Conquer the Cloud

Designing A Next Generation Cloud Ready WAN
Presenters Host
Scott Van de Houten, Technical Architect, Cisco Matt Bolick, Senior Technical Engineer, Cisco Jimmy Ray Purser, Techwise TV, Cisco
December 11, 2012, 8 a.m. Pacific Time
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Experts Provide Best Practices on How to Accelerate Your Organization’s Journey to the Cloud FIVE-PART WEBCAST SERIES
•  On-demand: The Cloud and Your Network—Is There a Gap? •  On-demand: Optimizing App Performance from Branch to Cloud •  On-demand: How to Enforce Pervasive Security •  On-demand: Extending Virtualization to the Branch •  December 11: Designing Next-Generation,

Cloud-Ready WAN

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

2

A framework for building a next-generation WAN that meets your future business requirements The primary elements of the regional WAN design for up to 15‚000 sites Strategies for enabling high availability, robust security‚ and improved application performance for different cloud models Suggested next steps on getting started with enabling a next-generation WAN

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

3

Designing a Next Generation Cloud Ready WAN
Scott Van de Houten Matt Bolick Jimmy Ray Purser

Technical Architect, Cisco

Technical Engineer, Cisco

TechWiseTV Host, Cisco

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

4

Cloud Challenges
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Cloud Models
Traditional IT
•  Independent branches •  Internet via central site

Private Cloud
•  Application centralization •  Lean Branch

Public Cloud
•  Internet-based apps

Hybrid Cloud
•  Shared infrastructure

•  High Capex and OpEx •  Longer time for app rollout
© 2012 Cisco and/or its affiliates. All rights reserved.

•  Poor user experience •  Application survivability

•  Security and control risk •  Unpredictable performance

•  Lack of visibility and control •  Unpredictable performance
Cisco Confidential 6

Yesterday
Internet

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

7

Yesterday
Internet Public

Today
Hybrid

Private

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

8

Yesterday
Internet Public

Today
Hybrid

Future

Private

Internet/ WAN

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

9

Virtual Desktops User Experience
Users Cloud Services
Mouse Control
IaaS

Keystroke

Video

Screen

New York Branch Office

1500 Miles

Dallas Data Center

Bandwidth Explosion: ~20 VDI Sessions per T1 Line
© 2012 Cisco and/or its affiliates. All rights reserved.

WAN Latency: >200ms Need for Optimal VDI Performance

Lack of Visibility, Control, and Prioritization
Cisco Confidential

10

Centralized Internet Access
Users HQ/DC

Sales Rep at NY Branch/Mobile User

Hairpinning Effect:
Backhaul of SaaS/internet traffic to DC

California, USA

Drastic Change in WAN Traffic Pattern:
90% of organizations backhaul Internet traffic*

Brazil

SaaS
© 2012 Cisco and/or its affiliates. All rights reserved.

COMPROMISED USER EXPERIENCE
Cisco Confidential 11

*Cloud Networking Report, Metzler Associates, 2011

Cloud Intelligent Network
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors
Medianet

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud
CSR ASA 1000V 1000V

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors
Medianet

VSG

vWAAS

Nexus1000V
vPath VXLAN

Hybrid Virtual Private Cloud

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Cisco Prime Infrastructure Cisco ISR G2 ASR 1000 AVC, WAAS UCS-E

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud
CSR ASA 1000V 1000V

Security
Branch/Campus

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors
Medianet

VSG

vWAAS

Nexus1000V
vPath VXLAN

Cloud Connectors ScanSafe HCS Webex CCA 3rd Party

Hybrid Virtual Private Cloud

HCS Services

Branch/Campus

AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud Connectors

Public Cloud
Cisco Confidential 15

© 2012 Cisco and/or its affiliates. All rights reserved.

Simplified Operations, Monitoring, and Troubleshooting Optimized Service Performance Intelligent Application Adaptive Routing Pervasive, Scalable End-to-End Security
ASR 1000

Interconnect

Redundant, Scalable GETVPN Head End

Local Campus ASR 1000 ASR 1000

Data Center ASR 1000 ASR 1000

Redundant, Scalable GETVPN Head End

SP A MPLS OC3 and GE

SP V MPLS

Internet
Cisco Prime™
DS3 and FE Serial, Ethernet
ISR G2 ISR G2 ISR G2

ASR 1000

3G and 4G Satellite

Any WAN Transport Standardized Profiles

Ultra-High-End Branch and Campus

ISR G2

Mobile Branch

High-End Standard Branch Branch

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

16

Private Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

ASR 1000, AVC, ASA, WAAS, AppNav

Used only by a single company or organization, the Private Cloud looks a lot like the traditional Enterprise Data Centers we’re familiar with although they tend to focus on virtualized services. They might be operated by a third party instead of the company using them.
Source: NIST

