© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Conquer the Cloud Designing A Next Generation Cloud Ready WAN
Presenters Scott Van de Houten, Technical Architect, Cisco Matt Bolick, Senior Technical Engineer, Cisco
Host Jimmy Ray Purser, Techwise TV, Cisco December 11, 2012, 8 a.m. Pacific Time
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
FIVE-PART WEBCAST SERIES • On-demand: The Cloud and Your Network—Is There a Gap?
• On-demand: Optimizing App Performance from Branch to Cloud
• On-demand: How to Enforce Pervasive Security
• On-demand: Extending Virtualization to the Branch
• December 11: Designing Next-Generation, Cloud-Ready WAN
Experts Provide Best Practices on How to Accelerate Your Organization’s Journey to the Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
A framework for building a next-generation WAN that meets your future business requirements
The primary elements of the regional WAN design for up to 15‚000 sites
Strategies for enabling high availability, robust security‚ and improved application performance for different cloud models
Suggested next steps on getting started with enabling a next-generation WAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Designing a Next Generation Cloud Ready WAN
Technical Engineer, Cisco
Matt Bolick Scott Van de Houten
Technical Architect, Cisco
TechWiseTV Host, Cisco
Jimmy Ray Purser
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Cloud Challenges
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Cloud Models
Traditional IT Private Cloud Public Cloud Hybrid Cloud
• Independent branches
• Internet via central site
• High Capex and OpEx
• Longer time for app rollout
• Application centralization
• Lean Branch
• Poor user experience • Application survivability
• Security and control risk
• Unpredictable performance
• Internet-based apps • Shared infrastructure
• Lack of visibility and control
• Unpredictable performance
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Yesterday
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Today Yesterday
Internet Public Hybrid
Private
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Future Today Yesterday
Internet Public Hybrid
Private Internet/
WAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
New York Branch Office
Virtual Desktops User Experience
Keystroke
Bandwidth Explosion: ~20 VDI Sessions
per T1 Line
WAN Latency: >200ms Need for Optimal
VDI Performance
Lack of Visibility, Control, and Prioritization
Dallas Data Center
IaaS
1500 Miles
Mouse Control Video Screen
Cloud Services
Users
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Centralized Internet Access
Brazil
HQ/DC
Hairpinning Effect: Backhaul of SaaS/internet traffic to DC
Drastic Change in WAN Traffic Pattern: 90% of organizations backhaul Internet traffic*
COMPROMISED USER EXPERIENCE *Cloud Networking Report, Metzler Associates, 2011
California, USA
Users
Sales Rep at NY Branch/Mobile User
SaaS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cloud Intelligent Network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Cisco ISR G2 ASR 1000
AVC, WAAS UCS-E
Cisco Prime Infrastructure
Branch/Campus
Private Cloud
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
ASR 1000, AVC, ASA,
WAAS, AppNav
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
ASA 1000V
Nexus1000V
vWAAS VSG
VXLAN
CSR 1000V
vPath
Cisco ISR G2 ASR 1000
AVC, WAAS UCS-E
Cisco Prime Infrastructure
Branch/Campus
Private Cloud
Hybrid Virtual Private Cloud
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
ASR 1000, AVC, ASA,
WAAS, AppNav
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
ASA 1000V
Nexus1000V
vWAAS VSG
VXLAN
CSR 1000V
vPath
Cisco ISR G2 ASR 1000
AVC, WAAS UCS-E
Cisco Prime Infrastructure
AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud Connectors
Branch/Campus
Branch/Campus
Cloud Connectors ScanSafe
HCS Webex CCA
3rd Party
Private Cloud
Hybrid Virtual Private Cloud
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
ASR 1000, AVC, ASA,
WAAS, AppNav
Public Cloud
HCS Services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Redundant, Scalable GETVPN
Head End
Standardized Profiles
Any WAN Transport
Pervasive, Scalable End-to-End Security
Intelligent Application Adaptive Routing
Optimized Service Performance
Simplified Operations, Monitoring, and Troubleshooting
SP A MPLS
SP V MPLS
Redundant, Scalable GETVPN Head End
Standard Branch
High-End Branch
Mobile Branch
Serial, Ethernet
DS3 and FE 3G and 4G Satellite
Ultra-High-End Branch and
Campus
OC3 and GE
Local Campus Data Center
Interconnect
Cisco Prime™
ASR 1000 ASR 1000 ASR 1000 ASR 1000
ASR 1000 ASR 1000 ISR G2
ISR G2 ISR G2
ISR G2
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Private Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
ASA 1000V
Nexus1000V
vWAAS VSG
VXLAN
CSR 1000V
vPath
Virtual Private Cloud
Public Cloud
HCS Services
Used only by a single company or organization, the Private Cloud looks a lot like the traditional Enterprise Data Centers we’re familiar with although they tend to focus on virtualized services. They might be operated by a third party instead of the company using them. Source: NIST
Private Cloud
ASR 1000, AVC, ASA,
WAAS, AppNav
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
What are your plans for deploying Private Cloud Services?
