Foundation Design Overview

Revision: H1CY11

The Purpose of This Guide

This document provides an overview of the Cisco Smart Business Architecture, including the benefits it will provide your organization, the principles that guided the design, and the architectural components that make up the design. Wireless guest access Solutions for wired and wireless voice access A migration path for growth Ways to reduce cost by optimizing WAN bandwidth The assurance of a tested solution Before reading this guide Foundation Deployment Guide

Who Should Read This Guide

This guide is appropriate for organizations that meet any of the following criteria. Does your organization have: Up to 2500 connected employees? Up to 75 remote sites with approximately 25 employees each? External-facing applications that are hosted offsite? A server room containing network services and applications? IT workers with a CCNA certification or equivalent experience? The reader may be looking for any of the following: A solution for teleworker and mobile worker Security for corporate resources Wired and wireless network access for employees

Foundation Configuration Files Guide

Design Guides

Deployment Guides

Supplemental Guides

You are Here

Foundation Design Overview

Foundation

Design Guides

Deployment Guides

Supplemental Guides
Configuration Files

Design Overview

Data Center

The Purpose of This Guide

Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Business Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Business Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Architecture Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Network Foundation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Network Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 User Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Network Foundation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 The Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Wide-Area Network (WAN) and Remote Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Internet Edge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Application Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Guest Wireless Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 User Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 Business Application Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Unified Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Web Meeting WebEx. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Design Guide Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Appendix A: SBA for Midsize Organizations Document System . . . . . . . . . .16

ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO. Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Unified Communications SRND (Based on Cisco Unified Communications Manager 7.x) 2010 Cisco Systems, Inc. All rights reserved.

Table of Contents

Introduction
The Cisco Smart Business Architecture (SBA) Borderless Networks for Midsize Organizations is a comprehensive design for an organization with up to 1000 connected users, including an organization that may grow up to 2500 users. The architecture incorporates LAN, WAN, wireless, security, application optimization, server load-balancing, and unified communications technologies tested together as complete solutions. The solution-level approach simplifies the system integration normally associated with multiple technologies, allowing you to select the parts that solve your organizations problems rather than worrying about the technical details. The Cisco SBA is designed according to the following principals: Flexibility and scalabilityAs a company grows, so too must its infrastructure. Products selected need to have the ability to grow or be repurposed within the architecture. ReuseThe goal, when possible, is to reuse the same products throughout the various modules to minimize the number of products required for spares. Ease of useA top requirement is to develop a design that can be deployed with a minimal amount of configuration and day-two management. Cost-effectiveAnother critical requirement in the selection of products is to meet the budget guidelines for a midsize organization.

Introduction

Business Overview
There are many ways your organization can benefit by deploying the Cisco SBA Borderless Networks for Midsize Organizations.

Architecture Rationale
The user experience with any application depends on a variety of factors for it to be considered a good one. Consider the simple web browser; we open a URL and the page is presented to us in seconds. This is achieved by three specific layers that all need to function together to provide the web content to the user with a positive experience. There needs to be a network that provides the foundation, then there are network services that operate in the background improving and enabling the experience without direct user awareness, and finally, there are the user services that are the applications that a user interacts directly with. A further illustration of the importance of all layers can be made with the phone system. Imagine making a phone call with no ringing or busy tones, or having to figure out how to actually make the connection between all the various switching points between you and the person you wanted to call. We take all this for granted. We pick up the phone and we hear dial tone to confirm the network is ready, we dial the number and the network automatically routes the call and provides feedback on the progress. If congestion is encountered, the network either provides another route or provides feedback that the call is not possible at this time. The network is critical to the operation of organizations where workforce productivity is based on the expectation of nonstop access to communications, applications, and data resources. Using a layered approach to building your network with a tested, interoperable design allows you to reduce risks and operational issues while increasing deployment speed.

