Cisco Sona

1© 2005 Cisco Systems, Inc. All rights reserved.

SONA: ENTERPRISE ARCHITECTURE FOR A REAL-TIME WORLD

William Ruh, Senior Director

Cisco Systems

2© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential

Fast Faster Real-Time

PRODUCTION

TRANSACTIONS

INTERACTIONS

Today’s Business Imperative: Real-Time Interactions


The Real-Time Supply Chain

ProductionProduction TransactionsTransactions InteractionsInteractions

Monitoring local operations

Limited visibility, monthly planning cycle

Just-in-time inventory management

Real-time to sense, decide and respond

Web-based collaboration across value chain

Fast Faster Real-Time


Business Need

• Reduce transportation costs, spoilage from changed orders

• Installed GPS-enabled logistics system to link delivery trucks and control center

Impact

• Re-route dynamically based on up-to-the-minute customer needs

• Improved customer satisfaction and increased revenue by 15%

• Projected $100 million reduction in operating expenses

Supply Chain InteractionsCemex Optimized Cement Delivery


Industry Inflection Points Historically Drive New Architectures

NETWORK OFNETWORKS

NETWORK OFNETWORKS

Pervasive, open networks

enable client-server

to extend beyond corporate

boundaries (TCP/IP)

INTERNETINTERNET

SERVICE ORIENTEDSERVICE

ORIENTED

New Network Architecture

The network and

applications work

together as an integrated

system(messages)

INTELLIGENT INFORMATION

NETWORK

INTELLIGENT INFORMATION

NETWORK

Source: Gartner, Cisco

PACKETNETWORKS

PACKETNETWORKS

CLIENT-SERVERCLIENT-SERVER

Demand for networks to

connect multivendor

devices (packets)

Integrated system for terminal to

mainframe connectivity (VTAM)

PROPRIETARYNETWORK

PROPRIETARYNETWORK

MAINFRAMEMAINFRAME

We Are At A NewInflection

Point


Addressing a Market in Transition

Message Traffic

Integration Costs

• Dramatic growth in number of applications in the enterprise (from 50 to 500)

• Transition from monolithic apps to SOA (not 500 apps, but 2,500 “application services”)

Exponential growth in application message traffic

• Growth in number, cost,and complexity of systemsto enable application integration and security

• “Conga line” of appliances, new 1RU, 2RU devices

• Management headache, high operations/ people costs


Network = Most Scalable Platform Since the Microprocessor

Services

Services

EnterpriseEnterprise

CommercialCommercialService

ProvidersService

Providers

HomeHome

VoiceVoice

DataData VideoVideo MobilityMobility


Time

Net

wo

rk I

nte

llig

ence

The Intelligent Movement of Data / Voice / Video Across a System of NetworksThe Intelligent Movement of Data / Voice / Video Across a System of Networks

INTEGRATED TRANSPORT

INTEGRATED SERVICES

Virtualized Resources and Services Virtualized Resources and Services

INTEGRATED APPLICATIONS

Network-Enabled ApplicationsNetwork-Enabled Applications

PHASE 1

PHASE 2

PHASE 3

Cisco’s 3–5 Year Technology Vision:The Intelligent Information Network


Cisco’s Technology StrategyThree Components – No Compromises

Intelligent Information

Network

Intelligent Information

Network

FASTERFASTER LASTINGLASTING

SMARTERSMARTER

Global SystemsApproach

Global SystemsApproach

Resilient designIntegrated security and managementAdaptive system functionality

Programmable ASICsDistributed architectureEndpoint-to-endpoint performance

Future-proof architectureInvestment protectionIntegrated technologies


Faster

Custom silicon as advanced as recognized industry players

# Transistors (Million)

# Transistors (Million)

Feature Size/ # Metal Layers

Feature Size/ # Metal Layers

Chip Size(mm2)

