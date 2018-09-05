Cisco Systems, Inc. (NASDAQ:CSCO) Macquarie and Cisco SD-WAN Tech Talk Conference September 5, 2018 12:00 PM ET

Welcome to Macquarie and Cisco's Tech Talk on SD-WAN. I'm Gloria Lee with Cisco IR, and with me today are Ramesh Prabagaran, Senior Director of SD-WAN at Cisco; and Srini Pajjuri, Senior Analyst of Semiconductors and Network Equipment at Macquarie.

Srinivas Pajjuri

Thank you, Gloria, and thanks, everyone, for joining today's Macquarie Tech Talk with Cisco.

We have about an hour for the call, and the format is going to be Q&A, and we don't have any presentation. So what I would thought I would do is that I have roughly about 20 to 25 questions, and we're going to go over them, starting from basics and digging a little deeper later on.

And if you have any questions, the best way is probably just to send me an e-mail, srini.pajjuri@macquarie.com, again, srini.pajjuri@macquarie.com. And then I'll try to get them in there.

With that, let's start the proceedings. First, Ramesh, thank you very much for joining us. Appreciate your time.

Obviously, we've been hearing a lot about SD-WAN, especially in the last couple of weeks. So I want to start with the basics. Let's talk about what SD-WAN is all about and maybe help us understand what problem are we trying to solve here.

Ramesh Prabagaran

Absolutely, and thank you for having me here, Srini. So SD-WAN, in a nutshell, is a new WAN architecture. The best way to describe this is putting yourself in the shoes of a customer. So typically, a large enterprise that has a completely distributed set of sites would go to a carrier, purchase expensive but skinny, what the industry calls MPLS circuit and connect all their sites together. This is historically how the wide area has been built over, I would say, the last decade or 15 years or so.

Now a few things have happened in the last, I would say, 4, 5 years or so, things that we are very familiar with applications moving to the cloud; certainly, the need for more bandwidth to do things like video driven, so video signage, a lot of hungry bandwidth-based applications.

What this does to the network is now you cannot afford to just use skinny sites to connect all your sites together. You need a completely different way of thinking about it. To access the cloud, what do we do when we're sitting at our home, trying to access e-mail and so forth?

We just go out, use our home network connectivity, and then we access the cloud. Enterprises want to do exactly the same thing as well. And so what this design does is it brings in best-of-breed underlying transport technology, so MPLS, broadband, 4G LTE and so forth. And using that, enterprises can build a large overlay fabric -- sorry to be geeky here, but overlay fabric that's essentially managed and cloud controlled. So that really is, in a nutshell, what's happening in the industry. Now certainly, the value that you get out of all of this is efficient access to cloud.

You get a lot of bandwidth for pretty much half the cost that you paid earlier on your WAN circuit, and you're able to get the time to take up the key, so I can operationalize my stores, I can do spinoff of M&A, I can do IoT devices and segment them, and a whole bunch of new use cases that come into the SD-WAN world, too.

Srinivas Pajjuri

Okay. Great. So sounds like the idea is to reduce the cost of the expensive private networks, the MPLS networks and utilize the cheaper broadband to move some of the data traffic onto the broadband network. So I guess the next question is then, obviously, the cloud is a driving force here.

But from a technology standpoint, why is it happening now? I mean, is there any - are there any drivers that cause - besides the move to the cloud, is there anything else that's driving this adoption now?

Ramesh Prabagaran

Absolutely. So two [indiscernible]. One certainly is the movement to the cloud, and cloud here is not just AWS, Azure, GCP and Infrastructure-as-a-Service cloud, but it's also a SaaS-first -- most of the enterprises are building their infrastructure around a SaaS-first model. And so in order to efficiently access things like Office 365, you need to fundamentally rethink what your network connectivity looks like. So that certainly is a key driver.

The second big driver is really around time to capability. We all know businesses are moving at a really fast pace, and the underlying network and connectivity and all the things around it needs to keep pace. I'll give you a few examples. If you're a large retailer and you want to open a few stores in a new country, for example, then you do not have -- want to wait for months together to procure a circuit, connect that and bring those stores online, same thing with health care.

If I need to spin up and spin things down, i.e., a mobile clinic just over the weekend, I need to be able to do that. So there are a variety of other things, such as segmentation for industrial IoT devices, lighting systems and then so forth, right? Irrespective of which way you look at it, whether it's movement to the cloud or a brand-new set of things that I want to do in my infrastructure, I need time to capability.

And time to capability comes in the form of simplification. If my underlying infrastructure is really, really simple, then I can then put cloud concept on top, like, on top of that, whether it's cloud controlled, cloud managed, and bring an enormous amount of simplicity to that infrastructure.

And at the same time, I can now provide that time to capability. Whether, again, it's to spin off new stores or mobile clinics and so forth, I can do that almost in an instant. And so that really is the combination of these two forces, coupled with the fact that certainly, the ROI on this as I reduce my transport costs is super compelling. It's these two things that are really, really driving the set of use cases. Invariably, every single customer opportunity starts with either a line of business asking the network IT team that they need more bandwidth, and I'm not willing to pay for it or they are onboarding Office 365 into their infrastructure, and they need to make sure their network is cloud-ready and can embrace the SaaS consumption model, right? And so these are kind of the primary competitive drivers for why we see SD-WAN adoption.

