You are on page 1of 46

Conquer the Cloud

Designing A Next Generation Cloud Ready WAN


Presenters Host
Scott Van de Houten, Technical Architect, Cisco Matt Bolick, Senior Technical Engineer, Cisco Jimmy Ray Purser, Techwise TV, Cisco
December 11, 2012, 8 a.m. Pacific Time
2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Experts Provide Best Practices on How to Accelerate Your Organizations Journey to the Cloud FIVE-PART WEBCAST SERIES
On-demand: The Cloud and Your NetworkIs There a Gap? On-demand: Optimizing App Performance from Branch to Cloud On-demand: How to Enforce Pervasive Security On-demand: Extending Virtualization to the Branch December 11: Designing Next-Generation,

Cloud-Ready WAN

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

A framework for building a next-generation WAN that meets your future business requirements The primary elements of the regional WAN design for up to 15000 sites Strategies for enabling high availability, robust security and improved application performance for different cloud models Suggested next steps on getting started with enabling a next-generation WAN

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Designing a Next Generation Cloud Ready WAN


Scott Van de Houten Matt Bolick Jimmy Ray Purser

Technical Architect, Cisco

Technical Engineer, Cisco

TechWiseTV Host, Cisco

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Cloud Challenges
2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Cloud Models
Traditional IT
Independent branches Internet via central site

Private Cloud
Application centralization Lean Branch

Public Cloud
Internet-based apps

Hybrid Cloud
Shared infrastructure

High Capex and OpEx Longer time for app rollout


2012 Cisco and/or its affiliates. All rights reserved.

Poor user experience Application survivability

Security and control risk Unpredictable performance

Lack of visibility and control Unpredictable performance


Cisco Confidential 6

Yesterday
Internet

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Yesterday
Internet Public

Today
Hybrid

Private

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Yesterday
Internet Public

Today
Hybrid

Future

Private

Internet/ WAN

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Virtual Desktops User Experience


Users Cloud Services
Mouse Control
IaaS

Keystroke

Video

Screen

New York Branch Office

1500 Miles

Dallas Data Center

Bandwidth Explosion: ~20 VDI Sessions per T1 Line


2012 Cisco and/or its affiliates. All rights reserved.

WAN Latency: >200ms Need for Optimal VDI Performance

Lack of Visibility, Control, and Prioritization


Cisco Confidential

10

Centralized Internet Access


Users HQ/DC

Sales Rep at NY Branch/Mobile User

Hairpinning Effect:
Backhaul of SaaS/internet traffic to DC

California, USA

Drastic Change in WAN Traffic Pattern:


90% of organizations backhaul Internet traffic*

Brazil

SaaS
2012 Cisco and/or its affiliates. All rights reserved.

COMPROMISED USER EXPERIENCE


Cisco Confidential 11

*Cloud Networking Report, Metzler Associates, 2011

Cloud Intelligent Network


2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors


Medianet

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud
CSR ASA 1000V 1000V

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors


Medianet

VSG

vWAAS

Nexus1000V
vPath VXLAN

Hybrid Virtual Private Cloud

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud
CSR ASA 1000V 1000V

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors


Medianet

VSG

vWAAS

Nexus1000V
vPath VXLAN

Cloud Connectors ScanSafe HCS Webex CCA 3rd Party

Hybrid Virtual Private Cloud

HCS Services

Branch/Campus

AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud Connectors

Public Cloud
Cisco Confidential 15

2012 Cisco and/or its affiliates. All rights reserved.

Simplified Operations, Monitoring, and Troubleshooting Optimized Service Performance Intelligent Application Adaptive Routing Pervasive, Scalable End-to-End Security
ASR 1000

Interconnect

Redundant, Scalable GETVPN Head End

Local Campus ASR 1000 ASR 1000

Data Center ASR 1000 ASR 1000

Redundant, Scalable GETVPN Head End

SP A MPLS OC3 and GE

SP V MPLS

Internet
Cisco Prime
DS3 and FE Serial, Ethernet
ISR G2 ISR G2 ISR G2

ASR 1000

3G and 4G Satellite

Any WAN Transport Standardized Profiles

Ultra-High-End Branch and Campus

ISR G2

Mobile Branch

High-End Standard Branch Branch

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

16

Private Cloud Solutions


2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

ASR 1000, AVC, ASA, WAAS, AppNav

Used only by a single company or organization, the Private Cloud looks a lot like the traditional Enterprise Data Centers were familiar with although they tend to focus on virtualized services. They might be operated by a third party instead of the company using them.
Source: NIST

Private Cloud
CSR 1000V ASA 1000V

Security

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors


Medianet

VSG vWAAS

Nexus1000V vPath VXLAN

Virtual Private Cloud

HCS Services

Public Cloud
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

What are your plans for deploying Private Cloud Services?