Chip Size(mm2)ChipChip

42

25

37.5

29

50

91

56

97

42

25

37.5

29

50

91

56

97

0.18/6M

0.18/6M

0.18/6M

0.15/7M

0.18/6M

0.18/6M

0.13/7M

0.18/6M

0.18/6M

0.18/6M

0.18/6M

0.15/7M

0.18/6M

0.18/6M

0.13/7M

0.18/6M

217

300

128

210

243

180

334

350

217

300

128

210

243

180

334

350

Pentium4

Itanium

Athlon

Ultra-III

PPE

FFE

Metro

NT3

Pentium4

Itanium

Athlon

Ultra-III

PPE

FFE

Metro

NT3


Networked Resources Come In Fixed Packages

Memory Processing Storage I/O

NetworkedInfrastructureComponent


Duplicated, Isolated, Wasted Resources


Multiple Components

Under-utilized Capacity


Virtualization Allows You to Treat Your Networking Resources as Shared Pools

Memory Processing

Storage I/O



Resources Can Be Brought Together On Demand

Memory Processing

Storage I/O


Virtualization Lets You Overcome Physical Boundaries and Eliminate Waste

Memory Processing

Storage I/O

Virtual Networked InfrastructureVirtual Networked Infrastructure

• Consolidated, policy-based management

• Simpler alignment of IT resources to business requirements

• Consolidated, policy-based management

• Simpler alignment of IT resources to business requirements


Virtual “Backplane” Between All Resources

Virtual “Backplane” Between All Resources

Utility NetworkUtility

Network

Processor Pool

Processor Pool

Networking PoolNetworking Pool

Storage Pool

Storage Pool

INTELLIGENT SAN SWITCHINGINTELLIGENT SAN SWITCHING

ReplicationReplication

NASNAS

Volume Mgmt.Volume Mgmt.

Backup AssistBackup Assist

INTELLIGENT ETHERNET SWITCHINGINTELLIGENT ETHERNET SWITCHING

FWFW

IDSIDS

SSLSSL

VPNVPN

SLBSLB

Blade ServersBlade Servers

DB ServersDB Servers

Web,E-mailServersWeb,E-mailServers

INTELLIGENT SERVER SWITCHINGINTELLIGENT SERVER SWITCHING

Virtualizing the Data Center

ProcessorVirtualization

ProcessorVirtualization

StorageVirtualization

StorageVirtualization

FileVirtualization

FileVirtualization

NetworkVirtualization

NetworkVirtualization

ServiceVirtualization

ServiceVirtualizationVirtualizationVirtualization


APPLICATIONS

PACKETNETWORKING

BusinessApplicationsBusiness

Applications

ApplicationInfrastructureApplication

Infrastructure

APPLICATION-ORIENTED NETWORKAPPLICATION-ORIENTED NETWORK

INTELLIGENT NETWORKING

PacketNetwork

ERP WEB

MFG

FIN

CRM SCM

AON: Network Speaking the Language of Applications


CustomerCustomerOrderOrder

OrderOrderEntryEntry FinanceFinance

NormalNormalApprovalApproval

ExceptionExceptionApprovalApproval

ShipmentShipment BillingBilling

Network operations on application messages:

Log

Route

Transform

Validate

Notify

POLICY-BASED

APPLICATION ORIENTED NETWORKINGApplication messaging read by the network

PURCHASE ORDER

ABC Co$25,000Urgent 2 days

Enabling Real-Time Application MonitoringThrough the Network


Cisco AON Core Capabilities

Business EventVisibility

Application-levelSecurity

Application-levelSecurity

Intelligent MessagingIntelligent Messaging

• Reliable messaging• Content based routing• Transformation• Protocol switching• Message distribution• Message load balance

• Reliable messaging• Content based routing• Transformation• Protocol switching• Message distribution• Message load balance

• Authentication• Authorization• Encryption/Decryption• Data integrity/

non-repudiation• Digital signatures• Centralized PKI mgt.

• Authentication• Authorization• Encryption/Decryption• Data integrity/

non-repudiation• Digital signatures• Centralized PKI mgt.

• Event capture, filtering• Logging for audit• Automatic notification• Policy controlled• Feed to dashboards• Link to Network events

• Event capture, filtering• Logging for audit• Automatic notification• Policy controlled• Feed to dashboards• Link to Network events

• Hardware Acceleration (SSL, Crypto, XML)• Message level Caching and Compression• High Availability, Failover, Load Balancing

• Hardware Acceleration (SSL, Crypto, XML)• Message level Caching and Compression• High Availability, Failover, Load Balancing

Application Optimization Extensibility• ADK (for custom adapters)• SDK (for custom bladelets)• AON Technology Partners

• ADK (for custom adapters)• SDK (for custom bladelets)• AON Technology Partners


Application Security Gateway Use Case:Cisco IT (cisco.com)

• Secure, integrated entry pointfor all Cisco online B2B orders

• Lower cost: one box• Multiple application-level

security functionsLogValidate messagesAuthenticate/AuthorizeManage digital certificates/ keysVerify digital signaturesSSL sessions based onapplication ID

AONAON


CPG Supplier

#1

TATAGG

TATAGG

TATAGG

TATAGG

TATAGG

TATAGG

RFID Tag Read

CPG Supplier

#2

TATAGG

TATAGG

TATAGG

TATAGG

TATAGG

TATAGG

RFID Tag Read

WMS

• Event aggregation

• Message logging

• Content-based routing

• Message copy

Filtering and Aggregating RFID Messages at the Edge for Retail Co., Medical Products Co.

