PDF(266.9 KB) View with Adobe Reader on a variety of devices
Updated:January 12, 2009
This document is intended for technical decision makers, architects, and application vendors who are responsible for designing and deploying business applications. There is a basic assumption that the reader of this document is sufficiently familiar with Cisco
® Integrated Services Routers (
The primary objective of this document is to provide an overview of the Cisco Application eXtension Platform (AXP) product and its value propositions to the market.
As corporations become increasingly global, there is a bid to be closer to their customers and provide better quality of experience in a localized manner. With technology facilitating virtual workplaces and geographical independence, the number of branches is growing 11 percent every year. This trend has put the spotlight onto branches, and, given the fragmented nature of branch network and IT infrastructure, the past few years have seen a progressive transformation to overhaul IT. Today, there is increased focus on lowering total cost of ownership (TCO) and bringing services consistency across the branch, campus, WAN, and data center in a ubiquitous manner.
With the proliferation of branches, there is a pressing need to decrease operational expenses, hence the trend of centralization and "thin" branches, especially with regard to network and IT infrastructure. But because an increasing number of decision makers are based there, centralization has to be achieved without compromising branch performance or availability. The role of the Cisco integrated services router in addressing this challenge is well known. It has hitherto addressed various aspects of branch consolidation: security, mobility, switching, routing, WAN optimization, unified communications, and more. These have largely involved the integration of network elements. The logical next step is to provide a greater degree of flexibility to network and IT decision makers by addressing another primary problem area dealing with network and application convergence.
This white paper looks at some of the new Cisco innovations, in particular the Cisco AXP, which enables the development and hosting of applications onto a Network Module Enhanced (NME) or Advanced Integration Module (AIM) within the Cisco integrated services router.
Branch Office Trends
With increased globalization and industry consolidation through mergers and acquisitions across multiple domains, corporations are attempting to increase productivity and lower operations costs. Some of the issues are:
• With branch proliferation (Figure 1), it is more difficult to manage a distributed enterprise with fragmented network and IT infrastructure. It adds to network complexity and suffers from lack of experienced IT staff, poor application performance, and a low end-user experience.
• IT budgets also have either been flat or grown in low single digits.
• Lack of homogeneity between the underlying network, IT, and application infrastructure.
• Poor network and application integration resulting in performance degradation.
Figure 1. Changes in Number of Branch Offices
In the branch, Cisco has addressed this problem space with its integrated services router portfolio, which has achieved tremendous success with proven results in lowering TCO by as much as 70 percent. Reduction of overlay network appliances from multiple vendors has resulted in better services integration, enhanced manageability, and lower operational expenditures.
In recent times, with the advent of Cisco's Service-Oriented Network Architecture (SONA), the network has become instrumental in providing not only traditional network-based services, but also services that have historically resided in full or at least in part in the application space. The integration of unified communications applications into the core routing and switching infrastructure is one proof point that has meant better network and application convergence.
Application Performance Expectations
Even as branches adopt a "thin" architecture, clearly there are increased expectations for application performance and availability (Figure 2). These could be business applications, or even custom applications that many enterprises run through their organizations, to fulfill the need of a particular capability that is not available as a mass-market solution.
Figure 2. Application Performance Expectations
Source: Nemertes Research, 2007.
Such applications can be found running in large healthcare facilities, financial services industries, defense organizations, contact centers, and retail environments, to name a few. To fulfill the promise of Cisco's SONA, it is necessary to extend the value of network and application convergence into these domains. To address this opportunity, Cisco has introduced the Cisco AXP module on Cisco Integrated Services Router, along with open Cisco IOS
® Software application programming interfaces (APIs) and a software development kit (SDK) in conjunction with a development partner ecosystem. This not only helps with server consolidation and lowers TCO; it also helps provide better network and application convergence.
Application developers are constantly investigating areas of their businesses that can bolster their core competencies (for example, application business logic). These application designers are finding new ways to design and implement overall integrated architectures by recognizing the inherent value that an integrated network architecture offers. They are increasingly able to spend more time and energy on development areas that have the greatest return on investment for them. By allowing Cisco to host application services on the network, they increase their overall integration story as well as free themselves to focus on enterprise problems, maintaining maximum agility in their business.
Cisco AXP Overview
The Cisco AXP (Figure 3) is an application services hosting platform that physically resides inside of a Cisco integrated services router. Different physical configurations of this module are available, each with different performance capabilities to suit various application requirements. The Cisco AXP module is physically inserted into the integrated services router and provides a service platform for applications to run all or portions of their code. The Cisco AXP ships with a virtualized hosting environment and a host of monitoring and configuration APIs that are available to the applications running inside. The product also offers an SDK that enables primary packaging functions and a management interface that facilitates centralized management schemes.