Srinivas Pajjuri

Okay. So it sounds like the availability of cheap broadband and the move to the cloud and also the ease of deployment seems -- those are the key drivers here. And then we keep hearing a lot about -- at least we used to hear a lot about WAN optimization. How is SD-WAN different from the so-called WAN optimization?

Ramesh Prabagaran

That's a great question. And to understand that, let's just go back probably about 8 or 9 years in history. And I mentioned all the sites belonging to an enterprise, they're all connected over really skinny MPLS packets. And just to give you a cost comparison here, MPLS is roughly $200 per megabit per second, and broadband is $2 per megabit per second, right? And so you're looking at 100:1 arbitrage potentially there right there.

So now going back again to the [indiscernible] mode of connectivity was over MPLS, and you used to connect all your sites over T1s, E1s, essentially 1.5 MB and 2 MB sites, right? And then if you really think about it, how we consume applications sitting in our homes, and pretty much most of us get, like, a minimum, I would say, of 20 MB and, in many cases, up to 100 MB or higher coming to our home.

So why is it that enterprises are really connecting over super skinny pipes? But that said, that provided a certain level of reliability, security and so forth, and enterprises did not really think about this any differently. Now if I'm an enterprise and I want to roll out certain high-definition video, for example, or certain applications that overwhelm my skinny pipe, the only choice I had was squeeze more through it. And WAN optimization was a great technology that provided that squeeze function.

So I can take an application traffic, I can squeeze it down and then try to fit it into the skinny pipe. So that way, I don't need to change that skinny pipe to be much, much bigger because much bigger means I need to pay on a monthly basis. So while segmentation came to solve a problem because the mode of connectivity was mostly skinny pipes.

At the same time, it also solved kind of latency problems. So most of the applications were in 4-wall data centers. Irrespective of how large your enterprise is, you usually had maybe 1 or 2 data centers in the U.S., maybe -- and maybe a couple of those spread geographically through the world.

And then if you're a headquartered company out of APAC, then certainly, you have some in APAC and so forth. Now all the traffic really was destined to the data center over skinny pipes and for WAN optimization also played a role there in latency optimization. It would make sure that the application thinks that it's really absolutely possible to the user, and hence, it did quite a bit of latency optimization.

Now that was a problem that WAN optimization solved probably like 8 years ago, and we have seen quite a bit of innovation in that technology. But it's been true to kind of that promise. Now fast-forward to today with SD-WAN, your applications are not in 4-wall data centers anymore. They are in the cloud. They are accessible over the Internet.

They're accessible over any kind of pipe. And at the same time, that dramatically changes the game when I add, like, super high bandwidth to the mix. So I'm addressing more the bandwidth problem, and I'm addressing the latency problem. And so this is a completely different way of thinking about the network WAN where WAN optimization does not have a pretty big role to play in.

Srinivas Pajjuri

Okay, makes sense. And then I know this is a Tech Talk, but we are mostly investors, so I would love to kind of hear some numbers on the market side, et cetera. So let's talk about the TAM. I've seen some numbers at IDC that says the SD-WAN market is going to be north of $8 billion by 2022 or so. So my question is, I know there are different subsegments within SD-WAN, the services, the equipment, et cetera. So what percent -- how much of the TAM do you think Cisco addresses today?

Ramesh Prabagaran

So the number at first needs some clarification themselves. So depending on what use of cash, and they do actually kind of earlier [indiscernible] right? So you have infrastructure and kind of software that you use to build out the SD-WAN network. You have SD-WAN consumed as a managed service, so essentially that service providers and integrators can provide it as a managed service.

There are capabilities built where SD-WAN is the conduit that you can use to access services. So the $8 billion hard number that IDC reported actually is a sum of all of this. And that's, again, forecasted into the future. Now Cisco as a company, we play in a few of those areas, not all of them. It's anybody's guess to see what percentage of that is legitimate and we have a right to play in as well. But I would say it's a multibillion-dollar opportunity for sure, right?

And so that's kind of how I would think about it. There is, as we know, kind of an inflection point here, and that is [intended] as the transition happening from what used to be kind of traditional routing to SD-WAN, especially the cloud and cloud edge and security and all that coming into the mix. And so it sounds there's a lot that actually increases the pie that we play in at Cisco, but the numbers are -- the TAM numbers are anybody's guess right now.

Srinivas Pajjuri

Got it. And then you talked about the drivers for the adoption of SD-WAN. But at the end of the day, the market is still kind of relatively small, I guess, given the TAM opportunity. So is there any impediment that's stopping a more broader adoption? Or do you think it's kind of progressing as you expect? And also, do you see any inflections from either a technology standpoint or a business model standpoint that'll kind of accelerate the adoption?

Ramesh Prabagaran

Absolutely. So I think as we can expect with any transformative or disruptive technology, there are a set of customers who have an acute pain point who want to go procure the technology, use it in their network because it solves the problem for them. So that's kind of what we saw, I would say, probably back in 2014 or so. And then slowly but surely, the number of such customers trying to solve either the same problem or a different kind of problem started to progress.

Fast-forward today -- to today, we are seeing this kind of becoming a mainstream topic of conversation with pretty much everybody looking at the wide area. And so I would put this as the technology is taking -- it's a normal technology cycle where you have the early innovators, and then now it's kind of hitting the mainstream market.

Now at the same time, unlike most other technology disruptions, there's been multiple waves of disruptions that have happened while the disruption is happening, right? So it's not just SD-WAN alone happening, but then there was this whole virtualization movement that started. And virtualization is not new. It has happened for quite some time. It's been happening for quite some time in the data center. But in the wide area space, that's fairly new.

