View
4
Download
0
Category
Preview:
Citation preview
All specifications subject to change without notice. © 2012 Cisco and/or its affiliates. All rights reserved. 1
Bringing the Cloud to Remote Offices: Application Visibility and Survivability Matt Bolick Technical Marketing Engineer
July 25, 2012
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 2
• The Impact of Cloud Applications
• Cisco Cloud Connectors
• onePK – The Universal Network API
• Application Visibility and Control
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 3
Most Interactions are Controlled within LAN via Desktop - PC’s and Phones
CAMPUS
DATA CENTER
Vertical
Apps
Share
Point
Voice,
Video
SAP,
Oracle
Old Priorities:
• Local application performance
• File & print sharing
• Voice quality
• Web security
• Media processing
BRANCH Windows
or Mac
TDM,
H323
THE
NETWORK
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 4
Interactions are Controlled through WAN by Users with Multiple Devices
CAMPUS
DATA CENTER
Vertical
Apps
Share
Point
New Priorities:
• WAN/Cloud performance
• VDI support
• Video quality
• Cloud security
• Management and visibility
Voice,
Video
SAP,
Oracle
BRANCH
SIP,
H264
IOS,
Android
Windows
or Mac
Citrix,
VMWare THE
NETWORK
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 5
Performance 41%
Security 35%
Operations 13%
Need for a Major Architectural Shift in the Network
Typical WAN can’t handle more than 20 VDI sessions
Hybrid Cloud Islands with no Any to Any VPN connectivity to the Enterprise
Reduced: Opex and Headcount to manage IT infrastructure
Typical user of cloud application prefers 50ms of latency- most IT Managers can’t predict behavior1
90% of organizations back-haul Internet traffic over costly WAN links for Security
Inconsistent policy and visibility to manage DC, Branch and Cloud Infrastructure
Private Cloud / Virtual
Desktop
SaaS / Hybrid Cloud
Private / Hybrid Cloud
All specifications subject to change without notice. © 2012 Cisco and/or its affiliates. All rights reserved. 6
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 7
Delivering Optimal Experience, Pervasive Security, and Simplified Operations
Cloud Services Users
Branch Private/Public/Hybrid
Cloud-Ready Platforms
OS
HQ / Data Center Cloud
Integrated Management and Policy
ISR ASR CSR
Visibility Optimization Collaboration App Hosting
Branch Office
Cloud-Ready Network Services
Web Security
Storage
3rd Party
Collaboration
Survivability
Cloud Connectors
Security
DC
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 8
A cloud connector is a piece of
software within a branch router
that improves the performance,
security or availability for cloud
applications in remote sites.
Definition of a Cloud Connector:
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 9
ISR with Cloud
Connectors
Cloud Connectors bring a piece of
the cloud into the branch to improve:
• Performance
• Security
• Availability
ISR G2 Services Improve
Cloud Performance Further
• HQoS
• WAAS
• AVC
• PfR
Cloud
Apps
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 10
ScanSafe Connector on ISR
Enterprise HQ
Internet
Direct Local Internet Access
ScanSafe Connector
A portion of ScanSafe
web filtering intelligence
is brought into the
branch router.
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 11
Enterprise
IP WAN
(MPLS)
Branch Office Branch
Office
Headquarters
A
CUBE
CUBE
CUBE
Branch Office
CUBE
WEBEX
CUBE
Connector Function
Connector function is a dial-peer on the router that sends calls from CUCM (inside) to WEBEX (outside). Special configuration on CUCM
(ie dedicated SIP Trunk) and WEBEX is required.
WEBEX Cloud Connector
• Cisco Solution
Webex CCA service over customer WAN to WEBEX
CUCM + CUBE deployed at customer and WEBEX Cloud
• How does it work?
A speical configuration is placed on WEBEX Cloud and on customer premise with CUCM + CUBE
Call to WEBEX numers are routed via SIP to Cisco WEBEX Data Center
• How is this a connector
Dial peer connects the on premise CUCM to Cloud based WEBEX using SIP with special configuration to associate WEBEX Calls with customer IP Addressing.
• Benefits
Free audio calls covered by WEBEX subscription
Voice SLA offered by private IP WAN
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 12
Cloud Storage Connector (PoC)
End-User Virtual Portal • Users access their own cloud
backups and folders, restore
and share files.
MSP Admin Portal • Manage end-user accounts,
service provisioning and billing
Cisco ISR G2 and UCS® E-Series with Cloud Storage Gateway
MSP Network
Backup Agent for
Roaming Laptop
Branch Office
Agent-Less Solution
Cloud storage is
cached in the branch.
Branch files are backed
up to the cloud.