Figure 3. Cisco AXP
The Cisco AXP as a Cisco product is a means to an end that supports the concept of unifying application systems with network systems. It is quickly becoming a primary component of the overall Cisco SONA framework, adding true application service-level integration technologies to the Cisco product portfolio. At an architectural level, the ability to combine two loosely coupled systems into a single collaborative, integrated solution has numerous advantages. The outcome precipitates enhanced features, such as improved performance, security, and management. These enhancements contribute directly to tighter business logic and in many cases differentiate business models that are keeping enterprises competitive. Likewise, Cisco system integrator and managed service provider partners are also using this new technology to differentiate their product offerings.
Cisco AXP Services
The value of hosting application services on the network on Cisco AXP is immediately identifiable. Depending on the nature of the application and the business in which the application is deployed, the Cisco AXP value proposition might vary. In any case, there are sufficient services available from the network to not only host an application, but also provide supporting technologies to help ensure overall solution deployment success. (See Figure 4.)
Figure 4. Cisco AXP Services
The Cisco AXP service module portfolio contains multiple physical configurations, and each is loadable in the Cisco 1800, 2800, and 3800 Series Integrated Services Routers chassis. Table 1 identifies which service modules are loadable on which integrated services router chassis. For more details on product specifications, see the AXP Data Sheet
Table 1. AXP Service Module Specifications and Support
300Mhz Intel Celeron
1841, 2800 series, 3800 series
1.0GHz Intel Pentium
2811, 2821, 2851, 3800 series
1.4GHz Intel Pentium
The NMEs have internal and external Gigabit Ethernet interface connections, whereas the AIMs have an internal Gigabit Ethernet interface only.
The Cisco AXP ships with a standards-based hosting infrastructure that includes a hardened Cisco Linux OS, a virtualized application OS using Linux V-Server technology, and a logging/debugging infrastructure. It also supports a multitude of programming languages such as native x86 C/C++, Java (with optional Open Services Gateway Initiative (OSGi) and Tomcat support), and scripting (bash, perl, and python). Additional features are made available to applications such as serial tunneling to external devices, syslogging, and netflow data collection. Additional language and/or library support is easily installed during the application installation procedure, so customers are not limited to the out-of-the-box support shipped with each Cisco AXP service module.
A primary benefit to applications running within the Cisco AXP environment is access to the monitoring, configuration, and trigger APIs. Each individual application instance maintains its own API context, meaning separate API calls can be managed by applications running in different virtual containers on the same physical service module hardware. This allows for a very flexible application hosting environment capable of powerful, discrete functionality.
Figure 5. Cisco AXP Software Services
Cisco's AXP also ships with an extensible command line interface that allows customers to extend the interface of the Cisco module by adding custom CLI commands. This functionality lends itself to enhanced administration and monitoring features at a system level, realizing yet even tighter integration.
The hardened Cisco Linux OS provides an excellent platform for the hosting of security services such as unified threat management functionality. By having real-time access to data at all layers, positioning modular security technology on the router gives the customer more options for application-layer security policy enforcement. The ISR router can be a distribution point of centralized security management from a headquarters office or as a security focal point for small to medium-sized businesses as a gateway to the Internet. Having security inside the router provides access to decrypted traffic for better, less complex enforcement and management of security policies. And yet the module itself stands alone and is not capable of affecting the rest of the router should the security application go down.
When loaded, the AXP service module appears as a separate, configurable IP interface, which means that the same security provisions capable of being made to an existing IOS IP interface can be applied to the AXP service module interface. For example, an administrator may apply a unique access control list (ACL) to the AXP interface through standard IOS command line interface commands. Furthermore, because the AXP is installed inside of a Cisco ISR router, overall security advantages are increased through concurrent services such as stateful firewall and intrusion protection. Network wide architectural benefits are also extended to applications running inside of an ISR router.
There is also the case of software security, where issues such as helping ensure that only appropriate applications are loadable onto a given Cisco AXP service module become primary considerations. From a software development perspective, the Cisco AXP product affords a software trust chain mechanism using a key infrastructure for more secure application deployments. This is accomplished by implementing a key signing paradigm that precludes rogue software from being loaded onto an AXP service module. (See Figure 6.)
Figure 6. Application Signing and Trust Chaining
Management is a critical aspect of the overall Cisco AXP services portfolio, offering various tools to network and application administrators. Applications are easily integrated into existing standard IT processes, with lower TCO and operating costs. The extended tool set facilitates increased uptime and reliability metrics. Rolling out new application services and establishing viable problem resolution strategies during that process are also promoted through the environment. These strategies, among others, lend themselves favorably to ancillary enterprise IT concerns such as ongoing training and administration costs.
Cisco AXP management services contain the following:
– Application log files, process up/down, process control
• Easy-to-use application management APIs
– Custom application management and monitoring
– Command-line interface (CLI)
Customer and Partner Value Propositions
The nature of the Cisco AXP, that of openness and flexible support of application services, is a catalyst for new growth areas within IT and as far reaching as facilitation of new business processes and enhanced business models. The concept of having application services resident on a Cisco router is appealing to various parts of an organization, be it a desire to minimize physical footprint and maximize service consolidation to hosting a distributed component of an application to promote a new business model. In any case, it is the inherent capability of the Cisco AXP module to assume system-level responsibility of hosting/integrating applications into the network that facilitates these things.
