Cisco Cloud Connected Solution

Cisco Cloud Intelligent Network: Prepare Your Network for the Cloud

  • Viewing Options

  • PDF (337.9 KB)
  • Feedback

Executive Summary

Enterprises, small businesses, and governments are looking to cloud-based solutions to solve some of their biggest business and technology challenges: reducing costs, reaching new levels of efficiency, and creating innovative business models. Cloud services and applications offer compelling economics by reducing capital expenditures (CapEx) and operating expenses (OpEx) through sharing of cloud assets and dynamic, on-demand delivery of services. Clouds enable flexible business models that allow applications and services to be launched more rapidly, with greater and more scalable efficiency, regardless of the geography or size of the business (Figure 1.)

Figure 1. The Cloud Is Changing the Way Organizations Do Business

Yet users who work with applications demand a high-quality, high-performance, and secure cloud experience. However, cloud services place new demands and requirements on the enterprise network. The way applications are delivered and consumed has been fundamentally changed by the cloud and will continue to change drastically. The traditional enterprise network, and specifically the WAN, is a critical component that connects users and devices to cloud services, is not designed to support these new challenges. The WAN often lacks the performance, security, reliability, and application visibility and monitoring tools that are essential for deploying cloud services.
To meet these new challenges, some networking vendors advocate only point products or partial solutions. Although these solutions may be adequate as temporary measures, Cisco believes that the true solution lies in making the network infrastructure "cloud intelligent." With this type of solution, the enterprise network can truly optimize cloud application performance within the available bandwidth to deliver a high-quality user experience, especially for the high-demand applications of today and tomorrow.
The Cisco ® Cloud Intelligent Network delivers an excellent alternative to solve these new networking challenges, enabling organizations to efficiently connect users to the cloud with the confidence, performance, and security of a private network.

New Trends Create New Challenges for Enterprise Networks

Cloud services and applications such as Amazon Web Services (AWS) and are challenging the way that networks should be designed and managed to deliver business applications to desktop and mobile users. Today, most enterprise networks cannot reliably and securely support the new levels and types of traffic created by cloud applications and services.
Cisco recently conducted a Global Cloud Networking Survey (April 2012) and asked over 1300 IT professionals what are the top priorities and challenges they face when moving applications and services to the cloud. From the survey results IT professionals have high expectations and will require new network architectures in order to overcome these realities. According to the Global Cloud Networking survey, 52 percent of respondents claim to have a better application experience at home then at work.

Is Your WAN Ready for the Cloud?

Adoption of cloud-based applications will continue to increase as enterprises achieve the benefits for cost savings, flexibility, and reduced operational demands. According to Cisco Global Cloud Index (December 2011) 50 percent of all workloads will be processed in the cloud by 2014. For IT, this broad adoption of cloud-based applications will mean connection of branch offices, employees' home offices, and mobile users to a mix of cloud networks such as:

• Public cloud networks such as AWS or software-as-a-service (SaaS) applications such as

• Private cloud networks managed by enterprise IT

• Hybrid cloud networks that combine connectivity to public and private clouds

According to the Cisco Global Cloud Networking survey 37% of respondents consider a cloud-ready WAN to be the most important infrastructure for connecting to the cloud. The changing traffic patterns created by cloud applications - specifically, public cloud and SaaS applications - produce the major challenge of backhauling traffic from remote users, branch offices, and mobile users to the central site, headquarters, or enterprise data center (Figure 2). This backhauling causes a tremendous increase in network latency, increased WAN bandwidth consumption, and a compromised user experience for cloud services.

Figure 2. Network Challenges with Cloud Services

Do You Have the Bandwidth to Support Virtual Desktops?

Forty-four percent of organizations have deployed virtual desktops, and 70 percent plan to by 2012 (Cloud Networking Report, Ashton Metzler and Associates, 2011). With today's virtual desktop infrastructure (VDI) clients, almost any application can be run in the cloud; however, each application's traffic must be continuously prioritized, monitored, and adjusted in real time to meet user expectations for performance, optimize resource utilization, and increase application availability. For example, a typical Citrix ICA/HDX virtual desktop session requires an average 78 kbps of bandwidth (43 kbps or less for a low-end session and 1812 kbps for a high-end session). A T1 WAN link has just enough bandwidth for about 20 of these virtual desktop sessions, a number that is inadequate for any midsized to large organization. In addition, VDI brings security considerations, because users must be correctly authenticated and provisioned before they gain access to sensitive data and applications. According to the Cisco Global Cloud Networking Survey, 35% of respondents cited performance as a key challenge for the private cloud (Figure 3).

Figure 3. Virtual Desktop Challenge in the Private Cloud

Can You Detect and Prioritize Video Across Your WAN?