Private Cloud
CSR 1000V ASA 1000V

Security

Cloud App Visibility/ Control (AVC) Intelligent Cloud Network Connectors
Medianet

VSG vWAAS

Nexus1000V vPath VXLAN

Virtual Private Cloud

HCS Services

Public Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

What are your plans for deploying Private Cloud Services?
A.  Currently deployed B.  Deploying within

12 months
C.  No plans to deploy

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

Deep Packet Inspection
Deep Packet Inspection engine (NBAR2) identifies applications using L7 and custom signatures

Performance Collection and Exporting
ISR G2 and ASR collect application bandwidth and response time metrics, and export to management tool

Reporting and Provisioning Tool
Advanced reporting tool aggregates and reports application performance

Control
Use QoS or PfR to control application network usage to improve application performance

ISR G2/ASR1k/CSR ASR 1000 ISR G2

Application Visibility and User Experience Report
App WebEx Citrix BW 3 Mb 10 Mb Transaction … Time 150 ms … 500 ms …

ASR 1000

ISR G2

CSR

WAAS/ vWAAS

PA/FNF

NFv9

High Med

Reporting Tools
© 2012 Cisco and/or its affiliates. All rights reserved.

Low

Cisco Confidential

20

Cisco WAAS Offers Automated Interoperability with HDX and ICA

No Change to Clients

No Change to Server

High Performance Virtual Desktops

Transparent Handshake
Virtual Desktops

Branch Office
Cisco ISRG2 with WAAS Cisco WAAS

Data Center

Transparent insertion into encrypted ICA/CGP communication. WAAS applies TCP flow optimization to maximize bandwidth usage and mitigate packet loss.

WAAS applies an inline compression algorithm over the optimized data, maximizing savings WAAS delivers Citrix-aware multi-user ContextAware Data Redundancy that removes redundant data from across all end user connections.

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

WAN Edge Applications Impacted
Core Services: Windows and VDI
•  DNS and DHCP servers •  Microsoft active directory •  Windows print services •  Windows file services

Mission-Critical Business Applications
•  Point of sale server •  Bank teller control point •  Electronic medical records •  Inventory management

Client Management Services
•  Software update service •  Client monitoring service •  Backup and recovery •  Terminal server gateway

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Use Slots on Most Widely Deployed Branch Device
WAN Optimization Wireless LAN/WAN Routing/Switching

All-in-One Device for Branch Services

Application Hosting Unified Communications Security

Highly Secure Platform with Small Attack Surface

Direct UCS E -Series Blade-to-LAN Connectivity

Redundant Power Supply Options

Long Service Life 2x Typical Blade System

One, Two, and Four Blade Slots Options

Two and Three RU Options

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Compact, Multipurpose Blade Housed in ISR G2
Maximum 65 W Power Draw 80 Percent Less than Server Intel Xeon E3 Family Quad-Core Processor

Single Wide
iSCSI Initiator Hardware Offload

8, 12, and 16 GB DRAM Options Remote and Schedulable Power Management One External and Two Internal GE Ports 10/100 Ethernet Management Port KVM Console Connector Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (2.5 lb/1.1 kg)
© 2012 Cisco and/or its affiliates. All rights reserved.

Configuration and Mgmt Through CIMC

Two SD cards: One for the CIMC and Temporary Storage of OS and One for a Blank Virtual Drive Up to 2 SATA, SAS or SSD Hard Drives USB 2.0 Port for External Device Connectivity On-Board Hardware RAID 0/1 with Hot-Swap Capability
Cisco Confidential 24

Compact, Multipurpose Blade Housed in ISR G2
8 GB–48 GB DRAM Options Maximum 130 W Power Draw, 80 Percent Less than Server

Double Wide
Intel Xeon E5-2400 Quad Core or Six-Core Processor

iSCSI Initiator Hardware Offload Remote and Schedulable Power Mgmt

Out-of-Band Configuration and Mgmt Through CIMC

Front-Panel VGA, 2 USB, and Serial Console Connectors Two SD Cards: One for the CIMC and Temporary Storage of OS and One for a Blank Virtual Drive Two External and Two Internal GE Ports with TCP/IP Acceleration
© 2012 Cisco and/or its affiliates. All rights reserved.