Independent software vendor (ISV) value proposition:
• Addresses Cisco large installed base and use Cisco's well-established channel relationships.
• The Cisco ISR has industry-leading market share. It serves as an excellent platform to integrate applications with security, unified communications, and WAN optimization built in.
• Provides ISVs with a faster time to market.
• Uses Cisco brand name and multi-geography reach.
Channel partner and service provider value proposition:
• Provides additional revenue opportunities and facilitates higher margins.
• Helps move from a product centric approach to a solution centric approach.
• Increases customer penetration and stronger bonds across multiple categories of decision makers.
• Is backed by strong worldwide Cisco support, including Cisco Validated Designs (CVD), training material, documentation, and so on.
• For managed service providers, it further reduces management complexity and on-site administration needs.
Customer value proposition:
• Provides server consolidation and decreased branch footprint.
• Provides better network and application services integration.
• Is compliant to industry standards such as payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and so on.
• Is one vendor to contact.
A significant concern for all enterprises when considering the deployment of new technology is total cost of ownership (TCO). Please see the following whitepaper for in-depth details on this very important topic.
Cisco customers find the AXP service module appealing for multiple reasons:
• Tighter integration with the ISR means better management and control over remote application infrastructure
• No additional servers deployed at branch offices
• Reduction in total cost of ownership
The Cisco AXP is designed to provide basic hosting functions to applications among an array of other value add features. This has proven to be valuable to businesses that want to integrate custom applications into their network, ultimately gaining combinatory benefits such as direct monitoring and configuration of the host router services through the Cisco AXP API. Furthermore, with the Cisco AXP's management services, these customers have the ability to create a centralized management scheme in support of their distributed applications, additionally easing large-scale deployment challenges.
For example, enterprises today have a set of core utilities that need to be administered and accessible by branch office employees. The most common applications that provide these functions are Domain Name System (DNS); Dynamic Host Configuration Protocol (DHCP); authentication, authorization, and accounting (AAA); and so on. Because the Cisco AXP provides virtualization services (also known as application sandboxing) to applications, customers can also extend the existing network utilities footprint to include even more specific applications in addition to those mentioned here, each running in its own separate virtual container on the same Cisco AXP service module.
For customers that have many branch offices, the ability to deploy and manage a single platform for multiple services is a tangible benefit at multiple levels of an organization. Many enterprises have custom-built applications deployed in their branch offices to optimize IT functions, from lightweight custom scripts to more elegant custom Java applications. In any case, businesses gravitate toward the ability to accomplish these things inside a single platform for significant reasons such as TCO.
Application vendors find the Cisco AXP environment very appealing for three fundamental reasons:
• It affords them the opportunity to create new integrated, differentiable architectures.
• It creates opportunity for new business models, resulting in preservation of customers and/or new streams of revenue.
• It provides sales/marketing scale to their organization through coupling with Cisco's sales/marketing channels.
By collaborating with Cisco in this manner, business applications realize a multiplier effect such that the application component that resides in the ISR becomes the "hook" into the host of network capabilities that Cisco specializes in. Cisco core competencies such as high availability, scalability, reliability, and manageability become melded into the application vendor's overall architecture, which in turn provides additional value to the end customer. Together, the two systems become one integrated solution.
Cisco Unified Communications (UC) customers are realizing AXP benefits in multiple ways:
• Complete UC branch-in-a-box capabilities
• Reduction in total cost of ownership
• Tighter management and control through APIs
Unified communications services such as voice recording, click to talk, and other advanced solutions are created through Cisco's comprehensive AXP partner program. This portfolio of integrated UC applications is available to customers and will comprise a complete ecosystem play to ensure customer success from pre-sales activity through deployment and ongoing support.
There is also the ongoing convergence of voice and data in the enterprise. With the introduction of the Cisco IP phone and its ability to host an interactive display, there is a progressive trend in the industry to integrate more and more business logic into the unified communications environment. The IP phone services are driven by a simple Extensible Markup Language (XML) schema, which makes it quite easy for voice application vendors to use the IP phone displays as fundamental human resource interfaces. The result of doing this is a highly integrated voice and data solution where logic from two previously disparate systems blends into a single solution.
Branch offices are experiencing increased pressure to support an ever increasingly demanding workforce with more and more application services. While expanding the application portfolio in the branch, these same enterprises are challenged with reducing the overall cost of doing so, manufacturing a seemingly diametrically opposed set of objectives. Though truly challenging, these objectives are not unique to any particular enterprise, but rather critically identifiable to the ongoing health of the very business itself.
Cisco continues in its efforts to provide additional advanced technologies and products to answer the call of enterprises seeking to achieve new ways of doing business. The Cisco AXP service module is a specific product that has the unique ability to consolidate application services into the network, be the catalyst for new and enhanced business process deployments, and lower an enterprise's overall TCO. These things happen while improving application performance, reliability, manageability, and security through tight integration with the Cisco network.