Business Benefits
A standardized design, tested and supported by Cisco reduces costs and confusion Optimized architecture for midsize organizations with up to 2500 users and up to 75 remote sites Flexible architecture to help ensure easy migration as the organization grows Seamless support for quick deployment of wired and wireless network access for data, voice, teleworker, and wireless guest Security and high availability for corporate information resources, servers, and Internet-facing applications Improved WAN performance and cost reduction through the use of application optimization Simplified deployed and operated by IT workers with a CCNA certification or equivalent experience Cisco enterprise-class reliability in products designed for midsize organizations

Business Overview

Architectural Overview
As a process, architecture is the activity of designing and constructing buildings and other physical structures primarily to provide shelter. A wider definition often includes the design of the total built environment, from the macro level of how a building integrates with its surrounding landscape to the micro level of architectural or construction details and, sometimes, furniture. Wider still, architecture is the activity of designing any kind of system. As such, the Cisco SBA Borderless Networks for Midsize Organizations is a system that was created using a structured process to help ensure the stability of valuable business processes and assets. The Cisco SBA Borderless Networks for Midsize Organizations can be broken down into three primary modular, yet interdependent, components for the midsize organization. They are the network foundation, network services, and user services, with the interdependency being hierarchical in nature. Figure 1. The Smart Business Architecture Components

Network Foundation
Key to the midsize Cisco SBA is the network foundation. Similar to the foundation of a building, the network foundation provides a platform from which everything else relies on. As a standalone module, the network foundation helps ensure information can be sent reliably from one location and received at another. How this is accomplished is completely abstracted from the average user, all they know is that when they click the mouse, a video starts, an email is sent, or an order is processed. It just works. Ciscos intelligent infrastructure devices, such as switches, routers, and wireless devices, are what make this all possible in the background.

Network Service
Sitting on top of the network foundation are network services. Using a similar analogy, network services are like the doors, windows, and locks of the building. A building without these components is just a box. Adding these services turns the box into a building, a workable structure, providing reliability, security, and availability of the organizations assets. Some users are aware of the value that network services provide, but do not directly interact with those services. An example of this would be VPN remote access. The user needs to start the VPN or SSL VPN client to access business resources, but they do not know or care exactly how those services operate. A few of Ciscos intelligent network services include virtualization, firewalls and other security devices, application optimization, and guest access.

User Services

Voice, Video, Web Meetings

Network Services

Security, WAN Optimization, Guest Access Routing, Switching, Wireless, and Internet

User Services
Network Foundation

And finally, sitting on top of the network services are user services. User services are like the utilities of the building: water, electricity, phone services, and TV (cable, satellite) services. A user typically needs direct access to these services. In the morning, the lights are turned on, phones are ringing, and water is available for morning beverages. Some general user services include electronic business application software, CRM systems, email, and instant messaging. User services specific to Cisco include Cisco Unified Communications and Collaboration, voice, and video systems.

Architectural Overview

Network Foundation
Most users perceive the network as just a transport utility mechanism to shift data from one point to another as fast as possible; many sum this up as speeds and feeds. In reality, the network affects all traffic flows and must be aware of end-user requirements and services offered. Even with unlimited bandwidth, there are time-sensitive applications that are affected by jitter, delay, and packet loss. As the transport for all our session information, the design and operation of this layer is crucial to all services, and its role is vital to the success of any service placed upon it. The network foundation provides an efficient fault-tolerant transport that differentiates between applications to help ensure each has a fair share of the resource, yet still maintains a desired service level. Within the architecture, there are wired and wireless connectivity options providing advanced prioritization and queuing mechanisms as part of the integrated quality of service (QoS) to help ensure optimal use of the resource.

Figure 2. Resilient LAN Design

The Local Area Network

The core LAN at the headquarters site is the communications hub of the network. It aggregates client access to headquarters and provides the backbone connectivity for the WAN, server room, and Internet edge, making it a critical component in the network. The LAN needs to be highly available to support mission-critical applications and real-time media. In the past, high availability meant paying for links that were redundant and sat unused. With the midsize Cisco SBA, all network connections are active carrying real traffic. Benefits Resilient core for very fast failure recovery for real-time media traffic Reduced configuration complexity with easier troubleshooting Full use of all networks links with no links sitting idle in a redundant configuration

In many designs, high availability adds complexity, making network troubleshooting more difficult, lowering the ease of use of the network and forcing a tradeoff of between high availability (HA) and ease of use in the design. The switch from a traditional dual-core design to the Cisco SBA Borderless Networks for Midsize Organizations LAN design reduces complexity with no loss of availability with the introduction of the resilient core. The resilient core reduces the core configuration by 80 percent or more and makes the network easier to troubleshoot while still providing very fast recovery in the event of a failure. In a traditional dual-core design, the same VLAN is used across multiple access switches and spanning tree protocol (STP) runs to prevent Layer 2 loops in the network. STP has two major drawbacks it is slow to recover from a failure, taking several seconds or more (much too long if the traffic on the network is real-time media like voice or video), and it has to block redundant links in the network, cutting the available bandwidth in half. In a dual-core network, it is possible to work around these issues by aggressive STP tuning and configuring unique VLANs for each access switch. In multiservice networks, users access four or five VLANs in the course of a normal workday and the number of VLANs and subnets that need to be configured in a dual-core design to accommodate the STP deficiencies can get very large. The resilient core design removes these issues because it does not rely on STP for failure recovery, so a single VLAN can be used across multiple access switches. The next-generation LAN design does not require additional tuning for fast recovery.