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 13
Build-Your-Own Cloud Connector
ISR Host Router
UCS-E Series
VM
Cloud
Service
VM
VM
Clo
ud
Connecto
r onePK
API
Cloud
Connected
Service
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 14
Compact, Multipurpose Blade Housed in ISR G2
Up to 3 SATA, SAS, SSD hard
drives or 2 HDD and a PCIe card
Intel Xeon E5-2400 quad
core or six-core processor
On board hardware RAID 0, 1 and
5 •Configuration Options with Hot-Swap
Capability Two External and Two Internal GE Ports
with TCP/IP Acceleration
Front-panel VGA, 2 USB, and serial
console connectors
8 GB - 48 GB
DRAM Options
Maximum 130 W Power Draw
80% Less Than Server
Wire-Free, Plug-and-Play Modularity,
Low Shipping Weight (7 lb / 3.2 kg)
Remote and
Schedulable Power
Management
iSCSI Initiator
Hardware Offload
Two SD cards: one for the CIMC and
temporary storage of OS and one for a
blank virtual drive
Lights Out
Configuration
& MGMT
Through
CIMC
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 15
PfR QoS
WAAS Medianet
AVC IPSLA
UCS-E OnePK
Map services to
appropriate WAN links
Tools tailored to the
needs of collaboration
applications
Revolutionary
application recognition
and reporting tools
Powerful connectivity
between applications
and network devices
Ensure appropriate
service level for cloud
services
Best-in-Class App
Acceleration
Verify the performance
of apps over the WAN
Hosting platform for a
variety of services and
connectors
All specifications subject to change without notice. © 2012 Cisco and/or its affiliates. All rights reserved. 16
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 17
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
Data Plane
Monitoring
QoS
Security
Routing
Discovery
Interfaces
Vast Toolkit
• Familiar
• Many knobs
• Controlled Access
• Special Purpose Tools
Not Vast Enough
• Gaps
• Inconsistencies
• Not programmatic
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 18
Consistency Across
Platforms Rich Actions
Modern Programming Languages
Multiple Deployment
Models
Data Plane Interaction
Routing
Discovery
Interfaces
Monitoring
QoS
Security
Data Plane
APP
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 19
• Leverage and extend the infrastructure in pace with business needs
• Allow closed rapid in enterprise innovation cycles Innovate
• Quickly develop systems and applications that leverage the deployed base of Cisco switches and routers
Quickly
• Reduce development/deployment times – “write once, deploy anywhere” One Time
• Extend/upgrade/add features without upgrading OS
• Consolidate services / reduce hardware footprint
With Less Churn
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 20
IOS IOSd/XE XR NX-OS
Application 1) Write An
App
2) App
Talks To
Devices
3) Devices
Do Stuff
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 21
Thrift / Sockets
Application
C
APIs
Java
APIs
Python
APIs
IOS IOSd/XE XR
Network
Abstraction
NX-OS
Network
Abstraction
Network
Abstraction Network
Abstraction
1) Write An
App
2) App
Talks To
Devices
3) Devices
Do Stuff
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 22
Base
Element
•Element Capabilities
•Configuration Management
• Interface/Ports Events
•Location Information
Utilities
•Syslog Events and Queries
•AAA Interface
•Netflow Events
•DHCP Events
Discovery
•Network Element Discovery
•Service Discovery
•Topology Discovery
Developer
•Debug Capabilities
•Tracing Interfaces
•Management Extensions
Data Path
•Packet/Flow Classifiers
•Copy/Punt/Inject
•Statistics
Policy
• Interface Policy
• Interface Feature Policy
•Forwarding Policy
•Flow Action Policy
Routing
•Protocol Change Events
•RIB Table Queries
Extensions LISP
•Mapping Server
•Resolver
•Registration
•Discovery/Security
Identity
•Authentication Events
•End point identity
•Device Type
•Identity and location
Diagnostic Analysis
•pathtrace/IAMP Interface
•Custom collectors
•Custom collection profiles
And More!
Integrated Value
All specifications subject to change without notice. © 2012 Cisco and/or its affiliates. All rights reserved. 23
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 24
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 25
Year
Classification
Mechanism
Stateless L4
Port based
No protocol
Classification
Statefull (flow based)
L7 Signatures
MPE – Multi-Packet
Engine
Behavioral
Classification
Statistical
Classification
1990 2000 2010 2020
Telnet, SNMP, SSH
HTTP, NNTP, POP3
RTP, Skype, Bittorrent
P2P, VoIP, Skype, VoIP
Encrypted, Day-Zero
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 26
Use QoS or PfR to
control application
network usage to
improve application
performance
ASR1K
ISR G2
Control
High
Med
Low
Advanced reporting
tool aggregates and
reports application
performance
App Visibility &
User Experience Report
Reporting Tool
ISR G2 & ASR collect
application bandwidth
and response time
metrics, and export to
management tool
ASR1K
ISR G2
NFv9
FNF
IOS PA
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
App BW Transaction
Time
…
WebEx 3 Mb 150 ms …
Citrix 10 Mb 500 ms …
DPI engine (NBAR2)
identifies applications
using L7 signatures
ASR1K
ISR G2
Deep Packet
Inspection
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 27
My query
is taking
long time!
My email is
slow!
Branch Data Center
How do I
ensure my
SLA is met
Reporting Tool
WAN
NFv9
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 28
Cisco Insight
Cisco Prime NAM
Cisco Prime Assurance
Manager (PAM)
•Application visibility report
•Multi-tenant with role-based
access
•Support application visibility
report and response time
•Support ISR G2, ASR, and
WAAS
•Comprehensive Enterprise
Performance Management with
global dashboard & drill-down
•Network infrastructure
monitoring
•Application visibility report,
response time, and medianet
perf-mon
•Configuration through NCS
New
Supported
Platform ASR1K, SCE
ISR G2, ASR1K, WAAS,
Netflow devices
ISR G2, ASR1K, WAAS, NAM,
Netflow devices
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 29
Cloud Connected Solution:
http://www.cisco.com/go/cloudconnected
UCS E Series:
http://www.cisco.com/go/ucse
onePK:
http://www.cisco.com/go/onepk
Application Visibility and Control:
http://www.cisco.com/go/avc
Thank you.
Recommended