• Digital Signature

• Logging

• Partner Integration

• Application LevelEvent (ALE) Filtering

• Message-level Security

• Reliable Messaging

• Reader Virtualizationand Management

AON inISR

AON inCat6K, 7600


PACKET NETWORK

APPLICATION-ORIENTEDNETWORK

SERVICE PROVIDERS SERVICE CONSUMERS

BusinessProcesses

MobileApps

Portals DashboardsAPPLICATIONS

Operational BenefitsHardware Acceleration,

Pervasive Location, Availability, Manageability

BEA

SAPIBM MS

OracleSun

Shared SOA Infrastructure Services

(Messaging, Logging Transformation, Security,

Protocol Bridging,Reliable Delivery,

Rules-based Routing,Monitoring SLAs, Events)

Policy ControlsFlexible, Real-time,

Distributed Enforcement

Mainframe.NET

JavaPackaged

Apps

AON: Shared SOA Infrastructure Services addressing Deployment Challenges

Pervasive, Universally Shared, Reusable Utilities in the Network


• Logging, Auditing

• Translation/Protocol Switching

• Message Transformation

• WSDL Filtering

• Rules-based,Content-based Routing

• Reliable Delivery

• Monitoring

• Caching

• Load-balancingand Failover

AON as Web Services IntermediaryBrowser-based

Apps (J2EE)Trading

ApplicationsHR

Applications

BusinessProcessEngine

Branch OfficeSOAP-CompliantClient Apps (VB)

External WebServices

Customer Apps

Back OfficeSOAP-Compliant

Client Apps (VB, J2EE)

Web Service Interfaces


AON as XML/ Web Services Security Gateway

2. Service Provider JAVA/ApacheAXIS 1.1 Client

Service Provider SOAP .NET Endpoint

AON Certificate Generation/ Import

2. Decrypt SOAP Request Message data field, Log and

Sign message body

Encrypt SOAP Response

message data field

SOAP/HTTP SOAP/HTTP

1. Validate part of SOAP Request Message against

its XSD schema

1. Service Provider SOAP Client

• Schema Validation

XSD schema validation (partial document) on incoming SOAP request message identified by XPath expression

Forward valid SOAP request message to endpoint, discard invalid messages

• Encryption/ Decryption

WSS standard field-level encryption/ decryption

Interoperates with SOAP/ Apache AXIS 1.1 client implementation of WSS

• Digital Signatures of SOAP request message body

• Logging of meta-data about the SOAP request message

3. Encrypt SOAP Response Message

data field


BusinessBusinessApplicationsApplications

Collaboration Collaboration ApplicationsApplications

PLMPLM

HCMHCM ProcurementProcurement SCMSCM

ERPERPCRMCRM Instant Instant MessagingMessaging

IPCCIPCC IP PhoneIP Phone Video Video DeliveryDelivery

MeetingMeetingPlacePlace

UnifiedUnifiedMessagingMessaging

ServerServer StorageStorage ClientsClients

Application ServicesApplication ServicesApplication ServicesApplication Services

Infrastructure ServicesInfrastructure ServicesInfrastructure ServicesInfrastructure Services

DevicesDevices

ApplicationLayer

InteractiveServices Layer

NetworkedInfrastructureLayer

Places In the NetworkPlaces In the NetworkPlaces In the NetworkPlaces In the NetworkCampusCampus BranchBranch Data Centre

Data Centre

Enterprise Edge

Enterprise Edge

WAN/MAN

WAN/MAN

Tele-worker

Tele-worker

SecuritySecuritySecuritySecurity

MobilityMobilityMobilityMobilityStorageStorageStorageStorage Voice & CollaborationVoice & Collaboration Voice & CollaborationVoice & Collaboration

ComputeComputeComputeCompute IdentityIdentityIdentityIdentity

Middleware and Application PlatformsMiddleware and Application Platforms

Cisco Offerings

Implementing IIN….EnterpriseCisco Service-Oriented Network Architecture

Cisco Systems, Inc.

yellow - embrace arrows


SECURITYSERVICESSECURITYSERVICES

• App security• VPN / SSL• Virtual firewalls• Anti-X• DDoS• NAC• HTTP inspection

• App security• VPN / SSL• Virtual firewalls• Anti-X• DDoS• NAC• HTTP inspection

MOBILITY SERVICESMOBILITY SERVICES

• Indoor• Outdoor• Metro area• Location

based roaming

• Voice

• Indoor• Outdoor• Metro area• Location

based roaming

• Voice

STORAGESERVICESSTORAGESERVICES

• VSAN & IVR• Data replication• Remote backup• Tape acceleration• Point in time copy

continuous data protection

• VSAN & IVR• Data replication• Remote backup• Tape acceleration• Point in time copy