Network Foundation

Figure 3. Traditional looped design with blocking links

The new Cisco SBA Borderless Networks for Midsize Organizations LAN design improves the speed and availability, reduces complexity, and makes the network easier to troubleshoot and manage. This means less downtime and fewer network administrators are required to operate the network for midsize organizations.

Wide-Area Network (WAN) and Remote Site

Organizations require an uninterrupted flow of information in and out of the corporate network. The midsize Cisco SBA delivers a robust WAN design with the same technology used to help ensure some of the largest networks stay operational in an architecture designed for a midsize organization. A highly available WAN helps ensure that the flow of business information can proceed uninterrupted. A remote site, sometimes called a branch office, is defined as a remote location where employees conduct operations on behalf of the business. A remote site requires the same level of access to corporate applications as the headquarters, just on a smaller scale. The WAN connects remote sites to the organization via a private network and aggregates all remote-site traffic back to the headquarters location. Benefits Reduces operating expense through integrated services within a single platform Protects investment with a flexible, modular design Supports all major service provider WAN connection types The primary function of the WAN router is to move data between remote sites and the headquarters. The remote sites in the Cisco SBA Borderless Networks for Midsize Organizations are designed to support 20 to 40 users with computers, IP phones, and wireless voice and data. Cisco Integrated Services Router Generation 2 (ISR G2) provides the platform to deliver the growing number of services and increased performance requirements common in todays remote sites.

Figure 4. SBA LAN: Improved bandwidth and resilience

The Cisco SBA Borderless Networks for Midsize Organizations LAN design improves link utilization from the access layer to the core of the network. Both uplinks from the access layer switches are active and passing traffic, doubling the available bandwidth compared to traditional designs where one of the uplinks was blocked by STP. It is also possible to increase the throughput to the access layer or server room by increasing the number of uplinks, allowing the design to scale to meet bandwidth requirements. The client access layer is the point at which user-controlled and user-accessible devices connect to the network. Because the access layer connects client devices to network services, it plays an important role in protecting users, application resources, and the network itself from human error and malicious attacks. The access layer also provides automated services like Power over Ethernet Plus (PoE+), QoS marking, and VLAN assignment for IP telephones to reduce operational demands.

Network Foundation

Figure 5. Remote-site router with Integrated Services

Users need seamless access, both locally and across the WAN, to network services on the headquarters site. To increase the performance over the WAN and improve the user experience, application optimization and QoS services can be implemented. Application optimization uses compression, caching, and other optimization technologies to increase the WAN bandwidth up to four to five times the link speed. Remote-site users connected over a T1/E1 link back to headquarters feel as if they are connected to the headquarters LAN. Servers are centralized at the headquarters, reducing WAN traffic. QoS prioritizes business-critical and latency-sensitive traffic over other traffic so that voice and video performance is protected and lower-priority traffic does not interfere with business.

To meet the requirements for mobility in the architecture, the design incorporates specific products and configurations to provide a secure, flexible, scalable, and cost-effective solution. Providing comprehensive wireless mobility services at the headquarters and remote sites, while also maintaining ease of use and low cost of ownership, can be challenging if access points are deployed in a standalone mode. Autonomous access points create multiple devices to configure, monitor, and manage. By using Cisco Wireless Controller (WC), it is possible to centrally control all of the access points, reducing the management overhead and simplifying the deployment and implementation phases. The Cisco WC approach has many benefits in addition to being a central management point. To help ensure access to the wireless network remains secure, all employees authenticate against a corporate directory, removing the need to maintain a separate username/ password store on each access point. Another challenge is providing visitors access to the network for connectivity back to their company network or for Internet access. By using Cisco WC, a virtual guest network can be overlaid upon the existing company network without the expense of a separate infrastructure. The controller connects to the firewall at the Internet Edge, providing guests with virtual network access to the Internet only, secured from the corporate network. Although the Cisco WC hardware is centralized, the remote-site wireless network provides wireless access to the local LAN, avoiding U-turn traffic that would otherwise have to travel to the headquarters site and then return to the remote site network, wasting WAN bandwidth. For future growth, the Cisco WC approach provides a foundation for more advanced functionality, including location services, unauthorized access point detection, and RF prediction and policy provisioning, all of which can be built on the current midsize Cisco SBA.