And then couple that with the fact that now you have your patterns, traffic patterns changing in terms of like a cloud consumption, you have 3 parallel waves of disruptions that are happening at the same time. And so that gave a few customers pause to say, "Hey, you know what, I need to understand this better because it seems like whenever I get accustomed myself accustomed to what's happening, I come back to the table, and there are, like, new things that are happening again." So I would say so that's happened probably between, like, 2014 through 2016, maybe early part of 2017. Since then, I wouldn't say that the market has changed or stopped in terms of disruption, but rather, the deployments have accelerated quite a bit.

We are making deployments happen. I mean, there are customers who are rolling out, like, 50 to 100 sites in a single night over a 2-hour or 4-hour maintenance window. So the rapid pace of adoption there has certainly been quite encouraging. At the same time, going back to your question on kind of what are the impediments that we can expect, certainly, the consumption model is not an impediment, but it's a choice that the customer has to make.

There are lots of customers who take the technology, who want to build it themselves and roll it out themselves. There are many that -- in the enterprise that do it themselves. And then you have kind of the other buckets of customers that consume this as they consume WAN circuits. So they consume it as a managed service directly from the telco or from a large integrator and so forth. So once again, when you see a disruption like this, customers want to evaluate, "Hey, do I want to now do this myself, continue doing this myself?

Or if I was a managed service shop, do I want to bring this in-house? Or if I had an operational staff in-house to operate my network, and this seems like a simple technology, can I now go the managed services route," right? And so those are the kind of choices that customers have to make. That's kind of the first-order question.

The second-order question is, how do I want to consume this? Is it physical? Is it virtual? Is it white box, gray box, black box? And so that's, again, another conversation that the customer needs to have with these various vendors. So the delays that you are seeing are really not delays; it's a manifestation of choices that the customer is making.

But at the same time, we have seen those that have a small clarity on what problem they're trying to solve, they go push on the gas really hard. And you're seeing customers deploy basically from 0 to 1,000-plus sites within a single calendar quarter, right?

And that's been unprecedented. Just to give you a comparison, it used to take, like, 18 months or so of rigorous planning and execution to roll things out of that magnitude. Now we are seeing customers roll it out in, like, less than a calendar quarter, right? So we are seeing quite a few positive signs towards one set, and that's what we should continue to expect ourselves.

Srinivas Pajjuri

Okay. Great. And then you talked about the key goal here or key idea is to reduce the cost of broadband by switching from MPLS or kind of optimizing the use of the cheaper broadband. Do you have any examples that you can share with us, any customers rolling out SD-WAN? What kind of OpEx or CapEx savings are they seeing with SD-WAN?

Ramesh Prabagaran

Absolutely. So the expectation, since there is a 100:1 cost arbitrage between MPLS and broadband, is that I'd be able to shave off a significant amount of like WAN OpEx, and WAN OpEx is typically a top 5 or a top 3 budget line item for a CIO. And so when you start to move dollars significantly in one of those buckets, it actually gets their attention.

Now at the same time, what we have tangibly seen based on hundreds of customer deployments is there are customers who want to keep their bandwidth constant, and those customers have been able to realize over 50 to -- 40% to 50% of WAN OpEx savings.

And WAN OpEx savings is not just in terms of circuit costs, but it's also operational -- what used to take like hours or months now can be done in a matter of minutes. And so there's a bit of quantification there as well. So WAN OpEx reduces dramatically if you want to keep bandwidth constant. What we have seen the vast majority of the customers do is they keep their WAN OpEx kind of same, but they are able to get like a 20 to 30x boost in the bandwidth required for their applications.

And so if you take the unit as cost per megabit, then certainly, that comes down dramatically, but customers have been able to use that wisely based on kind of what their needs are. Including [permutation], we have heard time and again that the WAN OpEx is not a number that you arrive at based on your requirements.

It's not that, "Hey, I need 1 MB at this site, 10 MB at that site then I put everything together, and that's my kind of OpEx." Typically, the WAN OpEx is fixed, and the site only [with the] amount of value that they can afford. And so now certainly, if you are able to give 20 times the bandwidth or, in many cases, much more than that, then the applications then go crazy mainly because they can do a whole bunch more with the amount of bandwidth available to them. And certainly, that's the transition and the transformation that we have seen.

Srinivas Pajjuri

Okay, great. And then you talked about the deployment models some customers kind of building their own internal solutions versus managed services versus -- so can you talk a little bit more about that in terms of where you're seeing most traction? How is the sales process? What's the products that you're selling here? Is it just the software? Is it a hardware-software combination? Or is it a service? Or if you can talk about that.

Ramesh Prabagaran

Yes. Actually, I was thinking all of the above mainly because to roll out this technology, what do I need on a minimal basis is, one, I need a piece of software at my branch location, right? And branch in the case of retail is a retail store, a bank branch, you get the picture. That piece of software now provides the value required for SD-WAN to build kind of this overlay fabric, centralized management and so forth. That piece of software now can reside on two types of underlying infrastructure, right? It can be hardware that's provided. Certainly, Cisco provides the hardware as well, so that software adds value to the hardware that it sits on.