A. Currently deployed B. Deploying within
12 months
C. No plans to deploy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Deep Packet Inspection
Deep Packet Inspection engine (NBAR2) identifies applications using L7 and custom signatures
ISR G2/ASR1k/CSR
Performance Collection and Exporting
ISR G2 and ASR collect application bandwidth and response time metrics, and export to management tool
NFv9 PA/FNF
Reporting Tools
ASR 1000
CSR
ISR G2
Reporting and Provisioning Tool
Advanced reporting tool aggregates and reports application performance
Application Visibility and User Experience Report
App BW Transaction Time …
WebEx 3 Mb 150 ms …Citrix 10 Mb 500 ms …
Control
Use QoS or PfR to control application network usage to improve application performance
High
Med
Low
ASR 1000 ISR G2
WAAS/ vWAAS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
No Change to Server
Cisco WAAS Offers Automated Interoperability with HDX and ICA
Cisco ISRG2 with WAAS
Virtual Desktops
No Change to Clients
Branch Office
High Performance Virtual Desktops
Data Center
Cisco WAAS
Transparent insertion into encrypted ICA/CGP communication.
WAAS applies TCP flow optimization to maximize bandwidth usage and mitigate packet loss.
WAAS delivers Citrix-aware multi-user Context-Aware Data Redundancy that removes redundant
data from across all end user connections.
WAAS applies an inline compression algorithm over the optimized data, maximizing savings
Transparent Handshake
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
WAN Edge Applications Impacted
• DNS and DHCP servers
• Microsoft active directory
• Windows print services
• Windows file services
• Point of sale server
• Bank teller control point
• Electronic medical records
• Inventory management
• Software update service
• Client monitoring service
• Backup and recovery
• Terminal server gateway
Core Services: Windows and VDI
Mission-Critical Business Applications
Client Management Services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Use Slots on Most Widely Deployed Branch Device
Direct UCS E -Series Blade-to-LAN Connectivity
Redundant Power Supply Options
Long Service Life 2x Typical Blade System
Highly Secure Platform with Small
Attack Surface
Two and Three RU Options
One, Two, and Four Blade
Slots Options
All-in-One Device for Branch Services
Unified Communications
Application Hosting
Security
Wireless LAN/WAN
Routing/Switching
WAN Optimization
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Single Wide Compact, Multipurpose Blade Housed in ISR G2
Up to 2 SATA, SAS or SSD Hard Drives
Configuration and Mgmt Through CIMC
Intel Xeon E3 Family Quad-Core Processor
On-Board Hardware RAID 0/1 with Hot-Swap Capability
One External and Two Internal GE Ports
USB 2.0 Port for External Device Connectivity
8, 12, and 16 GB DRAM Options
Maximum 65 W Power Draw 80 Percent Less than Server
Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (2.5 lb/1.1 kg)
Remote and Schedulable Power
Management
iSCSI Initiator Hardware Offload
KVM Console Connector
10/100 Ethernet Management Port
Two SD cards: One for the CIMC and Temporary Storage of OS and One for a Blank Virtual Drive
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Double Wide Compact, Multipurpose Blade Housed in ISR G2
Up to 3 SATA, SAS, SSD Hard Drives or 2 HDD and a PCIe Card
Intel Xeon E5-2400 Quad Core or Six-Core Processor
On-Board Hardware RAID 0, 1, and 5 �Configuration Options with Hot-Swap Capability
Two External and Two Internal GE Ports with TCP/IP
Acceleration
Front-Panel VGA, 2 USB, and Serial Console
Connectors
8 GB–48 GB DRAM Options
Maximum 130 W Power Draw, 80 Percent Less than Server
Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (7 lb / 3.2 kg)
Remote and Schedulable Power Mgmt
iSCSI Initiator Hardware Offload
Two SD Cards: One for the CIMC and Temporary
Storage of OS and One for a Blank Virtual Drive
Out-of-Band Configuration and Mgmt Through CIMC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Hybrid Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
ASA 1000
V
Nexus1000V
vWAAS VSG
VXLAN
CSR 1000V
vPath