Greater use of real-time streaming video for live communications means WAN bandwidth must now be prioritized to preserve video quality and optimized to provide the capacity necessary to handle the higher data volumes produced by video. In order to do this, you need functionality in the network that can identify applications and apply the appropriate prioritization or optimization policy. According to the Cisco Global Cloud Networking Survey, 45% of respondents cited visibility and control as a key challenge for the public cloud. Instead of backhauling traffic from each branch site to one location for centralized processing of security, voice, and video, that processing needs to be performed locally whenever possible to optimize the network's overall performance and responsiveness.

Can You Secure and Optimize Applications for Mobile Users?

Today, in many organizations, trends such as "bring your own device" (BYOD) allow users to work while mobile by using company-owned or personal laptops, smartphones, and tablet PCs. In fact 71% of organizations are extending or planning to extend their cloud applications to mobile devices according to IDC (Mobile Enterprise Software Survey 2011). For IT, supporting these many and varied devices brings new security risks and greater traffic levels, which can compromise confidential data and affect application performance. 55% of respondents to the Cisco Global Cloud Networking Survey cited security and policy as a key challenge for the public cloud.
Among networking vendors, there are two fundamental but opposing views on how to address these new cloud challenges. The first view considers the network to be simply a collection of basic transmission pipes that need specialized appliances placed at the WAN to optimize bandwidth for specific applications. The second view considers the network to be the foundation for intelligent services that deliver the essential capabilities for new application and traffic demands. In this view, advanced routers and network-level tools provide a single unified solution for optimal user experience, cloud security, and simplified operations.

Limitations of Today's Networks

The challenges faced by IT departments are compounded by the limitations of today's enterprise networks. The trends discussed in this document are particularly difficult for today's enterprise networks to address, for reasons that include the following:

• Inefficient network topologies that cannot easily optimize bandwidth, scale to support numerous new applications and devices, or deliver the performance levels required for a high-quality user experience with video and VDI applications - for example:

– Typical users of cloud applications prefer 50 milliseconds (ms) of latency.

– Most IT managers cannot predict application behavior.

– A typical WAN (T1 line) cannot handle more than 20 VDI sessions.

• Limited awareness of application, user, and device security postures, which leads to security policies that are often hard to enforce consistently:

– 90 percent of organizations back-haul Internet traffic over costly WAN links to core security devices (Cloud Networking Report, Ashton Metzler and Associates, 2011).

– Organizations have hybrid cloud islands without any-to-any VPN connectivity to the enterprise.

• Islands of network devices, services, and management tools that mean IT managers have limited visibility into application performance across the network; this architecture also hinders the capability to isolate and resolve network and application delivery problems and meet service-level agreements (SLAs):

– Organizations have inconsistent policies and visibility for managing data center, branch-office, and cloud infrastructure.

– Organizations have less budget and staff available to manage the IT infrastructure.

The Cisco Cloud Intelligent Network

The Cisco Cloud Intelligent Network concept defines a true multiservice network that is built to achieve the best cloud application performance, user experience, and video delivery across the entire network (Figure 4).

Figure 4. Cisco Cloud Intelligent Network Architecture

The Cisco Cloud Intelligent Network is key element of the Cisco CloudVerse ® framework that combines the foundational elements needed to enable organizations to build, manage and connect public, private and hybrid clouds.
The importance of the routing and WAN optimization infrastructure in addressing the requirements of the new enterprise network is often understated. In fact, new user expectations for application performance place more emphasis on the network to deliver advanced services and a high-quality user experience. The Cloud Connecter framework is built around three foundational pillars:

Integrated Management that simplifies management across Enterprise IT and the Cloud. A common API for Cisco Management Applications and third party customized cloud management platforms.

Cisco and 3rd Party Cloud Connectors enable critical services to extend the enterprise network to the cloud. The Cisco Cloud Connector is an IOS integrated or hosted software which makes the network aware of a particular cloud service and then applies custom network services embedded within Cisco IOS to optimize the delivery of cloud services to end-users on the enterprise branch network.

Industry leading physical and virtual platforms spanning branches, data center and the cloud. Common embedded monitoring and control across the network for simplifying deployments, detecting applications and applying the appropriate optimization policy.

These new intelligent routing capabilities in the Cisco Integrated Services Router Generation 2 (ISR G2) and Cisco ASR 1000 Series Aggregation Services Router platforms connect the network to private data centers and public clouds with confidence, helping ensure an optimal experience, cloud security, and simplified operations.

Delivering an Optimal User Experience

Cisco enables organizations to get the best possible user experience, optimize resource utilization, and increase reliability with network-embedded granular visibility and control, context-aware application acceleration and optimization, and enhanced application survivability for both traditional and emerging applications such as video, virtual desktops, and cloud services (Table 1).