Wireless
Staying connected regardless of location has become a mainstay of business and daily life. Few buildings have the wired networking ports to support every location and every person who needs to connect to organization assets. Wireless networks help enable the users to stay connected and keep the flow of information moving regardless of physical building limitations. Wireless connectivity at the headquarters and remote sites uses Wi-Fi technology for the transmission of voice, video, and data across the midsize organization. Benefits Network flexibility extends the boundaries of the network without adding additional wiring Centralized control of wireless infrastructure reduces management burden A network core, preconfigured for access points to be connected to any access port, simplifies deployment

Network Foundation

Figure 6. SBA Wireless LAN

Internet Edge
The Internet edge is the point where the private network connects to the Internet. Traffic from internal users exits the network here, and traffic from the Internet enters the organizations network here to reach external-facing applications like web and email. Because this is an always-on connection to the Internet that usually allows outside traffic into the network, it is a prime target for attack. Benefits Provides fast, secure Internet access for the company to increase productivity Stops attacks from the Internet that could disrupt business Simplifies management and configuration by combining all security functionality into a single device Protects user traffic from monitoring and tampering with VPN technologies

At the Internet Edge, it is common to have a firewall, a VPN appliance, and an intrusion prevention system (IPS) appliance to mitigate the common threats from the Internet. In the past, organizations needed at least six devices to provide secure connectivity to their employees. The midsize Cisco SBA takes advantage of Cisco Adaptive Security Appliance (ASA) to perform all three functions in a single device, taking the number of devices from as many as six to just two. This reduces the number of devices that IT has to be trained to support. It also reduces the hardware and software maintenance costs by lowering the total number of devices on the network. Cisco ASA provides full HA for firewall, IPS, and VPN services. The firewall functionality provides stateful application layer filtering for inbound and outbound traffic, secure outbound access for users, and a DMZ network for servers that need to be accessed from the Internet.

Network Foundation

Figure 7. Internet Edge

Cisco ASA supports both SSL and IPsec VPN for remote access and site-tosite VPN, providing employees and partners a secure way to connect to the corporate network from the Internet. Cisco ASA supports full IPS functionality to alert and block attacks, and the new Cisco SensorBase reputation filtering makes the decision on what traffic to block much easier by factoring in the reputation of the traffic source. Cisco SensorBase allows Cisco IPS to block two times the number of attacks and detect attacks based on the reputation of the source, allowing Cisco IPS to block zero-day attacks without relying on signatures while decreasing the amount of false positives. Overall, a single pair of Cisco appliances, developed with a solutions-based approach, meets the Internet Edge core security requirements of the organization.

Network Foundation

Network Services
Network services operate behind the scenes and are relied on by the user services to function or improve reliability and efficiency. In some cases, the network may become unusable without them. Lets consider our example of the web browser. The personal computer the browser is installed on probably obtained a network address using a dynamic addressing service, such as DHCP. The user-friendly URL needed to be converted from a name, like www.cisco.com, to a network address by the name resolution service (Domain Name System [DNS]). The request would be sent over the shortest route available to a load balancer in the network that shares the load across multiple servers, allowing the website to scale. The network security services are always helping to ensure that the information is protected and malicious traffic is removed or prevented from reaching its intended target. Within the architecture, there are many network services, including application acceleration, server load balancing, various forms of security, guest access, and media resources that are used by Cisco Unified Communications Manager . The goal is to build a pervasive, scalable infrastructure that bridges previously siloed domains and unifies them into a fabric of shared, virtual services that can be provisioned in a fraction of the time it takes to configure a traditional application environment. The midsize Cisco SBA creates a foundation for virtual services. In the design, virtual local-area networks (VLANs) are used to create logical, secure, and reliable segmentation between voice, video, data, wired, wireless, and management function on the network. The design also supports virtual servers and storage in the server room/data center.

