Guest

Cisco Application Networking Services Modules

Cisco AON Secure File Transfer Extension Module

  • Viewing Options

  • PDF (184.0 KB)
  • Feedback

Product Overview

Cisco ® Application-Oriented Networking (AON) products look simple-a small hardware blade on a Catalyst ® switch, or a router, or a standalone appliance-but what these products provide is extremely powerful.
Cisco AON is a processing platform that delivers complex communication services to your business applications directly from within the network, offloading the task of developing and managing these functions on the dozens or hundreds of application infrastructure servers and application endpoints within your business and throughout your trading community.
The Cisco AON module or appliance sits on the communications path between applications providing application infrastructure services for security, file transfer, messaging routing, event management, optimization, and more, directly from within the network.
The Cisco AON Secure File Transfer Extension Module adds support to Cisco AON for business-to-business (B2B) document exchange protocols such as AS2 by embedding them in the network and facilitating access to the protocols directly from file systems, middleware systems, or Web services. This innovative approach provides organizations with a simple, reliable, secure, cost-effective, scalable, and manageable B2B file exchange infrastructure, helping enable them to achieve significant cost reduction and increased deployment of the B2B trading networks.
Using this approach, organizations are finally able to achieve a level of B2B collaboration with their customers, suppliers, and other third parties that has not been achievable using traditional server-based B2B gateway technologies.

Features

The Cisco AON Secure File Transfer Extension Module provides a complete solution to support secure B2B document exchange over the Internet and includes the following components:

• Cisco AON B2B Operations Management Console: Web-based application for trading partner setup and management, including support for digital certificate management and visibility on document exchanges between trading partners

• Cisco AON B2B Protocol Software: Drummond Group certified support for AS2 server and client functionality directly on AON including:

– User authentication/access management

– File/document persistence to shared storage (SAN/NAS) through network protocols such as NFS

– Ability to retrieve/store files to remote systems directly through messaging protocols such as JMS

– Support for Cisco AON network module and appliance clustering and load balancing to enable high availability and scalability

• Cisco AON Management Console (AMC): Web application with full role-based access control for centralized management of the Cisco AON system. Cisco AMC helps ensure consistent and up-to-date configurations across all the Cisco AON devices (nodes) in a distributed infrastructure. Cisco AMC functions include:

– Configuring and managing Cisco AON nodes

– Defining and provisioning application policies

– Managing keys and certificates

– Monitoring Cisco AON node events and logs

– Directly interfacing with the Cisco AON blade in a switch or router

• Cisco AON Development Studio (ADS): Windows-based tool for use in configuring how application messages are processed at run time. Its features include:

– Easy drag-and-drop GUI

– Set of preconfigured functions, or bladelets, that can be used to create policy execution plans (PEPs)

– One-button synchronization of policy execution plans with the Cisco AON Management Console

– Separate additional kits for creating custom bladelets and custom adapters. Refer to http://www.cisco.com/go/aon for further information

The Cisco AON Development Studio is included as part of the basic hardware/software package for Cisco AON. It may be used to customize the Cisco AON Secure File Transfer Extension Module to provide additional functionality or develop additional functionality on AON, but it is not necessary for the successful deployment and configuration of the Cisco AON Secure File Transfer Extension.

Benefits

Today, application developers need to write code or implement complex application infrastructure software to facilitate common interapplication communication tasks such as connectivity, security, and data exchange. These same functions are often recoded individually for each application or redeployed in different application infrastructure software, resulting in increased development, deployment time, and cost.
Each application must perform CPU-intensive functions such as encryption, decryption, and XML processing locally rather than centrally in a shared infrastructure, and an ever-increasing number of servers is required to keep up with the processing demand. Management, maintenance, and centralization of policies and enforcement become extremely challenging, especially as enterprises deploy distributed applications utilizing service-oriented architectures (SOA).
A significant amount of this cost and complexity can be avoided with the installation of a few Cisco AON devices in the data center. Cisco AON utilizes a policy-driven approach to help enable enterprises to centrally configure and manage application infrastructure functions. As changes to policies occur and new requirements for security methods, logging and auditing, or encryption methods are required, these changes are managed centrally eliminating the need for recurrent or complex code changes to middleware components.
Centralizing these functions on AON devices in the network not only saves money and speeds up application response times, it makes it much easier to centrally manage and monitor large-scale, distributed applications.
Having this functionality available pervasively in the network provides a powerful mechanism for managing and controlling application deployment, changes, and upgrades, especially as SOA gains widespread adoption, and Web services and other Web-based technologies become the primary means for integrating applications not only internally but also with customers and suppliers.
Cisco AON provides the following benefits:

• Make use of the current network infrastructure

– Provides a cost-effective, easy-to-implement B2B document exchange solution that uses existing investments in Cisco networking infrastructure

– Eliminates the need for expensive, complex B2B integration software and dedicated server hardware by facilitating support for common B2B protocols such as AS2 within Cisco routers and switches or standalone Cisco appliances

• Deploy faster and with less effort

– Includes integrated hardware and run-time and management software for setting up, managing, and scaling secure, reliable connections to trading partners

– Quick start services included for accelerating initial installation and configuration

– Proven interoperability with existing AS2-compliant solutions

• Connect and integrate with all your trading partners

– Scales to meet the needs of large organizations as well as small to midsize companies by providing enterprise class form factors in addition to a cost-effective access router form factor

– Benefits enterprises and large organizations through reduced total cost of ownership, improved security, improved collaboration visibility, and ability to monitor and validate uptime and availability of trading partners who are AON enabled

– Benefits small and medium-sized companies through reduced implementation and integration costs, improved security, reduced complexity, and ability to meet key trading partner data and information requirements in a scalable fashion

Solution Capabilities of Cisco AON Secure File Transfer Extension Module

The Cisco AON Secure File Transfer Extension provides capabilities in the areas of security compliance and support for common B2B document exchange protocols.

Security and Compliance

The primary challenge in interapplication communications is how to transparently and cost-effectively enable and enforce security on the massive scale required by today's distributed and service-oriented architectures.
Even in a simple scenario where only two applications need to exchange information, one must ensure authorized access, confidentiality, and the integrity of the information exchanged. This is extremely difficult and costly given today's application-centric approach towards providing these functions.
In real-world enterprise deployments consisting of hundreds of interdependent applications, the ability of the network to deal with complex security challenges becomes key to ongoing application management and deployment. The network must be equipped to help enable and enforce complex security that spans enterprise and partner boundaries with consideration to:

• Compliance and auditing requirements with stiff penalties and fines for violators

• Identity and trust management concerns that are increasingly difficult to manage across partner ecosystems

• Security infrastructure requirements that require a balance of performance and protection

• Data security that protects confidentiality and integrity of information in transit

• Attack protection and prevention to foil massive and complex assaults

• Security policy management to invoke and enforce business rules across organizational boundaries

• Business-to-business and multidomain security to facilitate e-commerce relationships among trading partners

• Network and transport security to provide fundamental and ubiquitous protection

• Third-party integration to help enable application, network, and specialized systems from multiple providers

These and other considerations give rise to senior executives' fundamental awareness that security is imperative for business operations and continued expansion.
The Cisco AON technology provides two fundamental capabilities that differentiate it from other approaches: Ease of integration with enterprisewide applications and the ability to span external B2B and multidomain application environments transparently.
The total set of interapplication and interenterprise security features provided by Cisco AON includes:

• Trust enablement and threat protection for Web services as well as legacy applications

• Identity and content-based authentication, authorization, and access control

• Data security and confidentiality in the form of digital signatures and message field-level encryption

• Integration with enterprise security services such as public key infrastructures and certificate authorities

• Business requirement-directed security policy management and enforcement

• Application logging facilitating compliance and security audit logging

• Protection against threats to applications and underlying networks

• Network and transport security through Secure Sockets Layer (SSL), HTTP and HTTPS, and Secure Shell (SSH) Protocol

• Support for secure file transfer, including authentication, authorization, encryption, signature verification, nonrepudiation, and auditing using AS2, Web services, and other protocols

Cisco AON B2B Security

At the data center edge, Cisco AON is an ideal B2B gateway facilitating virtualization of back-end infrastructures and trust establishment with partner applications. Cisco AON provides a network-embedded platform for identity verification, message integrity, authorization for access to appropriate applications, and data confidentiality with encryption and decryption that can easily be deployed and managed at the network edge.
Cisco AON at the perimeter must secure large-scale enterprise hubs connecting hundreds of suppliers, logistics providers, and trading partners-a scenario that requires a heterogeneous security infrastructure, pervasive visibility into spokes, security functions for multiple protocols, and support for performance- and security-oriented service-level agreement (SLA) commitments.

