Bringing the Cloud to Remote Offices: Application …...Share Point New Priorities: •WAN/Cloud performance •VDI support •Video quality •Cloud security •Management and visibility

All specifications subject to change without notice. © 2012 Cisco and/or its affiliates. All rights reserved. 1

Bringing the Cloud to Remote Offices: Application Visibility and Survivability Matt Bolick Technical Marketing Engineer

July 25, 2012

© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice. 2

• The Impact of Cloud Applications

• Cisco Cloud Connectors

• onePK – The Universal Network API

• Application Visibility and Control


Most Interactions are Controlled within LAN via Desktop - PC’s and Phones

CAMPUS

DATA CENTER

Vertical

Apps

Share

Point

Voice,

Video

SAP,

Oracle

Old Priorities:

• Local application performance

• File & print sharing

• Voice quality

• Web security

• Media processing

BRANCH Windows

or Mac

TDM,

H323

THE

NETWORK


Interactions are Controlled through WAN by Users with Multiple Devices

CAMPUS

DATA CENTER

Vertical

Apps

Share

Point

New Priorities:

• WAN/Cloud performance

• VDI support

• Video quality

• Cloud security

• Management and visibility

Voice,

Video

SAP,

Oracle

BRANCH

SIP,

H264

IOS,

Android

Windows

or Mac

Citrix,

VMWare THE

NETWORK


Performance 41%

Security 35%

Operations 13%

Need for a Major Architectural Shift in the Network

Typical WAN can’t handle more than 20 VDI sessions

Hybrid Cloud Islands with no Any to Any VPN connectivity to the Enterprise

Reduced: Opex and Headcount to manage IT infrastructure

Typical user of cloud application prefers 50ms of latency- most IT Managers can’t predict behavior1

90% of organizations back-haul Internet traffic over costly WAN links for Security

Inconsistent policy and visibility to manage DC, Branch and Cloud Infrastructure

Private Cloud / Virtual

Desktop

SaaS / Hybrid Cloud

Private / Hybrid Cloud



Delivering Optimal Experience, Pervasive Security, and Simplified Operations

Cloud Services Users

Branch Private/Public/Hybrid

Cloud-Ready Platforms

OS

HQ / Data Center Cloud

Integrated Management and Policy

ISR ASR CSR

Visibility Optimization Collaboration App Hosting

Branch Office

Cloud-Ready Network Services

Web Security

Storage

3rd Party

Collaboration

Survivability

Cloud Connectors

Security

DC


A cloud connector is a piece of

software within a branch router

that improves the performance,

security or availability for cloud

applications in remote sites.

Definition of a Cloud Connector:


ISR with Cloud

Connectors

Cloud Connectors bring a piece of

the cloud into the branch to improve:

• Performance

• Security

• Availability

ISR G2 Services Improve

Cloud Performance Further

• HQoS

• WAAS

• AVC

• PfR

Cloud

Apps


ScanSafe Connector on ISR

Enterprise HQ

Internet

Direct Local Internet Access

ScanSafe Connector

A portion of ScanSafe

web filtering intelligence

is brought into the

branch router.


Enterprise

IP WAN

(MPLS)

Branch Office Branch

Office

Headquarters

A

CUBE

CUBE

CUBE

Branch Office

CUBE

WEBEX

CUBE

Connector Function

Connector function is a dial-peer on the router that sends calls from CUCM (inside) to WEBEX (outside). Special configuration on CUCM

(ie dedicated SIP Trunk) and WEBEX is required.

WEBEX Cloud Connector

• Cisco Solution

Webex CCA service over customer WAN to WEBEX

CUCM + CUBE deployed at customer and WEBEX Cloud

• How does it work?

A speical configuration is placed on WEBEX Cloud and on customer premise with CUCM + CUBE

Call to WEBEX numers are routed via SIP to Cisco WEBEX Data Center

• How is this a connector

Dial peer connects the on premise CUCM to Cloud based WEBEX using SIP with special configuration to associate WEBEX Calls with customer IP Addressing.

• Benefits

Free audio calls covered by WEBEX subscription

Voice SLA offered by private IP WAN


Cloud Storage Connector (PoC)

End-User Virtual Portal • Users access their own cloud

backups and folders, restore

and share files.

MSP Admin Portal • Manage end-user accounts,

service provisioning and billing

Cisco ISR G2 and UCS® E-Series with Cloud Storage Gateway

MSP Network

Backup Agent for

Roaming Laptop

Branch Office

Agent-Less Solution

Cloud storage is

cached in the branch.

Branch files are backed

up to the cloud.


Build-Your-Own Cloud Connector

ISR Host Router

UCS-E Series

VM

Cloud

Service

VM

VM

Clo

ud

Connecto

r onePK

API

Cloud

Connected

Service


Compact, Multipurpose Blade Housed in ISR G2

Up to 3 SATA, SAS, SSD hard

drives or 2 HDD and a PCIe card

Intel Xeon E5-2400 quad

core or six-core processor

On board hardware RAID 0, 1 and

5 •Configuration Options with Hot-Swap

Capability Two External and Two Internal GE Ports

with TCP/IP Acceleration

Front-panel VGA, 2 USB, and serial

console connectors

8 GB - 48 GB

DRAM Options

Maximum 130 W Power Draw

80% Less Than Server

Wire-Free, Plug-and-Play Modularity,

Low Shipping Weight (7 lb / 3.2 kg)