Security
Security is an integral part of every network deployment. With the need to have secure and reliable networks, protect information assets, and meet regulatory compliance requirements, a company needs to deploy security services designed into the network rather than added on as an afterthought. With most networks connected to the Internet and under constant barrage from worms, viruses, and targeted attacks, organizations must be vigilant in protecting their network infrastructure, user data, and customer information. Benefits Eases deployment of security technologies for regulatory compliance Secures remote access for employees and partners Protects user and organization data in the network Proves maximum flexibility for users with a hardware or software VPN client

Virtualization
Virtualization technologies can help your organization treat all IT resources as a set of shared services that can be combined and recombined to improve efficiencies and scale quickly. The more efficiently organizations can use their existing IT assetsservers, storage, networking, and other equipmentthe better their return on investment. Efficient use can also help you defer the cost of new equipment and significantly reduce power and cooling costs. Organizations are looking at virtualization software as a way to increase utilization on servers, but some business leaders are already wondering about the operational complexity this strategy brings. Virtualization has often focused around servers, and to a degree, storage. Yet greater efficiencies can be gained by applying virtualization to your entire network. With some key technological advancement, combined with reconfiguration of operational processes and structures, the network can play a key role in creating a virtual infrastructure for increased efficiency.

Network Services

Figure 8. Security services

Organizations have been using intrusion detection systems (IDS) and IPS to detect and block malicious traffic on networks for years, but recent laws and private sector compliance standards have moved these systems from a nice to have to a must have in corporate networks. The midsize Cisco SBA supports Cisco IPS in several form factors and performance levels. Cisco IPS can be deployed on its own as a standalone service with appliance-based solutions for high-performance LAN and server deployments or integrated into the firewall for network perimeter protection. All form factors support inline and promiscuous modes that allow the customer to inspect traffic and either alert on malicious traffic or block the traffic in real time.

Application Optimization
Application optimization helps ensure optimal use of network resources between remote-site users, and the headquarters. Application optimization accelerates applications over the WAN, delivers video to the remote site, and provides local hosting of remote-site IT services. Cisco Wide-Area Application Services (WAAS) allow IT departments to centralize applications and storage in the data center while maintaining LAN-like application performance, and provide locally hosted IT services while reducing the remote-site device footprint. Benefits Improve productivity of remote employees via application optimization Remote access has become a must-have service for employees on the road or that work from home. More and more organizations are allowing partners remote access to their networks to service systems more cost-effectively. The midsize Cisco SBA provides secure remote access for users via a software or hardware client. SSL VPN offers maximum flexibility, offering secure connectivity for employees and partners back to the internal network even from assets outside the organizations control. If an existing remote access solution is deployed, the architecture is flexible and can support traditional IPsec VPN clients. Teleworkers can be supported with a hardware client that allows for an always-on connection so that home users have the same experience that they would have in the office. Minimize remote-site IT costs by centralizing services and hardware at the headquarters site Respond rapidly to changing business needs; changes can be made from central location rather than sending a technician to the remote site Simplify data protection, ease compliance, and improve business continuity

Network Services

10

Server Load Balancing

Cisco Application Control Engine (ACE) is the latest server load balancing (SLB) offering from Cisco. Its main role is to provide Layer 4 through 7 switching, but Cisco ACE also provides an array of acceleration and server offload benefits, including TCP processing offload, secure socket layer (SSL) offload, compression, and various other acceleration technologies. Cisco ACE sits in the server room in front of web and other application servers and provides a range of services to maximize server and application availability, security, and server-to-client acceleration. As a result, Cisco ACE gives organizations more control over application and server infrastructure, which enables them to manage and secure application services more easily and improve performance. Benefits Scales the performance of a server-based program such as a web server by distributing its client requests across multiple servers Provides high availability by automatically detecting failures and redirecting traffic to an operational service Improves application performance and reduces response time by minimizing latency and delay Offloads TCP and SSL processing, which allows organizations to handle more users without adding servers