Or there are a few customers that want to consume this kind of in a virtualized fashion, and so they can take an x86, put the software and get kind of the same value associated with that. Now unlike traditional routing where the device in its entirety provided all of the value, in the SD-WAN world, it's a combination of the devices at the location in conjunction with all the other devices that it talks to and also a service that you get from Cisco or from a partner, right?

And that service essentially gives you kind of subscription capabilities for ongoing innovation, for centralized management, for centralized control. So going back to then the time to capability, I know that many customers alone, it's really provided by that simple, "I go log on to a UI that's cloud managed, and I can operate my entire network," right?

So we have a customer with 6,000 sites, a large bank with about 6,000 sites, and they have a single UI that 2 skilled people inside their data center actually log on to and manage the entirety of that network, right?

And then so that level of simplicity and consumption model is delivered through the software subscription. So to boil it down, there is a piece that sits at the branch, there is a piece that resides in the cloud, and the combination of these 2 is what you use to deliver on the SD-WAN value.

Srinivas Pajjuri

Got it. And then can you talk a little bit about the sales cycle? How long typically does -- if you're talking greenfield opportunities are there, how long does it typically take from the initial conversations to the deployment? And maybe if you can give some examples as to how these deployments are being rolled out.

Ramesh Prabagaran

Absolutely. So we have seen kind of a wide range of that, so it's hard to pinpoint an average here. But I can give you kind of things, like, 2 or 3 buckets, right? So there are a class of customers who know they have a pain point, has the budget to go address it and are okay kind of seeing a demo either from Cisco or a partner and kind of seeing all the different customers that have used this technology and start to go and deploy. So those are the customers that typically, start of the conversation to deployment is in a matter of a few weeks, right? They're usually less than a month or so.

There are then kind of the major bucket, I would say, where you need to have a more engaging conversation with the customer on, "Hey, here's kind of what your network looks like." So it's not strictly a greenfield; it's kind of a transition from their current network into the new. And so we need to have [one efficient] and then put a network design together, kind of get them familiar with the technology in probably like a week or so and then have them roll things out, right?

So that is usually bounded well within a calendar quarter, but we've kind of seen the number -- the days actually shrink there quite a bit from initial conversation to proof of concept, proof of value and then off they go. And then you have the third bucket which is kind of the large enterprise bucket. We all know those are snowflakes; every single network looks different.

They have been built over a period of time as well and so have all the complexities that you can think of in networks. There, the cycle can take, again, a matter of months to like a few months, right? And so depending on which segment you're talking to and kind of where the customer are -- is in that journey, it can be even like shorter than a week to a matter of months.

We have seen, though, across the buckets, though, that the time to deployment and the time to value have been dramatically coming down. So probably 2 years ago to today, it's actually come down by more than half, and we expect that to shrink even further as the deployments mature and as customers get familiar with the technologies.

Srinivas Pajjuri

Okay, got it. And then obviously, Cisco has other solutions that are kind of somewhat related to SD-WAN, maybe Meraki or even before that, there was something called IWAN. Can you talk about the differences between the Viptela solution versus Meraki and IWAN?

Ramesh Prabagaran

Absolutely. So Cisco has two solutions in the portfolio that we aggressively go out to market with. One is certainly the Viptela solution, the other one is the Meraki solution. Both are bundled under the portfolio of Cisco SD-WAN, and they try to serve different markets. Meraki serves the lean IT, easy-to-use, really simple network-type use cases.

And then Viptela certainly addresses kind of the mid-market, large-enterprise sophisticated use cases and so forth. So those are really 2 solutions we have in the portfolio for conscious reasons, and they, again, serve different markets as well. IWAN was kind of the precursor to the Viptela acquisition. And after the acquisition, we certainly made a conscious choice to make sure that, hey, we've made customers who have already deployed IWAN whole.

And so we continue to support them. But at the same time, in terms of go-forward investment and resources, we said we are going to invest in one track to provide customers that clarity around a single solution, and that's in the Viptela track. Now the things and what to have done is we have taken kind of the really good nuggets out of IWAN and also have integrated that -- because this is all-in software, we have integrated that with the Viptela acquisition.

So now we have kind of pieces of IWAN that customers really love. We have taken that. We have taken kind of the cloud-managed, cloud-controlled, easy-to-use sophisticated set of use cases that comes with the Viptela technology. And we have used this on top of kind of Cisco's flagship routing products, enterprise routing products.

So it's actually a good marriage of many different pieces that have come together. And as with all things, we made sure that we made conscious choices of what we are going to invest and what's going to continue versus what we are not going to invest in.

And we made that clear to customers. We have been talking to them for about a year now, and many over the last few months or so have gotten very comfortable with it to the extent that they have done a POC or a POV and have rolled things out as well.

Srinivas Pajjuri

Okay. Got it. And then I think you've been talking about offering Viptela on top of Cisco's existing ISR and ASR routers as well as integrating Viptela into the Cisco DNA platform.

So can you talk about where you are in that process? And then a couple of weeks ago, I was listening to VMware. They mentioned something called a Project Dimension. I think they're talking about integrating NSX and VeloCloud. So I'm just trying to understand the differences between their approach and your approach when it comes to this integration.

Ramesh Prabagaran

Sure. Great question. And I'll address the first part, which is around integration, and then I'll talk about the differences in kind of the architectural approach that we have taken. The first one is around the integration itself. So we have -- certainly, Cisco and the ISR brand in particular is kind of like a household name in network and IT, right?