Remote and

Schedulable Power

Management

iSCSI Initiator

Hardware Offload

Two SD cards: one for the CIMC and

temporary storage of OS and one for a

blank virtual drive

Lights Out

Configuration

& MGMT

Through

CIMC


PfR QoS

WAAS Medianet

AVC IPSLA

UCS-E OnePK

Map services to

appropriate WAN links

Tools tailored to the

needs of collaboration

applications

Revolutionary

application recognition

and reporting tools

Powerful connectivity

between applications

and network devices

Ensure appropriate

service level for cloud

services

Best-in-Class App

Acceleration

Verify the performance

of apps over the WAN

Hosting platform for a

variety of services and

connectors



CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols

Data Plane

Monitoring

QoS

Security

Routing

Discovery

Interfaces

Vast Toolkit

• Familiar

• Many knobs

• Controlled Access

• Special Purpose Tools

Not Vast Enough

• Gaps

• Inconsistencies

• Not programmatic


Consistency Across

Platforms Rich Actions

Modern Programming Languages

Multiple Deployment

Models

Data Plane Interaction

Routing

Discovery

Interfaces

Monitoring

QoS

Security

Data Plane

APP


• Leverage and extend the infrastructure in pace with business needs

• Allow closed rapid in enterprise innovation cycles Innovate

• Quickly develop systems and applications that leverage the deployed base of Cisco switches and routers

Quickly

• Reduce development/deployment times – “write once, deploy anywhere” One Time

• Extend/upgrade/add features without upgrading OS

• Consolidate services / reduce hardware footprint

With Less Churn


IOS IOSd/XE XR NX-OS

Application 1) Write An

App

2) App

Talks To

Devices

3) Devices

Do Stuff


Thrift / Sockets

Application

C

APIs

Java

APIs

Python

APIs

IOS IOSd/XE XR

Network

Abstraction

NX-OS

Network

Abstraction

Network

Abstraction Network

Abstraction

1) Write An

App

2) App

Talks To

Devices

3) Devices

Do Stuff


Base

Element

•Element Capabilities

•Configuration Management

• Interface/Ports Events

•Location Information

Utilities

•Syslog Events and Queries

•AAA Interface

•Netflow Events

•DHCP Events

Discovery

•Network Element Discovery

•Service Discovery

•Topology Discovery

Developer

•Debug Capabilities

•Tracing Interfaces

•Management Extensions

Data Path

•Packet/Flow Classifiers

•Copy/Punt/Inject

•Statistics

Policy

• Interface Policy

• Interface Feature Policy

•Forwarding Policy

•Flow Action Policy

Routing

•Protocol Change Events

•RIB Table Queries

Extensions LISP

•Mapping Server

•Resolver

•Registration

•Discovery/Security

Identity

•Authentication Events

•End point identity

•Device Type

•Identity and location

Diagnostic Analysis

•pathtrace/IAMP Interface

•Custom collectors

•Custom collection profiles

And More!

Integrated Value




Year

Classification

Mechanism

Stateless L4

Port based

No protocol

Classification

Statefull (flow based)

L7 Signatures

MPE – Multi-Packet

Engine

Behavioral

Classification

Statistical

Classification

1990 2000 2010 2020

Telnet, SNMP, SSH

HTTP, NNTP, POP3

RTP, Skype, Bittorrent

P2P, VoIP, Skype, VoIP

Encrypted, Day-Zero


Use QoS or PfR to

control application

network usage to

improve application

performance

ASR1K

ISR G2

Control

High

Med

Low

Advanced reporting

tool aggregates and

reports application

performance

App Visibility &

User Experience Report

Reporting Tool

ISR G2 & ASR collect

application bandwidth

and response time

metrics, and export to

management tool

ASR1K

ISR G2

NFv9

FNF

IOS PA

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

App BW Transaction

Time

…

WebEx 3 Mb 150 ms …

Citrix 10 Mb 500 ms …

DPI engine (NBAR2)

identifies applications

using L7 signatures

ASR1K

ISR G2

Deep Packet

Inspection

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ


My query

is taking

long time!

My email is

slow!

Branch Data Center

How do I

ensure my

SLA is met

Reporting Tool

WAN

NFv9

http://images.google.com/imgres?imgurl=http://www.mobiletown.com/images/index.php1.gif&imgrefurl=http://www.mobiletown.com/whatisit_us.php&h=132&w=137&sz=4&hl=en&start=3&um=1&tbnid=G6PNLs4aF7kOLM:&tbnh=90&tbnw=93&prev=/images?q=microsoft+exchange+logo&um=1&hl=en&sa=X


Cisco Insight

Cisco Prime NAM

Cisco Prime Assurance

Manager (PAM)

•Application visibility report

•Multi-tenant with role-based

access

•Support application visibility

report and response time

•Support ISR G2, ASR, and

WAAS

•Comprehensive Enterprise

Performance Management with

global dashboard & drill-down

•Network infrastructure

monitoring

•Application visibility report,

response time, and medianet

perf-mon

•Configuration through NCS

New

Supported

Platform ASR1K, SCE

ISR G2, ASR1K, WAAS,

Netflow devices

ISR G2, ASR1K, WAAS, NAM,

Netflow devices


Cloud Connected Solution:

http://www.cisco.com/go/cloudconnected

UCS E Series:

http://www.cisco.com/go/ucse

onePK:

http://www.cisco.com/go/onepk

Application Visibility and Control:

http://www.cisco.com/go/avc

Thank you.

Documents

Bringing the Cloud to Remote Offices: Application …...Share Point New Priorities: •WAN/Cloud performance •VDI support •Video quality •Cloud security •Management and visibility