continuous data protection

IDENTITY SERVICESIDENTITY SERVICES

• 802.1X• RADIUS• ACLs

• 802.1X• RADIUS• ACLs

COMPUTESERVICESCOMPUTESERVICES

• RDMA• Server

virtualization• I/O

virtualization

• RDMA• Server

virtualization• I/O

virtualization

VOICESERVICES

VOICESERVICES

• IPT• E911• Presence

Services

• IPT• E911• Presence

Services

Interactive Services LayerCustomer Value and Cisco Differentiation

INT

ER

AC

TIV

ES

ER

VIC

ES

L

AY

ER

INT

ER

AC

TIV

ES

ER

VIC

ES

L

AY

ER

INFRASTRUCTURE SERVICES

INFRASTRUCTURE SERVICES

Identity ServicesIdentity ServicesIdentity ServicesIdentity Services

Compute ServicesCompute ServicesCompute ServicesCompute Services

Voice &Voice &Collaboration ServicesCollaboration Services

Voice &Voice &Collaboration ServicesCollaboration Services

Storage ServicesStorage ServicesStorage ServicesStorage Services

Mobility ServicesMobility ServicesMobility ServicesMobility ServicesSecurity ServicesSecurity Services

Security ServicesSecurity Services

Ad

ap

tive

Mn

gm

nt

Ad

ap

tive

Mn

gm

nt

Se

rvic

es

Se

rvic

es

Ad

ap

tive

Mn

gm

nt

Ad

ap

tive

Mn

gm

nt

Se

rvic

es

Se

rvic

es

APPLICATION SERVICESAPPLICATION SERVICESAPPLICATION SERVICESAPPLICATION SERVICES

Application Delivery & OptimizationApplication Delivery & Optimization Application-Oriented NetworkingApplication-Oriented Networking• Intelligent message routing (translation,

transformation, reliable delivery) , SOA support• Application-to-application security• Application message/ business event visibility

and responsiveness

• Intelligent message routing (translation, transformation, reliable delivery) , SOA support

• Application-to-application security• Application message/ business event visibility

and responsiveness

• Application Velocity System• Wide Area Application Services• Content Services Switch/ Content Services Module• Application Control Engine

• Application Velocity System• Wide Area Application Services• Content Services Switch/ Content Services Module• Application Control Engine


The Challenge…

Main office

Branch office

mySAP Business

Suite


Cisco and SAP Join Forces

ERP WEB

MFG

FIN

CRM SCM

Intelligent Packet Network

ApplicationOrientedNetwork

EnterpriseServicesArchitecture

Business Processes Accessible Through Enterprise Services

AONAONESAESA

SSL


Remote Management of Subsidiaries/Branches

mySAP

AON Management Console

AON

Start-up/Shut down

Checking status

Master data update

Intercompany process

NetworkAON

Subsidiary: NairobiHeadquarters


Remote Management of Subsidiaries/Branches

Subsidiary: NairobiHeadquarters

mySAP Cluster

AON Management

Console

AON

NetworkAON

Send Invoice

Application programs and messaging

The IBM MQSeries range of products provides application

programming services that enable application programs to

Application programs and messaging

The IBM MQSeries range of products provides application

programming services that enable application programs to

Application programsThe IBM MQSeriesprogramming services that

Application programs andThe IBM MQSeriesrange of products provide programcation programs to

Application programsThe IBM MQSeriesprogramming services that

Application programs andThe IBM MQSeriesrange of products provide programcation programs to

Transformation, Protocol translation, digital signing, encryption

Decrypt, & AuthenticateContent Based Route to Fastest Server

Process Order


Cisco SONA Accelerates the Network's Role in Transforming Business Processes

On Demand, Adaptive Enterprise, etc.

Disruptive Technologies (e.g. RFID, Infiniband)

Virtualization, GRID Computing

SOA

BusinessApplications

Ap

pli

cati

on

La

yer

Collaboration Applications

Netw

ork

ed

In

fra

str

uc

ture

L

ayer Server Storage Clients Network

Inte

racti

ve

Serv

ices

La

ye

r

Application Services

Infrastructure Services

Ad

ap

tive

M

an

ag

em

en

t S

erv

ices

BusinessApplications

Ap

pli

cati

on

La

yer

Collaboration Applications

Netw

ork

ed

In

fra

str

uc

ture

L

ayer Server Storage Clients Network

Inte

racti

ve

Serv

ices

La

ye

r

Application Services

Infrastructure Services

Ad

ap

tive

M

an

ag

em

en

t S

erv

ices

SONA


Key Takeaways

• The network is the only common, single element that connects and enables all components of the IT infrastructure

Only Cisco offers a comprehensive network infrastructure and intelligent networking services

• Cisco SONA enables businesses to benefit from the “network multiplier” effectOptimizing business processes and applications

• Cisco lifecycle services, proven enterprise architectures and experience across industries can help you meet your business imperatives in real-time

Convergence and Integration Virtualization Automation


Documents

Cisco Sona