• Impaired Real Time Communications and video on demand • Global consolidated WAN service provider (AT&T). Regional
WAN (MPLS, VPLS)
• Not harmonized solution (Interior Routing protocols)
• Constrained MPLS provider, inflexible deployment model
6

Network Operations – Two different Network Operations Centers, network management toolset not unified.

PROPERIETARY – ALL RIGHTS RESERVED

NEXT GENERATION NETWORK
TRANSFORMATION
Network Suitability for SAP and MS Azure 1 Mobility Internal DC Internet Connectivity
• Bandwidth augmentation to address short term application IM, Presence, • Harmonized design
requirements Voice & Video • Direct Internet Access in critical branch offices to
EnterpRISE
• SD-WAN to improve Regional and Global WAN Conferencing support SaaS and Public cloud application
SAP Public Cloud
connectivity Joint Venture performance
application

Small office
3

SD-WAN Internet

MPLS DIA Small office

Core Data centers
Internet
SD-WAN Large office or 5 Access
Ethernet Production site
Mobile user
VPLs
MPLs

AT&T MPLS
2
Tier 1 MPLS Backbone
Data Center Network
Local Area Network and Collaboration • DC Design standardization
• Harmonized design 4 • Improved DC scalability and performance
• Short Term Improvements to support real time
WAN (Global and Regional) • Automation and orchestration of network
communications (configuration changes, update
provisioning
legacy infrastructure) • Enhanced WAN flexibility by utilizing SD-WAN
• Fast application provisioning
• Site categorization as means to manage network complexity
• Better utilization of links limits the need to augment capacities (SD WAN) and
costs associated
6 • Simplified operations by automating network tasks

Network Operations – Integrated Network Operations Center

Provide end-to-end inventory and financial visibility and end-user performance management

PROPERIETARY – ALL RIGHTS RESERVED

RECOMMENDATIONS
 Presents one or more specific risks. Priority attention
ISSUE
recommended.

UNDEFINED Not available or provided.

TERMS
DEFINITION
LIMITED Incomplete.

MATURE Documented and functionally complete.

PROPERIETARY – ALL RIGHTS RESERVED

NETWORK READINESS FOR THE PUBLIC
CLOUD
Migration of the workloads to Azure requires adequate network bandwidth and minimized latencies to ensure consistent user
experience. Some sites may require augmentation to meet design requirements.

Proposed Functionality/Capabilities Finding Result Finding Category

• Bandwidth must be adequate so as not to degrade to application performance. Augments in progress for
Canada to meet design requirements.
LIMITED Design / Capability
• Recommend a Regional WAN transformation enabled by SD-WAN and DIA to facilitate flexible BW growth and
direct connection with Microsoft Azure.
• Install virtual SD-WAN controllers inside Azure. MATURE Documentation

Timeline LIMITED Standardization

2H ‘22 1H ‘23 2H ‘23 1H ‘24 2H ‘24 1H ‘25 2H ‘25 1H ‘26
Cloud Network Readiness
Key Dependencies, Risks, Issues
• Strong dependency on the migration of the
workloads to MS Azure
• Dependency and Risks related to Service
Provider delivery times
Initiative assumptions
• Contoso will initiate the POC for an SD-WAN vendor
• In many cases MPLS can be replaced with DIA Internet

PROPERIETARY – ALL RIGHTS RESERVED

LAN/WLAN AND COLLABORATION
OPTIMIZATION
Immediate WLAN refresh is recommended to update obsolete controllers and protocols and increase port bandwidth. Global Site
Design standards must be derived and implemented.

Proposed Functionality/Capabilities Finding Result Finding Category

• WLAN refresh to replace obsolete controllers and to ensure access points are configured with appropriate BW.
• Remove protocols that impair performance (802.11b) or cause security risk (WPA).
LIMITED Design / Capability
• Explore strategy for Wireless as Primary and Managed WiFi for efficiencies and cost savings.
• Conduct a UCC evaluation to uncover potential issues in unified communications infrastructure / design
(MS Teams). MATURE Documentation