And so we wanted to make sure that we are able to leverage either that footprint or the brand or the set of capabilities that have been built over a period of time. So naturally, as you can expect, we took the Viptela software, integrated that into the ISR platform, made the ISR -- kind of we moved the ISR from a stand-alone device to now certainly being cloud controlled and cloud managed. And so that transition and that development happened over 9 months.

And in July, we provided the first version of software where if I'm a customer already having an ISR 4K, for example, then just using a software upgrade and a new subscription, I can now get all of the SD-WAN capabilities, and my ISR now certainly starts to become cloud managed and cloud controlled as well. So that happened a couple of months ago. We have already seen a huge ramp in customers evaluating that solution and also the initial deployment as well.

And then we expected that mainly because of the footprint that the ISR and the ASR platforms have. Now at the same time, that was looking at it as step 1 because we wanted to integrate the two technologies together and get that powerful force behind us. At the same time, we said now let's start -- let's not just think about the wide area as a stand-alone problem.

Let's look at what else do we need to solve at the enterprise level or at the enterprise network level. I know certainly, if I go all the way from a user to an application, I have kind of wireless switching, I have routing security and all these pieces that need to come together in order to provide that continuum from a user to an application.

And that's really the journey that we are on right now. Cisco with the DNA architecture and DNA Center for management actually brings those elements already together for the access portion of the network. And actually, we are now integrating the WAN piece of it with that as well. We want to make sure that we have a common pane of glass, a single pane of glass that can provide customers the value.

At the same time, underneath the covers, it can be wireless, it can be switching, it can be routing and various other portions of the network that come together. But ultimately, we want to be able to tie all these pieces together, right? Why? There are many reasons why.

One very good example that many customers have brought to us is really around things like end-to-end segmentation, so the access portion of the network is able to segment out certain devices, segment out certain applications while the WAN portion of the network does that but in a slightly different way, focused more on the application.

On the one hand, users, versus maybe one hand, there's applications, visibility. Naturally, I can bring those two things together and provide kind of an end-to-end segmentation. So this is, again, an example of what we can do, also, things like assurance, ease of troubleshooting and so on and so forth.

So we are not stopping here. First order of business was to integrate into kind of the flagship product that Cisco has and get that force multiplier behind us. And now it's about kind of evolving that journey to be essentially what DNA set out to address in the first place.

Srinivas Pajjuri

Got it. So I guess I do want to touch upon the competitive landscape as well. So maybe starting with VMware's VeloCloud, there are several other start-ups out there. If you can kind of compare and contrast your approach versus VMware and some of the other start-ups out there, that would be great.

Ramesh Prabagaran

Absolutely. Yes, so there was the second piece of it. So the approach to solving the problem -- I mean, certainly, as you should expect in any technology, there are feature differences. But feature differences are not what really move the needle or the first-order considerations for a customer either. It's really the architectural approach to solving the problem.

We took the architectural approach of having everything be cloud controlled and cloud managed. And both of those are important because we felt because the traffic is moving, applications are moving into the cloud, IoT devices are coming into the infrastructure, you really will not have control over kind of what the underlying network or what the industry calls topology looks like.

I can't say everything is going to go to my data center, everything is going to go to the cloud. I may have sites that want to talk to each other. I may have people that want to talk to each other within those sites and so forth. And so that fluidity of that and where I'm in was really not something that's fixed in a point in time; it's going to evolve over time. So we went down the path of having a cloud-controlled and cloud-managed platform.

Now certainly, underneath the cover, there are lots of [blocks] that are built in with respect to connectivity, with respect to security, WAN optimization and so forth. So that was the approach that we took. Now certainly, VeloCloud, Silver Peak and a few others have taken a slightly different approach, depending, again, certainly on where they started.

Some have started with kind of your 20-site, 30-site-type customers, really not your large enterprise. And so the problem that they were trying to solve was one of centralized management, so there was no notion of centralized control. The fluidity of the underlying network was not really that important for them to solve, right? And so they solved kind of the centralized management with simplicity problem first. And then there are a few other WAN optimization players who came at it from what you need to get about Mr. Customer is only application optimization.

And the network is something that just works, right, and so they came at it slightly differently as well. So what you have right now in the market are competing architectures, one that focuses, in our case, on kind of building connectivity, security with centralized [and full-on] management first and then bringing in kind of this application intelligence and the ability to steer a few things based on policies and so forth on top of that.

A few others have come at it kind of top down, I would say, some in the application-focused space. So the unit of operation there is an application and then kind of network is something that's just assumed to work. And so it's really the approaches to solving the problem that's different. And actually, as a result, the more sophisticated the customer, the more set of capabilities you will need, and they are able to address those a lot faster.

We are also scaling our motion through our channel partners, like service providers, channel partners and so forth, so that we can go and address the 20-, 30-site opportunities as well. So we have taken, again, a slightly different approach to this problem.

Now the part that you mentioned, virtualization, Project Dimension and so forth, is really around, what is the underlying platform? Industry calls this black box, white box and gray box. Black is kind of akin to the ISR/ASR, which is like entirely provided, life cycle managed by the vendor. White box, on the other hand, we all know what white box is.

You take a commodity, execute it, you run software on it, and off you go. What we have seen, though, in the networking space in particular, which is very different than what we have seen in the data center, right, is the level of competence and the level of skill that network operators have to deal with virtualization is not at the same level as what you would expect with data center-focused, application-focused level of equipment operators. And so naturally, what that has managed [indiscernible] is the whole white box movement is not as prevalent. It has promise, but it's not as prevalent because there is the -- an interesting term that the industry uses, which is mean time to innocence. If there is a problem, how do I know where the problem is? Is it in hardware? Is it in [hardware] providers?