Guest Wireless Access

Organizations today have a wide range of guests that need Internet access while they are on site. The midsize Cisco SBA provides wireless guest access over the same access points as corporate users. Guests include customers, visitors, partners, and vendors and to accommodate this broad set of users, guest access should be deployed throughout the network, not just in conference rooms. Benefits Complexity and cost for wireless guest access services is reduced Guest user traffic is segmented so the organizations traffic can remain secure Guest access is controlled by IT and can be provisioned with simple generic guest access or with per-user accounts Secure guest access is designed into the midsize Cisco SBA and no additional hardware is required Organizations can utilize the wireless network in the midsize Cisco SBA to provide guest access over the same access points as the internal employees use. This capability simplifies network operations and reduces costs by reusing the same equipment for multiple services, while still providing secure access for guests. The architecture helps ensure that the guest network does not compromise the security of the corporate network. Guest traffic is on a separate segment over the air, and once on the wired network, the guest traffic is tunneled to a wireless controller and dropped off on a DMZ interface on the firewall, providing security for the corporate network from the guest users and providing Internet access for the guests. When guests connect to the wireless network, they get redirected to a web login screen and must enter a username and password to get access to the Internet. A simple generic guest account may be created that is reset with a new password daily or weekly, or users can be given individual guest accounts. The architecture is flexible to balance the complexity and security needs of the organization.

Network Services

11

User Services
User services comprise the layer everyone is familiar with. These are the services or applications we use every day and interact with directly, from picking up the phone and using the phone service to reading email using an email client. The user experience starts here. How the application or product is designed and built affects how intuitive and easy to use it is. How well this user service interacts with the network services impacts how it performs when a user actually uses it. The architecture provides the phone and voice messaging services as part of the initial user services options.

The midsize Cisco SBA supports up to 2500 users, where users are located in a headquarters, regional site, or remote site, are teleworkers or mobile workers, and in wired and wireless configurations. The solution integrates the benefits of media communications (for voice and video calling) with messaging into a modular architecture. Consolidating these services on a single network creates a cost-effective solution that is simple to set up, manage, and use, thereby lowering total cost of ownership (TCO) and providing a foundation for other service and business process integrations. The unified communications module utilizes three main products, which include: Cisco Unified Communications Manager Cisco Unity Connections Cisco Integrated Services Routers Cisco Unified Communications Manager supports the world-class mediaprocessing (voice and video calling and mobility) engine and extends telephony features and capabilities to packet telephony network devices such as IP phones, voice-over-IP (VoIP) gateways, and multimedia applications. Additional services such as multimedia conferencing, collaborative contact centers, and interactive multimedia response systems are made possible through Cisco Unified Communications Manager open telephony APIs. Midsize organizations can save money, reduce power consumption, and use less space by reducing the number of PBXs to a centrally deployed system that has survivability built into the remote-site router in the event of a WAN failure. Deploying fewer PBXs saves money on electricity and cooling and saves space in the equipment room, wiring closet, or data center. In addition to saving money, using less equipment and power also supports a companys green initiatives and goals for protecting the environment. Integrated Call Admission Control within Cisco Unified Communications Manager helps ensure that voice and video QoS, already implemented in the LAN and WAN modules, is maintained across WAN links. Now midsize organizations can save significant costs by using their IP WAN connections for their site-to-site calling instead of using more expensive public switched telephone network (PSTN) trunks. Cisco Unity Connection is the unified messaging application for the midsize Cisco SBA. Cisco Unity Connection transparently integrates messaging and voice-recognition functions to provide continuous global access to calls and messages. Cisco Unity Connection also provides robust automated-attendant functions, including intelligent routing for incoming calls and easily customizable call-screening and message-notification options. Employees can personalize communications options using advanced capabilities that

Business Application Services

An organizations presence on the Internet plays a key role in its success. Downtime, even for simple information portals, can mean missed opportunities. Key applications such as email, e-commerce, web portals, and ERP must be available for use by both internal and external users around the clock to provide uninterrupted business service. Availability of these applications can be threatened by network overload, poor resource utilization, as well as network and device failures. The high availability design of the Cisco SBA provides redundant firewalls in the Internet edge, a resilient LAN design for core, access, server room and wireless, along with QoS, and imbedded security all designed to protect the application availability.

Unified Communications
Cisco Unified Communications products deliver high-quality voice and video communications that scale from a few people to tens of thousands. Midsize organizations select the features and functions to meet their specific needs, from simple voicemail to complex call centers. Benefits Scales as the organization grows, from 10 to 30,000 users Can be tailored to suit the needs of your organization, be it basic call functions or complex call centers Builds on your current messaging systems, creating a platform for collaboration