A. Currently deployed B. Deploying within

12 months
C. No plans to deploy

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

Deep Packet Inspection


Deep Packet Inspection engine (NBAR2) identifies applications using L7 and custom signatures

Performance Collection and Exporting


ISR G2 and ASR collect application bandwidth and response time metrics, and export to management tool

Reporting and Provisioning Tool


Advanced reporting tool aggregates and reports application performance

Control
Use QoS or PfR to control application network usage to improve application performance

ISR G2/ASR1k/CSR ASR 1000 ISR G2

Application Visibility and User Experience Report


App WebEx Citrix BW 3 Mb 10 Mb Transaction Time 150 ms 500 ms

ASR 1000

ISR G2

CSR

WAAS/ vWAAS

PA/FNF

NFv9

High Med

Reporting Tools
2012 Cisco and/or its affiliates. All rights reserved.

Low

Cisco Confidential

20

Cisco WAAS Offers Automated Interoperability with HDX and ICA

No Change to Clients

No Change to Server

High Performance Virtual Desktops

Transparent Handshake
Virtual Desktops

Branch Office
Cisco ISRG2 with WAAS Cisco WAAS

Data Center

Transparent insertion into encrypted ICA/CGP communication. WAAS applies TCP flow optimization to maximize bandwidth usage and mitigate packet loss.

WAAS applies an inline compression algorithm over the optimized data, maximizing savings WAAS delivers Citrix-aware multi-user ContextAware Data Redundancy that removes redundant data from across all end user connections.

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

WAN Edge Applications Impacted


Core Services: Windows and VDI
DNS and DHCP servers Microsoft active directory Windows print services Windows file services

Mission-Critical Business Applications


Point of sale server Bank teller control point Electronic medical records Inventory management

Client Management Services


Software update service Client monitoring service Backup and recovery Terminal server gateway

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Use Slots on Most Widely Deployed Branch Device


WAN Optimization Wireless LAN/WAN Routing/Switching

All-in-One Device for Branch Services

Application Hosting Unified Communications Security

Highly Secure Platform with Small Attack Surface

Direct UCS E -Series Blade-to-LAN Connectivity

Redundant Power Supply Options

Long Service Life 2x Typical Blade System

One, Two, and Four Blade Slots Options

Two and Three RU Options

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Compact, Multipurpose Blade Housed in ISR G2


Maximum 65 W Power Draw 80 Percent Less than Server Intel Xeon E3 Family Quad-Core Processor

Single Wide
iSCSI Initiator Hardware Offload

8, 12, and 16 GB DRAM Options Remote and Schedulable Power Management One External and Two Internal GE Ports 10/100 Ethernet Management Port KVM Console Connector Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (2.5 lb/1.1 kg)
2012 Cisco and/or its affiliates. All rights reserved.

Configuration and Mgmt Through CIMC

Two SD cards: One for the CIMC and Temporary Storage of OS and One for a Blank Virtual Drive Up to 2 SATA, SAS or SSD Hard Drives USB 2.0 Port for External Device Connectivity On-Board Hardware RAID 0/1 with Hot-Swap Capability
Cisco Confidential 24

Compact, Multipurpose Blade Housed in ISR G2


8 GB48 GB DRAM Options Maximum 130 W Power Draw, 80 Percent Less than Server

Double Wide
Intel Xeon E5-2400 Quad Core or Six-Core Processor

iSCSI Initiator Hardware Offload Remote and Schedulable Power Mgmt

Out-of-Band Configuration and Mgmt Through CIMC

Front-Panel VGA, 2 USB, and Serial Console Connectors Two SD Cards: One for the CIMC and Temporary Storage of OS and One for a Blank Virtual Drive Two External and Two Internal GE Ports with TCP/IP Acceleration
2012 Cisco and/or its affiliates. All rights reserved.