Is it in the software that runs on top of it? And how quickly can I pinpoint it down to who's causing that problem? So this mean time to innocence is actually a reference to kind of this white box movement. And so many customers have come to us and said, "Hey, you know what, I like the promise that this application gives me. But how would you, Cisco, give me this application?"

And so hence, as a result was this term that was born called gray box. Gray box is essentially Cisco providing a virtualized network platform and software on top of it. You can put our software, you can put third-party software, and you can use the underlying Cisco platform and the orchestration. So essentially, you're taking kind of step 0.5 towards a virtualization movement.

And our approach to this was, hey, customers have said they want us to handle the whole life cycle. They want to see the disaggregation between hardware and software, but they want us to handle the life cycle of the entire thing. And so our solution is that there's a few others who have gone down the path of a hardware ODM, so you bring best-of-breed hardware from any of your vendors out there, and then you provide kind of a reference design that goes on top of it.

Again, there are different approaches to solving the problem. And certainly, as with all things, we keep our antennas on high alert as well and talk to the customers importantly to see which one is going [to wait].

Srinivas Pajjuri

Okay. Great. And then there's a view out there that SD-WAN essentially cannibalizes Cisco's routing business or branch routing business. So I guess to what extent do you think SD-WAN is incremental versus being a zero-sum game for Cisco?

Ramesh Prabagaran

Yes. So that's a great question, and it's one that definitely requires clarification. So if you take kind of what customers value, right, if you take a router as a router, then the set of functions that it provides are things that are assumed in the SD-WAN world. So today, if a customer purchases an SD-WAN solution, there comes an endpoint along with that solution which actually has a lot of the capabilities of what a router does. So the value I attribute back to that router is not the same as it was before.

And so when you see many claiming that the market is declining and this is going to be extremely dilutive and so forth, it's really they -- what they are talking about is the value that's associated with that function and doing a straightforward apples-to-apples between the before and the after. Now in the SD-WAN world, that's just one of many things that constitute the solution.

So now I have kind of the routing function. I also need access to the cloud. I need kind of security that needs to come along with it because guess what happens when I bring an Internet circuit and connect it to every enterprise location? I need to bring the carrier because otherwise, I'm opening up my enterprise to a wide variety of attacks coming from the Internet.

And so if you look at it as a sum of those parts, which is I bring in kind of the routing functions, I bring in cloud access, cloud consumption, I bring in kind of an element of WAN optimization, I bring all of the network security and the higher-level security function, then that starts to become a much bigger pie than it was before.

And so if you look at it, if you look at the problem at apples-to-apples, then yes, we have traditional routing, and the dollars that customers associated -- associate to that may decline. But the net of it is now I'm moving value to software and moving value to subscription. And so the sum of that now starts to become a lot bigger.

Srinivas Pajjuri

Okay. Got it, got it. And now that's also a great segue to my next question, which is related to security. So obviously, now SD-WAN is sending some of the traffic through the Internet, and security becomes, I guess, an important issue there. So I guess how does security work along with SD-WAN? Is it kind of fully integrated, embedded in the SD-WAN solution? Or is it a separate solution? If you can talk about how security and SD-WAN go along together.

Ramesh Prabagaran

Absolutely. So there are a set of functions -- security functions that you need natively embedded into SD-WAN. So the -- so things like application firewall and a variety of other network security functions are absolutely required. Why? Because I'm bringing broadband and connecting that to every single site, so I need to make sure I'm protected as an enterprise.

So those, I would say, are like core and table-stakes functions that every SD-WAN solution needs to provide. We don't see that being provided by many vendors, but it needs to be provided. That's -- I would say that's important. The next layer up is kind of like segmentation, right, one where I'm reducing either if I'm a security architect looking at a solution, I need to reduce my [block rates], I need to reduce my attack surface and so forth.

So I take my compliant traffic and segment them out. I take my industrial IoT devices, I segment them out and so on and so forth. So segmentation, again, provides a lot of security function. Then on top of that, you have kind of, what intelligence can I get in terms of traffic going out to the Internet? So if I'm kind of providing guest WiFi function, so if I'm a bank and I'm providing guest WiFi to the -- my clients that are walking inside, then, a, I need to make sure that, that experience is good.

At the same time, I don't want somebody to sit inside and launch an attack that's sent to some other sites, sitting from within my bank branch. So I need some level of visibility, some level of protection and so forth, which I didn't have to worry about too much before, but now I need to because I'm taking my user traffic and then sending it out directly from the bank branch itself.

And so that, again, provides -- that essentially means that I need to bring a few more of the security functions. Now layer up above that is all the enterprise traffic that gets sent to the Internet or to the cloud, what the industry calls as a secure Internet gateway or a secure Web gateway. And so those functions, again, need to be added as well. So depending on kind of how you look at it, there's a basic set of network security functions, there's segmentation, there is guest WiFi, and then you have kind of a single function that needs to be added on top.

Certainly, Cisco has a very robust security portfolio, one that plays across the whole stack. And so naturally, both after the acquisition and through the integration process, we've been constantly integrating the security product into SD-WAN as well. We feel the conversation are 2 in a bag.