Cisco AON B2B Protocol Support

Common B2B document exchange protocols are now available as add-ons for the Cisco AON platform. These protocols fully use the Cisco AON platform to facilitate simplified deployment and management with increased reliability, scalability, and reduced overall total cost of ownership.
Cisco AON supports a number of protocols "out of the box," including Web services, which can be deployed in a B2B configuration. With the addition of the AS2 protocol through the Secure File Transfer Extension, Cisco AON now fully supports B2B secure document exchange using an interoperable, widely deployed industry-standard B2B protocol.
Cisco successfully completed Drummond Group certification and interoperability testing of the AS2 protocol on Cisco AON in the AS2-3Q06 round of testing. The full report is available from Drummond Group at http://www.drummondgroup.com/pdfs/AS2_3Q06_Interoperability_Final_Report.pdf.
Cisco AON with the Secure File Transfer Extension Module now provides a network-based, turnkey solution for implementing managed secure file transfer services and B2B gateway functionality, fully replacing the need for server-based AS2 gateway software.

Summary

The Cisco AON platform with the Secure File Transfer Extension Module introduces the first significant change in B2B document exchange since server-based point-to-point B2B gateways became pervasive in the late 1990s. It is the first complete, out of the box, network-embedded, integrated hardware and software solution for secure managed file transfer.
By providing B2B gateway functionality in a network form factor, this solution eliminates the need for complex server-based software deployment and management, addressing a number of the barriers faced by organizations with cost-effectively deploying large-scale B2B trading networks.
With the introduction of this solution, Cisco is the first to provide full support for the AS2 protocol in a network-embedded form factor. While AS2 has been primarily deployed in retail supply chains, it is increasingly being adopted as a means for sending information between organizations in a confidential and reliable way over the Internet in other industries such as high tech, health care, and oil and gas.
By virtue of the fact that it is payload agnostic, AS2 provides an interoperable, standards-based method for transmitting any document to another organization safely over the Internet. This includes binary documents and various industry-standard XML and flat-file EDI formats such as ANSI X12, EDIFACT, HL7, PIDX, OAG BODs, and RosettaNet PIPs. It is quickly becoming the de facto standard for secure file exchange over the Internet using HTTP or HTTPS, providing standardized support for security, confidentiality, compression, message receipt confirmation, message retries, and nonrepudiation, not all of which are available in other B2B protocols.
This innovative approach will help enable companies for the first time to use the same reliability and scalability traditionally found in their networks for unprecedented widescale B2B collaboration.

Ordering Information

Table 1. Ordering Information

Part Number

Product Name

FL-NM-AON-SFT1-K9

Cisco AON Secure File Transfer Extension for AON Network Module

FL-NM-AON-SFT1-K9=

Cisco AON Secure File Transfer Extension for AON Network Module (Spare)

FL-SVC-AON-SFT1K9

Cisco AON Secure File Transfer Extension - Cisco Cat6500 Module

FL-SVC-AON-SFT1K9=

Cisco AON Secure File Transfer Extension - Cisco Cat6500 Module (Spare)

FL-APL-AON-SFT1K9

Cisco AON Secure File Transfer Extension - AON8342 Appliance

FL-APL-AON-SFT1K9=

Cisco AON Secure File Transfer Extension - AON8342 Appliance (Spare)


To order, contact your Cisco account representative.

Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.
Cisco AON products are bundled with Cisco Advanced Services that will accelerate your time to deployment and help ensure a high-quality, reliable implementation. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.

For More Information

For more information about the Cisco AON platform, visit http://www.cisco.com/go/aon or contact your local Cisco account representative.