Timeline ISSUE Standardization

2H ‘22 1H ‘23 2H ‘23 1H ‘24 2H ‘24 1H ‘25 2H ‘25 1H ‘26
LAN & Collab Optim
Key Dependencies, Risks, Issues
Site Design
Standards • Legacy Campus and computer room
equipment support mission critical factory
Prioritized Global LAN Transformation
production functions. Careful migration
planning is required to minimize downtime.
Initiative assumptions • Access points with increased bandwidth switch
• WLAN refresh may require upgrades to switch infrastructure. ports may require switch replacement
• Root cause of real time communications performance issues may require improvements to LAN and • Replacement of obsolete Cisco Wireless
wireless infrastructure as well as evaluation of upstream unified communications infrastructure . controllers
• WLAN RF coverage was not analyzed as part of this assessment. Need to determine if it’s a contributing • Legacy endpoints may not support upgraded
factor where performance issues have been identified. protocols (802.11, WPA2 AES, CAPWAP)

PROPERIETARY – ALL RIGHTS RESERVED

INTERNET CONNECTIVITY
WORKSTREAM: INTERNET
CONNECTIVITY OPTIMIZATION
Support Cloud strategy by transforming the design of the Internet Connectivity to improve performance, reduce expense and utilize
Internet access as an integral part Contoso Ltd’s enterprise WAN.

Functionality/Capabilities Finding Result Finding Category

• Improve external application and Internet performance through a combination of approaches including SD-
WAN, Direct Cloud connection and Direct Internet Access.
LIMITED Design / Capability
• Short Term (Phase I): Analyze specific sites, with high density of users, criticality of cloud applications or
greater latencies due to country or regional Internet access, to determine if a Direct Internet Connection is
warranted. MATURE Documentation
• Long Term (Phase II): Plan in conjunction with SD-WAN rollout for the WAN. Direct Cloud Connection and
Internet access should be provided. ISSUE Standardization
Timeline
2H ‘22 1H ‘23 2H ‘23 1H ‘24 2H ‘24 1H ‘25 2H ‘25 1H ‘26
Internet Connectivity Optim. I Key Dependencies, Risks, Issues
• Migration of site connectivity
Internet Connectivity Optim. II
• Sourcing Strategy
• SD-WAN vendors, partners, geographical
footprint
Initiative assumptions
• Internet bandwidth traffic increase will continue at an average rate of 30% driven primarily by Cloud,
Mobility and Video.
• Current centralized design for Internet access impairs network latencies, user experience and productivity
in some sites.
• Current network sourcing model can be enhanced with options available through diverse providers.

PROPERIETARY – ALL RIGHTS RESERVED

DATA CENTER NETWORK
WORKSTREAM: DATA CENTER
NETWORK TRANSFORMATION
Derive and implement a Data Center consolidation strategy, utilizing Software Defined Data Center and spine-leaf network fabric
design principles. Embed within this long-term strategy the further evolution of the Data Center (and WAN) network by taking Software
Defined Network (SDN) into consideration.

Functionality/Capabilities Finding Result Finding Category

• Ensures Data Center consolidation and oversubscription for high density of virtualized servers by spine –
leaf switch topologies.
LIMITED Design / Capability
• Automate and orchestrate Data Center network operations and application network provisioning with
Software Defined Networks.
LIMITED Documentation
Timeline
2H ‘22 1H ‘23 2H ‘23 1H ‘24 2H ‘24 1H ‘25 2H ‘25 1H ‘26 UNDEFINED Standardization
DC Consolidation Strategy

DCN Design Standards * Spine-Leaf Transformation is typically cost neutral when tied
SDDC Demo, PoC & Test to DCN Refresh

DC Consol. & SDDC

DC Network Implemt. Key Dependencies, Risks, Issues

• Data Center consolidation
Initiative assumptions • Application consolidation
• Need for development of in-house applications will continue due to country regulations and security
concerns. Hence the ability to support agile development will be a core expectation.
• Data Center and application consolidation requires network ready for high density of virtualized servers.
• Network provisioning delivery times must support faster application deployment due to server infrastructure
virtualization.

PROPERIETARY – ALL RIGHTS RESERVED

INVENTORY
CHECK
DEVICES UNSUPPORTED BY
MANUFACTURER
Operating System Device Type Number Status
Cisco 3750 Switch X Out-of-support

Out-of-support
Cisco 2960-C Switch X

Out-of-support
Cisco 6000 Switch X

Out-of-support
Windows 6500 Switch X

Out-of-support
Cisco 7206 Router X

Out-of-support
Cisco C819 Router X

Out-of-support
Cisco ASA 5515 Firewall X

Out-of-support
Cisco Aironet 3700e Access Point X

Out-of-support
Cisco Aironet 2600e Access Point X

Total Devices Out of Support xxx

PROPERIETARY – ALL RIGHTS RESERVED
THANK YOU
www.reply.com