Up to 3 SATA, SAS, SSD Hard Drives or 2 HDD and a PCIe Card On-Board Hardware RAID 0, 1, and 5 Configuration Options with Hot-Swap Capability Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (7 lb / 3.2 kg)
Cisco Confidential 25

Hybrid Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

ASR 1000, AVC, ASA, WAAS, AppNav

Private Cloud

Hybrid Clouds exist on the premisis and are maintained by a cloud provider. Resources are allocated to individual companies or organizations providing them the look and feel of a private cloud within a shared cloud environment.
Source: NIST

CSR 1000V

Security

ASA 1000 V vWAAS

VSG

Cloud Intelligent Network

App Visibility/ Control (AVC) Cloud Connectors Medianet
vPath VXLAN

Nexus1000V

Hybrid Virtual Private Cloud

HCS Services

Public Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

What are your plans for deploying Hybrid Cloud Services (or Virtual Private Cloud, IaaS, PaaS)?
A.  Currently deployed B.  Deploying within

12 months
C.  No plans to deploy

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28

Cisco IOS Software in Virtual Form-Factor
Cisco IOS XE Cloud Edition CSR 1000V
App OS App OS
RP FP

•  Selected feature set of Cisco IOS XE •  Virtual Route Processor (RP) •  Virtual Forwarding Processor (FP)

Virtual Private Cloud/Data Center Gateway
•  Optimized for single tenant use cases

VPC/vDC

Hypervisor
Virtual Switch

Agnostic to Other Infrastructure Elements
•  Hypervisor agnostic •  Virtual switch agnostic •  Server agnostic

Server

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

29

Improve Application Performance and User Experience
WAAS Appliance
Application acceleration Virtual blades in branch offices Scalable platforms for range of deployments

Virtual WAAS
Application acceleration from Private/Virtual Private Cloud VMWare ESX/ESXi and UCS deployments Agile, elastic, multitenant deployment vCM: common virtualized management for physical/ virtual WAAS

WAAS Express
Integrated ISR G2 On-demand IOS-based Bandwidth optimization Inline IOS features (Security, QoS) Small footprint, Cost-effective, Single CLI
© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco WAAS

WAAS Service Ready Engine
Integrated ISR G2 Application Acceleration Software on-demand provisioning No fork lift upgrade

Cisco Confidential

30

Public Cloud Solutions
© 2012 Cisco and/or its affiliates. All rights reserved. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

ASR 1000, AVC, ASA, WAAS, AppNav

Operated wholly by cloud providers, public clouds offer services to companies, organizations and individuals using a fully virtualized environment hosted in the cloud. Services are delivered in a shared environment even though they might be provisioned or customized for the needs of the individual organization.
Source: NIST

Private Cloud

CSR 1000V

ASA 1000V

Security

VSG vWAAS

Cloud Intelligent Network

App Visibility/ Control (AVC) Cloud Connectors Medianet
vPath

Nexus1000V

VXLAN

Virtual Private Cloud

HCS Services

Public Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

What are your plans for deploying Public Cloud Services? (e.g., SaaS)
A.  Currently deployed B.  Deploying within 12

months
C.  No plans to deploy
•  Rapid deployment •  Rich media experience •  Easy to scale •  Data stored locally which can be backed up centrally •  Store infrastructure cost reduction •  Energy costs savings
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

Delivering Optimal Experience, Pervasive Security, and Simplified Operations
Management and Policy Users
Collaboration Survivability

Cloud Connectors
Web Security Cloud Storage Third Party

Cloud Services

Cloud-Ready Network Services
Visibility Optimization Security Collaboration App Hosting

Branch
ISR G2

Cloud-Ready Platforms
ASR 1K CSR 1KV

Private/Public/ Hybrid

Branch Office
© 2012 Cisco and/or its affiliates. All rights reserved.

Campus/Data Center

Cloud
Cisco Confidential 34

Delivering Optimal Experience, Pervasive Security, and Simplified Operations
Management and Policy Users
Collaboration Survivability

Cloud Connectors
Web Security Cloud Storage Third Party

Cloud Services

Cloud-Ready Network Services
Visibility Optimization Security Collaboration App Hosting

Branch
ISR G2

Cloud-Ready Platforms
ASR 1K CSR 1KV

Private/Public/ Hybrid

Branch Office
© 2012 Cisco and/or its affiliates. All rights reserved.

Campus/Data Center

Cloud
Cisco Confidential 35

IaaS SaaS
App

WAN Connection Branch Office
Users expect the same experience as local apps Higher-Latency, Lower-Bandwidth and Less Reliable than Local Network

OS

Cloud
Apps often designed for LAN performance not WAN constraints

RESULT: Application experience is improved by incorporating cloud intelligence into the branch network.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

3 6

Protect Internet Edge at Enterprise Branches
Internet

Key Benefits:
•  Avoid expensive backhaul of internet

HQ

Web Filtering

Web Security

and public cloud traffic through the HQ/ Datacenter
•  Single policy portal, easy of deployment

Centralized Reporting
ASR 1000

Consistent Policy Control

and management
•  Enhanced security for all users

Solution:
WAN

•  Integrate ScanSafe Connector in

ISR G2
•  Router redirects Internet Web traffic to

ScanSafe cloud
Content analysis, detect/stop malware

Branch Office

Branch Office

Web usage control—administrator can control access to websites

Secure VPN
© 2012 Cisco and/or its affiliates. All rights reserved.