Up to 3 SATA, SAS, SSD Hard Drives or 2 HDD and a PCIe Card On-Board Hardware RAID 0, 1, and 5 Configuration Options with Hot-Swap Capability Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (7 lb / 3.2 kg)
Cisco Confidential 25

Hybrid Cloud Solutions


2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud

Hybrid Clouds exist on the premisis and are maintained by a cloud provider. Resources are allocated to individual companies or organizations providing them the look and feel of a private cloud within a shared cloud environment.
Source: NIST

CSR 1000V

Security

ASA 1000 V vWAAS

VSG

Cloud Intelligent Network

App Visibility/ Control (AVC) Cloud Connectors Medianet


vPath VXLAN

Nexus1000V

Hybrid Virtual Private Cloud

HCS Services

Public Cloud
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

What are your plans for deploying Hybrid Cloud Services (or Virtual Private Cloud, IaaS, PaaS)?
A. Currently deployed B. Deploying within

12 months
C. No plans to deploy

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28

Cisco IOS Software in Virtual Form-Factor


Cisco IOS XE Cloud Edition CSR 1000V
App OS App OS
RP FP

Selected feature set of Cisco IOS XE Virtual Route Processor (RP) Virtual Forwarding Processor (FP)

Virtual Private Cloud/Data Center Gateway


Optimized for single tenant use cases

VPC/vDC

Hypervisor
Virtual Switch

Agnostic to Other Infrastructure Elements


Hypervisor agnostic Virtual switch agnostic Server agnostic

Server

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

29

Improve Application Performance and User Experience


WAAS Appliance
Application acceleration Virtual blades in branch offices Scalable platforms for range of deployments

Virtual WAAS
Application acceleration from Private/Virtual Private Cloud VMWare ESX/ESXi and UCS deployments Agile, elastic, multitenant deployment vCM: common virtualized management for physical/ virtual WAAS

WAAS Express
Integrated ISR G2 On-demand IOS-based Bandwidth optimization Inline IOS features (Security, QoS) Small footprint, Cost-effective, Single CLI
2012 Cisco and/or its affiliates. All rights reserved.

Cisco WAAS

WAAS Service Ready Engine


Integrated ISR G2 Application Acceleration Software on-demand provisioning No fork lift upgrade

Cisco Confidential

30

Public Cloud Solutions


2012 Cisco and/or its affiliates. All rights reserved. 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

ASR 1000, AVC, ASA, WAAS, AppNav

Operated wholly by cloud providers, public clouds offer services to companies, organizations and individuals using a fully virtualized environment hosted in the cloud. Services are delivered in a shared environment even though they might be provisioned or customized for the needs of the individual organization.
Source: NIST

Private Cloud

CSR 1000V

ASA 1000V

Security

VSG vWAAS

Cloud Intelligent Network

App Visibility/ Control (AVC) Cloud Connectors Medianet


vPath

Nexus1000V

VXLAN

Virtual Private Cloud

HCS Services

Public Cloud
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

What are your plans for deploying Public Cloud Services? (e.g., SaaS)
A. Currently deployed B. Deploying within 12

months
C. No plans to deploy
Rapid deployment Rich media experience Easy to scale Data stored locally which can be backed up centrally Store infrastructure cost reduction Energy costs savings
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

Delivering Optimal Experience, Pervasive Security, and Simplified Operations


Management and Policy Users
Collaboration Survivability

Cloud Connectors
Web Security Cloud Storage Third Party

Cloud Services

Cloud-Ready Network Services


Visibility Optimization Security Collaboration App Hosting

Branch
ISR G2

Cloud-Ready Platforms
ASR 1K CSR 1KV

Private/Public/ Hybrid

Branch Office
2012 Cisco and/or its affiliates. All rights reserved.

Campus/Data Center

Cloud
Cisco Confidential 34

Delivering Optimal Experience, Pervasive Security, and Simplified Operations


Management and Policy Users
Collaboration Survivability

Cloud Connectors
Web Security Cloud Storage Third Party

Cloud Services

Cloud-Ready Network Services


Visibility Optimization Security Collaboration App Hosting

Branch
ISR G2

Cloud-Ready Platforms
ASR 1K CSR 1KV

Private/Public/ Hybrid

Branch Office
2012 Cisco and/or its affiliates. All rights reserved.

Campus/Data Center

Cloud
Cisco Confidential 35

IaaS SaaS
App

WAN Connection Branch Office


Users expect the same experience as local apps Higher-Latency, Lower-Bandwidth and Less Reliable than Local Network

OS

Cloud
Apps often designed for LAN performance not WAN constraints

RESULT: Application experience is improved by incorporating cloud intelligence into the branch network.
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

3 6

Protect Internet Edge at Enterprise Branches


Internet

Key Benefits:
Avoid expensive backhaul of internet

HQ

Web Filtering

Web Security

and public cloud traffic through the HQ/ Datacenter


Single policy portal, easy of deployment

Centralized Reporting
ASR 1000

Consistent Policy Control

and management
Enhanced security for all users

Solution:
WAN

Integrate ScanSafe Connector in

ISR G2
Router redirects Internet Web traffic to

ScanSafe cloud
Content analysis, detect/stop malware

Branch Office

Branch Office

Web usage controladministrator can control access to websites

Secure VPN
2012 Cisco and/or its affiliates. All rights reserved.