User Services

12

can be customized to increase individual and team productivity. The flexible user interface makes messaging more efficient for both intensive and occasional voicemail users. For example, the telephone user-interface and touch-tone mappings for each user can be customized to make migration from traditional voicemail systems much easier. Users can also use the web administration interface to define and manage personal call-transfer rules to customize the delivery of incoming calls based on caller, time of day, or calendar status. Optionally, Cisco Unity Connection offers an integrated messaging option, bringing voice messages to your Internet Mail Access Protocol (IMAP) desktop email inbox. Building on your existing messaging infrastructure and IMAP email clients, Cisco Unity Connection desktop messaging access provides simple, native access to voicemail from nearly any email client. Cisco Integrated Services Router provides three specific unified communications embedded services as part of the midsize Cisco SBA: Gateway service for connectivity to the PSTN Media resources in the form of conference bridges Backup call control in the form of survivable remote site telephony (SRST), in the event of lost connectivity with the central site Cisco Unified SRST is a critical component in the unified communications module. Cisco Unified Communications Manager located at the headquarters provides centralized telephony services for all sites; however, because it is a centralized service, it is susceptible to service interruptions, which could interrupt service to all users. Cisco Unified SRST provides telephony backup services to help ensure that the remote site has continuous telephony service should the remote site lose communications with the headquarters. Further lowering support cost, no IT staff is required at the remote sites to manage the Cisco Unified SRST application. The enhanced reliability provided by Cisco Unified SRST as an embedded service in the ISR makes Cisco Unified Communications Manager a costeffective solution for the midsize Cisco SBA and helps ensure telephony operation for users in the remote sites.

Benefits Show presentations, demonstrate applications, share anything on your computer screen Bring remote designers and engineers together to review the latest plans Conduct regular meetings between geographically scattered staff members Hold lively creative sessions with your marketing and advertising teams Make sales presentations to prospects Use WebEx throughout your businessto generate leads, train customers, even provide support Cisco WebEx Meeting Center includes these powerful features: Integrated phone conferencing Multimedia support for PowerPoint presentation software, Flash animations, audio, and video Meeting recording and playback One-click meeting access from your taskbar, as well as popular desktop, scheduling, and IM applications PC, Mac, and iPhone compatibility Secure communications Unlimited online meetings Integrated phone conferencing and VoIP capabilities Many new business applications and tools are being delivered as software as a service (SaaS) you simply subscribe to and use over the Internet. Reliable network services, such as the Internet connection, WAN infrastructure, and security, help ensure that an organization can rely on SaaS applications such as Cisco WebEx for critical collaboration. Cisco WebEx is an easy way to exchange ideas and information with anyone, anywhere. It combines real-time desktop sharing with voice and basic video conferencing, so everyone sees the same thing as you talk.

Web MeetingWebEx
Meetings are no longer only conducted face-to-face in a single location. For a business to survive and thrive, it must conduct business across multiple time zones and across borders. The Internet provides the common medium for borderless communications, enabling location-independent collaboration.

User Services

13

Design Guide Summary

Whether its voice, video, or data, information is a critical asset that determines how well an organization runs. In the past, organizations have struggled with networking products; they were complex, difficult to use, deploy, and manage. Cisco Smart Business Architecture Borderless Networks for Midsize Organizations is broken down to three primary modular, yet interdependent, components for the midsize organization. They are the network foundation, network services, and user services, with the interdependency being hierarchicaleach component relies on the component below. For reliable delivery of business applications and services, both internal and external to

an organizations physical location, these three components must work in a cohesive manner, otherwise your voice, video, and data can fail and even be compromised, placing the organization at risk. Cisco Smart Business Architecture Borderless Networks for Midsize Organizations provides a prescriptive design, and the companion Deployment Guide and Product Configuration Guide provide step-by-step guidance and instructions for deploying the solution. Most of the work is done for you. Cisco has simplified the process while maintaining the intelligence built into every product; products specifically selected and tested for the midsize organization. Deploying the Cisco Smart Business Architecture Borderless Networks for Midsize Organizations network design helps ensure the future health of the business by providing a stable, secure, and scalable network services infrastructure. Figure 9. Foundation Network Architecture

Grow and Differentiate Your Business by Selling Services with Cisco

14

Appendix A: SBA for Midsize Organizations Document System

Design Guides

Deployment Guides

Supplemental Guides

You are Here

Foundation Design Overview

Foundation

Email Security

IPv4 Addressing

Configuration Files

Web Security

IPv6 Addressing

Network Management

3G Wireless Remote Site

Business Continuance

SolarWinds

Wireless CleanAir

ScienceLogic

Panduit

Ipswitch

Appendix A: SBA for Midsize Organizations Document System

15

Americas Headquarters Cisco Systems, Inc. San Jose, CA

Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore

Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

C07-470488-02 01/11