Hybrid Virtual Private Cloud
Public Cloud
HCS Services
Hybrid Clouds exist on the premisis and are maintained by a cloud provider. Resources are allocated to individual companies or organizations providing them the look and feel of a private cloud within a shared cloud environment. Source: NIST
Private Cloud
ASR 1000, AVC, ASA,
WAAS, AppNav
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
A. Currently deployed B. Deploying within
12 months
C. No plans to deploy
What are your plans for deploying Hybrid Cloud Services (or Virtual Private Cloud, IaaS, PaaS)?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Cisco IOS Software in Virtual Form-Factor
Virtual Switch
CSR 1000V
VPC/vDC
OS
App
OS
App
Hypervisor
Server
RP FP
Cisco IOS XE Cloud Edition • Selected feature set of Cisco IOS XE • Virtual Route Processor (RP) • Virtual Forwarding Processor (FP)
Virtual Private Cloud/Data Center Gateway • Optimized for single tenant use cases
Agnostic to Other Infrastructure Elements • Hypervisor agnostic • Virtual switch agnostic • Server agnostic
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Cisco WAAS
Improve Application Performance and User Experience
WAAS Express Integrated ISR G2
On-demand IOS-based
Bandwidth optimization
Inline IOS features (Security, QoS)
Small footprint, Cost-effective, Single CLI
WAAS Appliance Application acceleration
Virtual blades in branch offices
Scalable platforms for range of deployments
Virtual WAAS Application acceleration from
Private/Virtual Private Cloud
VMWare ESX/ESXi and UCS deployments
Agile, elastic, multi- tenant deployment
vCM: common virtualized management for physical/
virtual WAAS
WAAS Service Ready Engine
Integrated ISR G2
Application Acceleration
Software on-demand provisioning
No fork lift upgrade
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Public Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
ASA 1000V
Nexus1000V
vWAAS VSG
VXLAN
CSR 1000V
vPath
Virtual Private Cloud
Operated wholly by cloud providers, public clouds offer services to companies, organizations and individuals using a fully virtualized environment hosted in the cloud. Services are delivered in a shared environment even though they might be provisioned or customized for the needs of the individual organization. Source: NIST
Private Cloud
ASR 1000, AVC, ASA,
WAAS, AppNav
Public Cloud
HCS Services
Cloud Intelligent Network
Security
App Visibility/ Control (AVC)
Cloud Connectors
Medianet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
• Rapid deployment • Rich media experience • Easy to scale • Data stored locally which can be backed up
centrally • Store infrastructure cost reduction • Energy costs savings
A. Currently deployed B. Deploying within 12
months
C. No plans to deploy
What are your plans for deploying Public Cloud Services? (e.g., SaaS)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Management and Policy
Delivering Optimal Experience, Pervasive Security, and Simplified Operations
Cloud Connectors
Cloud-Ready Network Services
Cloud-Ready Platforms
Collaboration Survivability
Web Security
Cloud Storage
Third Party
Visibility Optimization Security Collaboration App Hosting
ISR G2 ASR 1K CSR 1KV
Branch
Branch Office
Campus/Data Center Cloud
Private/Public/ Hybrid
Users Cloud Services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Management and Policy
Delivering Optimal Experience, Pervasive Security, and Simplified Operations
Cloud Connectors
Cloud-Ready Network Services
Cloud-Ready Platforms
Collaboration Survivability
Web Security
Cloud Storage
Third Party
Visibility Optimization Security Collaboration App Hosting
ISR G2 ASR 1K CSR 1KV
Branch
Branch Office
Campus/Data Center Cloud
Private/Public/ Hybrid
Users Cloud Services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
36
Branch Office
WAN Connection
Users expect the same experience as
local apps
Higher-Latency, Lower-Bandwidth and
Less Reliable than Local Network
Apps often designed for LAN performance not WAN constraints
RESULT: Application experience is improved by incorporating cloud intelligence into the branch network.