Our customers -- we cannot make a sale happen until they talk to the people. And so there is a natural synergy there. And the more you are able to show in the form of security, the better off it is. So naturally, that provides a certain level of amplification as well to the overall opportunities.

Srinivas Pajjuri

So essentially, are you saying that SD-WAN will have to eventually integrate any new branch office security, software devices such as firewall or any endpoint security software?

Ramesh Prabagaran

That's right, yes. So the tighter the coupling and the more intelligent the feedback loop, the better off your solutions will be. Now from a security standpoint, in the WAN space, what you care about is financially the application experience and the liability. In the security space, you don't care about those things, but I care about efficacy, I care about a whole bunch of other things. So the tighter the integrations are, the better off you are because again, that gives you the level of protection that you need. So there's several things, right?

Our DNS-based protection, right? That's something that Cisco has acquired in the form of OpenDNS, now called the Umbrella suite, that gives you a robust set of capabilities not just for visibility but also for protection for Internet-bound traffic. And all I need to do is just point DNS, and off I go. And so things of that sort were never available before but can now be brought into the infrastructure and provided to customers as well.

Srinivas Pajjuri

Okay, got it. So I do want to move on to the revenue model for this business. But before that, I just want to clarify something. So you talked about integrating SD-WAN software on top of ISR/ASR routers, et cetera. And we also keep hearing a lot about this virtual CPE. Can you talk about in terms of how that relates to SD-WAN implementation? And what does that mean when someone says vCPE?

Ramesh Prabagaran

Yes, absolutely. So vCPE is kind of the whole virtualization movement. So SD-WAN is a technology, it's a solution. How I consume that solution can be in physical CPE or it can be in a virtual CPE. And this is the whole black box, white box, gray box movement that I was talking about as well.

So virtual CPE here can be either the white box or the gray box. Ultimately, the customer at that point has said that, "Hey, I buy into the value that's provided in software. I do not want to consume this on a fully integrated, vendor-provided hardware. I need to disaggregate those 2 and give it to me on a virtual CPE," right?

And so yes, absolutely, we can provide that with the value. We provide it in software, and hardware is kind of a platform that enables it or if the customer chooses to go buy different platforms, then they can choose to do that as well as we may be very able to provide the value to them.

So vCPE is this whole movement towards kind of making the CPE or the customer premise equipment at the bank branch or retail store and then so forth become really simple, in some cases, thin, and you can actually size it up and down based on what your requirements are. And all of that innovation is provided in software.

Srinivas Pajjuri

Got it, okay. And then the revenue model, obviously, before SD-WAN, I think the branch office routers were sold on a perpetual licensing basis. So can you talk about what you're doing with SD-WAN? I believe it is a term license. And what kind of -- if you have any data to share with us as to what kind of licensing models are you seeing in the field.

Ramesh Prabagaran

Absolutely. So I can talk about kind of the structure of the subscription model itself. So today, SD-WAN is provided. So in order to -- in order for a customer to consume SD-WAN, they really need two pieces. One is, if they're buying the hardware from us, then certainly, the underlying platform, and there is a cost -- a fixed cost associated with that. And then there is a subscription license, which is a large portion of the deal structure that they need to consume.

Now the subscription license certainly, as you would expect, in any kind of an enterprise model has various tiers and [existing capital] rows and columns. On the rows, I can consume this in terms of bandwidth, mainly because that's how I buy circuits today if I buy 10 MB, 20 MB, 100 MB, 1 GB and so forth. And so they purchase the SD-WAN solution, a, in terms of bandwidth; and b, in terms of kind of a good, better, best type of capability.

So going back to like really, really simple use cases over there to super sophisticated, based on that, you have 3 different tiers. So based on what bandwidth I need and what tier I am in, I take a certain subscription license, and it's the underlying hardware plus the subscription license that gives me access and capabilities to operate my network. It's really, really that simple.

Now as you can see, there are no additional things like services and ongoing maintenance and whatnot that come on top of it because we have bundled all that into the subscription license as usually expected in a SaaS type of -- or subscription-like motion.

And so the customer -- if I'm an existing customer that has an ISR, then I just buy a subscription license, and off I go. If I'm refreshing my network entirely, then I have to buy the underlying hardware, and I have the subscription license that goes on top of it. In the SD-WAN motion, we have gotten rid of all the perpetual licensing. And so it's really down to underlying hardware and subscription licenses, and that's it. And that's offered in various terms and tiers and bandwidth as well.

Srinivas Pajjuri

Got it. And then we have another 10 minutes or so, so I've got a few more questions. One of the things, one of the side effects of SD-WAN is the, I guess -- correct me if I'm wrong, the idea is to move some of the traffic away from MPLS to broadband. So that's obviously negatively impacting the MPLS service providers. So what kind of reaction have you seen from them?

I did read somewhere that Comcast is offering their own SD-WAN solution, and I know you partnered with some of the telco service providers as well. So what are you seeing out there from -- in terms of their reaction?

And sometimes I also feel that there may be some conflict in -- because you're offering managed service providers and essentially, in a way, competing with some of your customers. So I just want to hear your thoughts on how you're managing that process.

Ramesh Prabagaran

Yes, great question. So I'll answer the first part first, which is, how are the service providers looking at this? The initial reaction probably back to like 2014, 2015 was exactly as you described, which is, "Hey, this is going to cannibalize my MPLS revenues. So what does this mean for customers? What does this mean for my revenue sources and so on and so forth?"