Integrated Security

•  Complement the integrated security

Web Security

(ZBF, IPS) on the router
37

Cisco Confidential

Third Party Connector
MSP Admin Portal
Manage end-user accounts, service provisioning and billing

End-User Virtual Portal
Users access their own cloud backups and folders, restore and share files.

MSP Network Cloud storage is cached in the branch. Branch files are backed up to the cloud.

Cisco ISR G2 and UCS® E-Series
with Cloud Storage Gateway

Backup Agent for Roaming Laptop Agent-Less Solution

Branch Office
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

Application

1 Write

an App

C APIs

Java APIs

Python APIs

2 App Talks

to Devices
Network Abstraction

Thrift/Sockets

Network Abstraction

Network Abstraction

Network Abstraction

3 Devices
do Stuff

IOS

IOSd/XE

XR

NX-OS

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

39

Process Hosting

Blade Hosting

End-Point Hosting

Cisco Network Operating System

Container OnePK Apps

Cisco Network Operating System

Cisco Network Operating System

BLADE

Container OnePK Apps OnePK Apps

Best For: •  Powerful RPs •  Low Latency
© 2012 Cisco and/or its affiliates. All rights reserved.

Best For: •  Real Time •  Data Plane00

Best For: •  Less Delay Sensitive •  Multi-Element Apps
Cisco Confidential 40

40

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

41

Private Cloud Data Center

Public Cloud

Hybrid Cloud

HCS Services

DC Consolidation VDI Adoption
Secure and Optimize WAN •  ISR G2 and ASR 1K •  FlexVPN/GETVPN •  AVC •  WAAS 5.0 / VXI •  UCS-E Series

SaaS Internet Applications
Secure, Direct Internet Access •  AVC •  ScanSafe Connector •  HCS Connector •  Webex CCA

VPC IaaS Shared Infrastructure
Enterprise Control in a Shared Virtual Environment •  Cloud Services Router •  vWAAS with AppNav •  vASA, VSG •  Nexus 1000v, vPath

Application Experience Reduce Bandwidth Cost
© 2012 Cisco and/or its affiliates. All rights reserved.

Avoid Traffic Backhaul Security and Policy

Reduced Capex Maintain Ops/Control
Cisco Confidential 42

42

Tested and Pre-Integrated Solutions
Smart Business Architecture
•  Prescriptive,

Next Generation Enterprise WAN
•  Prescriptive,

Mobile Workforce Architecture
•  Architecture for

Cisco Virtual Office
•  Complete

modular designs

modular design a foundation for borderless services

•  Tested and validated •  Focused on most

•  Focused on building

supporting worker mobility options security, access and cost control

turnkey solution deployment

•  Zero-touch •  Integrated FW,

•  Provisioning,

common network deployments
•  Targeted to

•  Targeted to large

customers from SMB to small enterprise

enterprise and public sector networks

•  Seamless connectivity

content filter and VPN CPE
•  Data protection,

for smart devices
•  Targeted at customers

of all size

integrated UC and security
•  Targeted at customers

of all sizes

Provides customers with confidence in deploy ability of solutions Provides partners with replicable deployment models to enhance profitability Makes solution design simpler and reduces the risks of new technologies
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

43  

Mark Your Calendars: Registration Opens January
Jan 16, 8am PT:

Cloud Networking Case Study:
Cisco IT best practices for deploying a Cloud Intelligent Network

Brian Christensen Director of Information Systems, Cisco Feb 20, 8am PT:

Connecting Clouds with A Next-Generation WAN:

How to architect your core backbone networks to support data center and cloud Scott Van de Houten Technical Architect, Cisco
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Cisco Cloud Intelligent Network
Cisco.com/go/readyforcloud

Design Zone for Next Generation WAN
Cisco.com/go/ngwan
At-A-Glance Summary http://www.cisco.com/en/US/netsol/ns816/ networking_solution_at_a_glance_list.html Solution Overview http://www.cisco.com/en/US/netsol/ns816/ networking_solution_solution_overview_list.html Whitepaper http://www.cisco.com/en/US/netsol/ns816/ networking_solutions_white_papers_list.html
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

Thank You

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

46

Sign up to vote on this title
UsefulNot useful