Cloud
App
OS
IaaS SaaS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Key Benefits: • Avoid expensive backhaul of internet
and public cloud traffic through the HQ/Datacenter
• Single policy portal, easy of deployment and management
• Enhanced security for all users
Solution: • Integrate ScanSafe Connector in
ISR G2 • Router redirects Internet Web traffic to
ScanSafe cloud Content analysis, detect/stop malware
Web usage control—administrator can control access to websites
• Complement the integrated security (ZBF, IPS) on the router
Protect Internet Edge at Enterprise Branches
HQ
Branch Office
WAN
Branch Office
Centralized Reporting
Consistent Policy Control
Web Security
Web Filtering
Internet
ASR 1000
Secure VPN Integrated Security Web Security
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Third Party Connector
End-User Virtual Portal Users access their own cloud backups
and folders, restore and share files.
MSP Admin Portal Manage end-user accounts,
service provisioning and billing
Cisco ISR G2 and UCS® E-Series with Cloud Storage Gateway
MSP Network
Backup Agent for Roaming Laptop
Branch Office Agent-Less Solution
Cloud storage is cached in the branch. Branch files are backed up to the cloud.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Thrift/Sockets
Application
C APIs
Java APIs
Python APIs
Network Abstraction
IOS
Network Abstraction
IOSd/XE
Network Abstraction
XR
Network Abstraction
NX-OS
App Talks to Devices
2
Write an App
1
Devices do Stuff
3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Blade Hosting Process Hosting End-Point Hosting
40
Best For: • Real Time • Data Plane00
Best For: • Powerful RPs • Low Latency
Best For: • Less Delay Sensitive • Multi-Element Apps
Container
OnePK Apps
Cisco Network
Operating System
Cisco Network
Operating System
Container OnePK Apps B
LAD
E
Cisco Network
Operating System
OnePK Apps
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Public Cloud Private Cloud Data Center Hybrid Cloud
42
HCS Services
VPC IaaS Shared
Infrastructure
SaaS Internet
Applications
DC Consolidation VDI Adoption
Application Experience Reduce Bandwidth Cost
Avoid Traffic Backhaul Security and Policy
Reduced Capex Maintain Ops/Control
Secure and Optimize WAN • ISR G2 and ASR 1K • FlexVPN/GETVPN • AVC • WAAS 5.0 / VXI • UCS-E Series
Secure, Direct Internet Access • AVC • ScanSafe Connector • HCS Connector • Webex CCA
Enterprise Control in a Shared Virtual Environment
• Cloud Services Router • vWAAS with AppNav • vASA, VSG • Nexus 1000v, vPath
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Tested and Pre-Integrated Solutions
43
Next Generation Enterprise WAN
Mobile Workforce Architecture Cisco Virtual Office Smart Business
Architecture
• Prescriptive, modular designs
• Tested and validated
• Focused on most common network deployments
• Targeted to customers from SMB to small enterprise
• Prescriptive, modular design
• Focused on building a foundation for borderless services
• Targeted to large enterprise and public sector networks
• Architecture for supporting worker mobility options
• Provisioning, security, access and cost control
• Seamless connectivity for smart devices
• Targeted at customers of all size
• Complete turnkey solution
• Zero-touch deployment
• Integrated FW, content filter and VPN CPE
• Data protection, integrated UC and security
• Targeted at customers of all sizes
Provides customers with confidence in deploy ability of solutions Provides partners with replicable deployment models to enhance profitability
Makes solution design simpler and reduces the risks of new technologies
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Mark Your Calendars: Registration Opens January Jan 16, 8am PT: Cloud Networking Case Study: Cisco IT best practices for deploying a Cloud Intelligent Network Brian Christensen Director of Information Systems, Cisco
Feb 20, 8am PT: Connecting Clouds with A Next-Generation WAN: How to architect your core backbone networks to support data center and cloud
Scott Van de Houten Technical Architect, Cisco
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Cisco Cloud Intelligent Network Cisco.com/go/readyforcloud
Design Zone for Next Generation WAN Cisco.com/go/ngwan At-A-Glance Summary http://www.cisco.com/en/US/netsol/ns816/networking_solution_at_a_glance_list.html Solution Overview http://www.cisco.com/en/US/netsol/ns816/networking_solution_solution_overview_list.html Whitepaper http://www.cisco.com/en/US/netsol/ns816/networking_solutions_white_papers_list.html
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Thank You
Top Related