Fast-forward to today, I think most of the service providers, I would say a significant majority, have kind of moved away from that mindset to, "Hey, this is net accretive to my business. Why? Because I'm -- if I already have an MPLS customer, then I go to them and say, 'Keep that circuit because you need a high reliable circuit. You can choose to downgrade the bandwidth if you want or if you want to keep it exactly the same, keep it as such.

But I give you two more things. What are those two more things at a minimum? I give you broadband circuit because now I give you 20 times the bandwidth, and I give you 4G LTE as circuit of last resort because in the past, if there was a fiber cut, then you're pretty much out of luck, Mr. Customer. But now even if there's a fiber cut over LTE, I can keep your business running.'"

So at a minimum they're offering these 3. Now on top of this, I now have a unique opportunity to go and upsell the customer or provide this is a managed service because I first have -- the kind of service or the kind of conversation with the customer, do you have operational staff in-house to operate this network? And if the answer is no, I just go down, I go tell them,

"This is what the pricing model looks like." On a monthly basis, you saw -- you pay so much for a device for managed service, and off you go. I give you all the goodies that SD-WAN promises, but now you can consume this as a service back from the service providers. The ones who have actually taken that leap of faith have gone, and operationalized customers have also realized that an SD-WAN sale, just for us, even for the MSP, is actually -- the size of those opportunities are a lot bigger than what it were if it were just circuit only, right?

And so just apples-to-apples, the size of the pie has increased even for the service providers because they're not only now providing circuits, they're providing cloud access, they're providing managed security and a whole bunch of things that come with it.

So that pie is increasing. Again, it takes a little bit of time for the service providers to kind of get through these phases of, "I am going to cannibalize or I'm going to see a decline in my MPLS values but then actually start to see that offset by these additional services." And so you've seen many of the Tier 1 service providers actually head down that path for sure.

Now coming to the second part of your question, which is, how do we see this conflicting -- so there's really not a conflict mainly because customers have choices here. They can consume this technology, so Cisco can host it out of the Cisco Cloud and provide it to the customer. We are not in the managed services business, and so a customer still needs to invest in operational stuff to manage the network if they are dealing with just an old customer or they can choose to consume the technology and have the managed service provider manage it.

So either which way they go, it's really their choice in order to make the right decision and in order to operationalize the network the right way and so on. So we have not seen a whole lot of conflict out there as far as the customer goes. Now as far as the service providers go, it's the same argument as before: we are not really there to take away their MPLS revenue.

The customers are demanding they need SD-WAN, and so they are -- the service providers have to provide that solution to them. So what this also introduces, a [part] we have not talked about is rise of a brand-new set of players, what I would call as the pure over-the-top players because the telco providers and the service providers have historically had the baggage of the underlying circuit, so the set of circuit and the set of service on the top of it.

Beauty of SD-WAN is I don't need to sell the underlying circuit; I can still offer service on top of it. And so this is kind of linked to the rise of a brand-new set of players who we have not seen as managed service providers now say, "Hey, you know what, I don't need to own the underlying circuit and invest billions of dollars to build out that network.

I can provide a compute infrastructure. I can actually tie that to my OpenStack. I can build a portal on top of it, use the underlying SD-WAN solution and then offer it as a managed service back to my customers. And I can tell the customer, you go purchase the circuits from whoever you want."

And so we have seen that rise in prominence as well, basically with the large integrators and in a few other value-added partners as well. Basically, there are things to watch out for as we see the industry move in a certain direction, but too early to call, again, who's going to win on this one either.

Srinivas Pajjuri

Great. And then we are almost out of time, so this is my last question. So in a world where -- let's assume that 100% of the traffic goes to public cloud or the SaaS providers and there's no need for MPLS, so what's the value of SD-WAN in that scenario?

Ramesh Prabagaran

So first off is the value of MPLS does not go away. Maybe it reduces in prominence because I'm using it only as a high-grade secure circuit and such. So we keep adding to the pie. The value that SD-WAN still provides is one of ease of use; and two, access to a multi cloud. So the cloud -- so when you're talking about connectivity to the cloud, it's not just going from a site to AWS or a site to Azure, it's actually going to multiple cloud.

In fact, the recent studies that I saw that said customers on an average use 3.8 cloud location for their production and around 1.2 for their [demand test]. And so at a minimum, you -- we live in a multi-cloud world. And in a multi-cloud world, the value that SD-WAN provides is one of which application is doing well. And so I'm up-leveling the conversation here to say, "Here are my CRM applications and my finance applications that reside on this cloud. Here are my big data analytics applications that reside on this other cloud.

And I choose -- being in the middle, the SD-WAN platform chooses which one goes best." And so that's really the evolution of the platform. At the same time, visibility into the underlying applications and how things are used in anomaly detection and so forth is also where the next battles are being fought, right? Once you solve the connectivity problem, once you solve the access to cloud, it's all about the power of data, it's all about like security and so forth.

And those are like fundamental things that SD-WAN provides. How do I give you visibility? How do I provide you security? How do I give you application assurance? Those are all properties of SD-WAN as well. So we feel this is driven intensely. Even though we have solved quite a few problems, the best is yet to come.

Srinivas Pajjuri

Got it. Well, that concludes our conference call for the day. Thanks, Ramesh. That's been very helpful. And thanks, Gloria, and thanks, everyone, for joining us.

Ramesh Prabagaran

Thank you. Thank you for your interest.

Gloria Lee

Thank you.