Integrated Security

Complement the integrated security

Web Security

(ZBF, IPS) on the router


37

Cisco Confidential

Third Party Connector


MSP Admin Portal
Manage end-user accounts, service provisioning and billing

End-User Virtual Portal


Users access their own cloud backups and folders, restore and share files.

MSP Network Cloud storage is cached in the branch. Branch files are backed up to the cloud.

Cisco ISR G2 and UCS E-Series


with Cloud Storage Gateway

Backup Agent for Roaming Laptop Agent-Less Solution

Branch Office
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

Application

1 Write

an App

C APIs

Java APIs

Python APIs

2 App Talks

to Devices
Network Abstraction

Thrift/Sockets

Network Abstraction

Network Abstraction

Network Abstraction

3 Devices
do Stuff

IOS

IOSd/XE

XR

NX-OS

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

39

Process Hosting

Blade Hosting

End-Point Hosting

Cisco Network Operating System

Container OnePK Apps

Cisco Network Operating System

Cisco Network Operating System

BLADE

Container OnePK Apps OnePK Apps

Best For: Powerful RPs Low Latency


2012 Cisco and/or its affiliates. All rights reserved.

Best For: Real Time Data Plane00

Best For: Less Delay Sensitive Multi-Element Apps


Cisco Confidential 40

40

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

41

Private Cloud Data Center

Public Cloud

Hybrid Cloud

HCS Services

DC Consolidation VDI Adoption


Secure and Optimize WAN ISR G2 and ASR 1K FlexVPN/GETVPN AVC WAAS 5.0 / VXI UCS-E Series

SaaS Internet Applications


Secure, Direct Internet Access AVC ScanSafe Connector HCS Connector Webex CCA

VPC IaaS Shared Infrastructure


Enterprise Control in a Shared Virtual Environment Cloud Services Router vWAAS with AppNav vASA, VSG Nexus 1000v, vPath

Application Experience Reduce Bandwidth Cost


2012 Cisco and/or its affiliates. All rights reserved.

Avoid Traffic Backhaul Security and Policy

Reduced Capex Maintain Ops/Control


Cisco Confidential 42

42

Tested and Pre-Integrated Solutions


Smart Business Architecture
Prescriptive,

Next Generation Enterprise WAN


Prescriptive,

Mobile Workforce Architecture


Architecture for

Cisco Virtual Office


Complete

modular designs

modular design a foundation for borderless services

Tested and validated Focused on most

Focused on building

supporting worker mobility options security, access and cost control

turnkey solution deployment

Zero-touch Integrated FW,

Provisioning,

common network deployments


Targeted to

Targeted to large

customers from SMB to small enterprise

enterprise and public sector networks

Seamless connectivity

content filter and VPN CPE


Data protection,

for smart devices


Targeted at customers

of all size

integrated UC and security


Targeted at customers

of all sizes

Provides customers with confidence in deploy ability of solutions Provides partners with replicable deployment models to enhance profitability Makes solution design simpler and reduces the risks of new technologies
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

43

Mark Your Calendars: Registration Opens January


Jan 16, 8am PT:

Cloud Networking Case Study:


Cisco IT best practices for deploying a Cloud Intelligent Network

Brian Christensen Director of Information Systems, Cisco Feb 20, 8am PT:

Connecting Clouds with A Next-Generation WAN:

How to architect your core backbone networks to support data center and cloud Scott Van de Houten Technical Architect, Cisco
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Cisco Cloud Intelligent Network


Cisco.com/go/readyforcloud

Design Zone for Next Generation WAN


Cisco.com/go/ngwan
At-A-Glance Summary http://www.cisco.com/en/US/netsol/ns816/ networking_solution_at_a_glance_list.html Solution Overview http://www.cisco.com/en/US/netsol/ns816/ networking_solution_solution_overview_list.html Whitepaper http://www.cisco.com/en/US/netsol/ns816/ networking_solutions_white_papers_list.html
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

Thank You

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

46

You might also like