Guest

Cisco Application Performance Assurance Engine

Cisco Application Performance Assurance Engine 1.0

  • Viewing Options

  • PDF (110.5 KB)
  • Feedback
Q. What is the Cisco ® Application Performance Assurance Engine?
A. Cisco Application Performance Assurance (APA) Engine is a standalone appliance designed to identify, analyze, and control application traffic on a per application, per user basis. Cisco APA Engine facilitates wire line identification and traffic control at up to 100 Mbps throughput in each direction. The result is overall reduction of network congestion, improved application performance over the WAN, and the ability to plan more effective network bandwidth upgrades.
The overall Cisco APA Engine solution consists of the following components:

• Cisco APA Engine - which is responsible for traffic classification using deep packet inspection of the traffic and providing application/protocol and user awareness, enforcing global and user-specific policies, and collecting the reporting data (CAM-APA-100)

• Cisco APA Device Console (APA DC) - a management application responsible for device, fault, and traffic management, as well as report generation. The Cisco APA Device Console is resident on the APA Engine, providing a self-contained solution

• The "operating system software" resident on the Cisco APA Engine (APA-SW-3.0). Note that the Cisco APA Device Console is included in the APA-SW-3.0 software image.

• A view-only or control software license

Q. What customer challenges does the Cisco APA Engine solve?
A. Enterprise customers face a growing need to track application use, manage network bandwidth resources, identify and dispose of malicious and otherwise unwanted traffic, and prioritize mission-critical applications on a per user basis. Corporate users located in one of the company branches may need to access the company data center or another remote branch connected over the WAN link. Oppositely, the users residing in the company headquarters also need to access remote locations for multiple purposes.
Not all of the enterprise traffic traversing the WAN is equally important in terms of required delivery and processing time. Mission-critical applications contend for available bandwidth with noncritical applications, and many applications are subjected to network latency and jitter characteristics that impede their ability to function appropriately. With between 50 percent and 60 percent of enterprise bandwidth now being consumed by peer-to-peer (P2P) and other recreational traffic, the productivity of the network is significantly compromised.
The problem is even more pronounced for specific vertical markets, such as higher education or healthcare. Higher education networks are typically congested with file sharing traffic; this traffic impedes other, more legitimate traffic such as distance learning or research collaboration. Medical networks are becoming increasingly congested with DICOM traffic-digitized X-ray, CT scan, or MRI images-all of which impede the performance of mission-critical healthcare information systems.
The Cisco APA Engine facilitates the detection of virtually any network application, including enterprise resource planning (ERP) applications, multimedia streams, broadband voice, Web browsing, instant messaging, and forms of unwanted and malicious traffic such as P2P. Once this traffic has been identified, the network administrator is able to appropriately configure quality of service (QoS) policies to control the traffic so that the time-critical and high-priority portion of LAN-WAN traffic will not suffer from giving up the bandwidth to the less critical applications. The result is overall reduction of network congestion, improved application performance, and the ability to plan more effective network bandwidth upgrades.
Q. What type of customers can benefit from deploying the Cisco APA Engine?
A. The Cisco APA Engine is targeted toward distributed enterprise customers that have several remote locations and branch offices and that are attempting to classify and prioritize application traffic and to control the behavior of the network traffic over the WAN links to make sure that the performance of each individual application reflects its importance to business operations.
Managed service providers can also use the Cisco APA Engine to their advantage and further enhance their competitive differentiation. Service providers can offer managed Cisco APA services alongside their existing managed router and managed security business and take advantage of the existing infrastructure and processes. It strengthens service providers' value proposition by allowing them to focus on application performance instead of simply offering connections. The managed Cisco APA service provides all the benefits of the Cisco APA Engine without the initial costs of obtaining and installing the equipment and the costs of ongoing management, allowing the organization to focus on its core business.
Finally, higher education accounts can use the Engine to control P2P file sharing, generate new types of student online services (voice over IP [VoIP], gaming), and protect critical network uses such as distance learning and research collaboration.
Q. How is the Cisco APA Engine managed?
A. APA DC is integrated into the Cisco APA Engine, providing a self-contained solution that includes traffic control, device management, fault management, policy management, and reporting.
Q. What types of reports can be generated using APA Engine?
A. Approximately 100 different report templates are available in the Cisco APA Engine. These reports provide the operator with an in-depth view of application traffic on the network.
Q. What levels of performance does Cisco APA Engine deliver?
A. The Cisco APA Engine is designed to provide sustained throughput of 100 Mbps full duplex. The system is capable of supporting concurrently up to 1000 users and 10,000 flows (that is, 10 flows per user). Given typical oversubscription rates, this gives support for approximately 10,000 users with average network usage

Application Visibility

Q. How does the Cisco APA Engine identify and detect network applications?
A. By performing deep packet inspection on network traffic, the APA Engine is able to quickly identify protocols and applications. The Cisco APA Engine fully reconstructs individual traffic flows and the Layer 7 state of each individual application flow. Using Layer 7 signatures and attributes in addition to behavioral classification algorithms, the APA Engine readily identifies applications that employ dynamically assigned port numbers and tracks applications that involve multiple interrelated or spanned flows commonly found in VOIP or multimedia streaming protocols.
Q. Which business applications and protocols does the Cisco APA Engine solution support?
A. The Cisco APA Engine supports about 1000 protocols, including:

• Business applications: Oracle, Citrix, SAP, Microsoft Exchange, Microsoft SQL

• P2P: KaZaA, Gnutella, Winny, Win/MX, eDonkey, BiTorrent, DirectConnect

• Multimedia applications: Real Time Streaming Protocol (RTSP), Session Initiation Protocol (SIP), Skype, H323, and Media Gateway Control Protocol (MGCP)

• HTTP (HyperText Transfer Protocol), NTTP, Simple Mail Transfer Protocol (SMTP), POP3, Internet Mail Access Protocol (IMAP), and so on

• HTTP classification based on URL or user-agent regular expression

• RTSP classification based on URL or user-agent regular expression

• SIP classification based on source or destination domain name

Q. What is the plan for adding new protocol support on the Cisco APA Engine?
A. Protocols will be updated every two or three months in the form of a "protocol pack," which will be downloaded from Cisco.com and distributed to operating APA Engines. Note that the protocol updates are dynamic, providing the additional capability without having a service interruption.

Reporting

Q. What kinds of reports are provided by the Cisco APA Engine solution?
A. The APA DC management application is responsible for report generation and provides close to 100 reports. The APA DC includes report groups that are used to generate report instances.
There are two main categories of reports:

Monitoring reports: Show how network resources are used for selected services at various granularities (global, user). Monitoring reports typically show a specific metric for a set of services at a selected granularity, such as bandwidth for P2P and browsing services at a link granularity or volume for the streaming services for specific users.

Traffic discovery reports: Provide statistical information about network activity and help identify the characteristics of the traffic traversing the network, such as the top IP or P2P protocols in the network

Q. What is the reporting granularity provided by the Cisco APA Engine?
A. The reporting data is stored locally on the resident hard drive, and since the APA DC is resident on the APA Engine itself, all reports are generated directly through the onboard APA DC.
Q. Does the APA solution provide mechanisms to transport the reports to any external system?
A. The APA DC application supports the export of reporting results as JPEG image and comma-separated value (CSV) files to an external workstation.

Service Control Engine (SCE) Comparison

Q. How is the Cisco APA solution different from the Cisco Service Control solution?
A. The two solutions share the same technology base, but are targeted towards different markets. The APA solution is typically suitable for the needs of the distributed enterprise customers whereas the Cisco SCE solution is targeted for the service providers requiring high-capacity carrier-grade deployments. As a result, the two solutions differ significantly in terms of scale, throughput, user/flow limits, reporting requirements, and management. Table 1 summarizes the differences between the two solutions.

Table 1. Differences between the Cisco APA and SCE Solutions

 

Cisco APA Engine

Cisco APA Module

Cisco SCE Solution

Primary target market

Enterprise data center or higher education institution

Enterprise WAN edge

Service provider edge (MSO, Wireline, Mobile)

Hardware

Hardware appliance

Router integrated form factor

Hardware appliance

Solution components

APA Engine, APA DC management system

APA Network Module, APA DC management system

SCE hardware, Collection Manager, Subscriber Manager, SCA-BB management application

Solution management

Using the Web-based APA DC application; used for device management, service management, and reporting

Using the Web-based APA DC application; used for device management, service management, and reporting

Using SCA-BB application, GUI-based toolset, primarily used for service/policy management, reporting

User management

Through the APA DC

Through the APA DC

Using an external server, the Service Control Subscriber Manager (SM)

Reporting

Onboard storage and reporting using the APA DC

Onboard storage of reporting data, which is retrieved by the APA DC as required

Centralized and uses an external server, the Service Control Collection Manager (CM)

Throughput

200 Mbps bidirectional

90 Mbps bidirectional

SCE1010: 2 Gbps

SCE2020: 4 Gbps

Concurrent users/ subscribers

CAM-APA-100: 1000

NME-APA-E2: 250

NME-APA-E3: 500

SCE1010: 40,000

SCE2020: 80,000

Maximum flows

10,000 concurrent application flows

5,000 concurrent application flows

1,000,000 concurrent application flows

Integration/ APIs

Industry-standard APIs to facilitate easy integration with:

• Provisioning systems
• OSSs
• Management systems
• Billing systems

Industry-standard APIs to facilitate easy integration with:

• Provisioning systems
• OSSs
• Management systems
• Billing systems

Industry-standard APIs to facilitate easy integration with:

• Provisioning systems
• OSSs
• Management systems
• Billing systems

High availability

Not addressed by the solution

Not addressed by the solution

Dual-cascaded system design to provide redundancy and failover protection, or N:1 redundancy using SCE cluster scheme

Q. Do both the Cisco APA Engine and the SCE solution support the same set of protocols?
A. The APA protocol set is a superset of those supported by the Cisco SCE solution. The APA solution supports additional enterprise-level protocols and business applications in addition to those supported by the SCE. However, over time it is expected that these solutions will provide identical protocol support.
Q. Is the customer capable of defining custom signatures with the Cisco APA Engine?
A. Currently, this capability is not supported for the Cisco APA product family.
Q. Can the Cisco APA Engine detect worms, spam, and other forms of malicious attacks?
A. Currently, this capability is not supported by the Cisco APA Engine.
Q. Can the Cisco APA Engine support tunneled traffic?
A. The Cisco APA Engine does not support tunneled traffic such as traffic within MPLS or Level 2 TP tunnels.