Table 1. Cisco Cloud Intelligent Network Solutions for Optimal User Experience

Optimal Experience


Cisco Application Visibility and Control (AVC) on Cisco ASR 1000 Series and Cisco ISR G2

• Enables application-level insight and optimization, with deep packet visibility into more than 1000 applications
• Classifies and manages application sessions, enforcing quality of service (QoS) policies and service guarantees, implementing fair- use policies, and managing network congestion


Cisco Wide Area Applications Service (WAAS) Express

Cisco WAAS on Cisco Services-Ready Engine (SRE) Modules for Cisco ISR G2

Cisco WAAS on Cisco Wide Area Virtualization Engine (WAVE) Appliances

• Accelerates applications
• Optimizes bandwidth
• Provides local hosting of branch-office IT services
• Enables a smooth evolution to cloud-based services
• Provides a flexible WAN optimization solution from data centers to branch offices while requiring up to 66 percent fewer devices

Cisco AppNav

• Optimizes cloud performance
• Simplifies deployment
• Enhances IT efficiency by enabling organizations to virtualize different WAN optimization resources by pooling them into one elastic resource and then assigning WAN optimization capacity to specific applications, lines of business, or customers or users as needed


Cisco SRST Connector on ISR G2

• Survivable Remote Site Telephony (SRST) enables voice survivability for Cisco Hosted Collaboration Solution (HCS)

CTERA Cloud Storage on Cisco UCS E-Series Server Modules on ISR G2

• Improves the efficiency and availability of cloud storage for branch offices and remote sites

Ensuring a Secure Connection to the Cloud

Cisco enables organizations to protect their business assets and end users, meet compliance requirements, and increase business innovation by using context-aware intelligence embedded in the network to deliver secure connectivity to the cloud and consistent security enforcement throughout the organization (Table 2).

Table 2. Cisco Cloud Intelligent Network Solutions for Cloud Security

Cloud Security

Cloud security

Cisco Cloud Services Router (CSR) 1000V

• Provides Cisco's comprehensive networking and security services in a virtual form factor for deployment in cloud environments
• Enables enterprises to extend and control various facets of their enterprise network even in clouds, which are traditionally out of bounds, while providing cloud service providers (CSPs) with increased revenue opportunities though an on-demand, flexible network-as-a-service (NaaS) model

Web security

Cisco ScanSafe connector on Cisco ISR G2

• Provides direct and secure access to the cloud and Internet from branch offices
• Redirects web connectivity to the Cisco ScanSafe cloud services to block web-based malware from enterprise networks and allow IT managers to control web access requests and content blocks
• Provides up to 99.9999 percent uptime for cloud security services for branch-office users

Unified VPN

Cisco FlexVPN on Cisco ASR 1000 Series

• Offers a highly secure, scalable, and manageable solution for IP Security (IPsec) site-to-site and remote-access VPNs
• Supports next-generation encryption, the latest cryptography standards, and regulated cryptographic algorithms (including Internet Key Exchange [IKE] Version 2, Suite B, and Advanced Encryption Standard [AES] 256), as well as user authentication, authorization, and accounting (AAA)

Simplifying Operations and Management

Cisco enables organizations to improve operation efficiency, simplify and accelerate network deployment, and reduce costs with a unified management solution, a pay-as-you-grow network model, and an on-demand service enablement architecture (Table 3).

Table 3. Cisco Cloud Intelligent Network Solutions for Simplified Operations

Simplified Operations

Branch-Office Consolidation

Cisco Unified Computing System (Cisco UCS) E-Series Server Modules with Cisco ISR G2 routers

• Provides a virtualization platform suited for organizations that need to host applications locally in branch offices for performance, survivability, or compliance
• Provides up to 80 percent OpEx savings over a traditional tower server

Unified Management

Cisco Prime Assurance Manager

• Proactively and centrally monitors services across the branch office, data center, and cloud
• Provides deeper visibility into application health and user experience
• Resolves problems faster by providing workflows that allow IT to look at health of services and applications in context of the health of the underlying infrastructure

Flexible Deployment

Cisco ASR 1002-X Router

• Increases WAN performance by up to 7 times
• Enhances deployment agility with an easy pay-as-you-grow performance upgrade model that delivers up to 36-Gbps performance with services turned on for the WAN edge, the Internet edge, and managed services environments

Assessing Your Network's Readiness for Your Journey to the Cloud

The following questions will help you assess the readiness of your enterprise network for handling more traffic, more demanding applications, and cloud-based services:

• Does your application performance meet user expectations?

• Are you using your bandwidth efficiently?

• Can your network deliver a high-quality experience for any video application?

• Can you secure your applications in the branch office? In the cloud? On any device?

• Can you support more applications and users without redesigning your network? Will you be able to do so in the future?

• Can your network deliver the same user experience on both physical and virtual desktops?

• Do you have visibility into your network data? Can you troubleshoot it effectively?


The Cisco Cloud Intelligent Network goes beyond traditional point-product WAN appliances to help organizations deliver a secure, scalable, high-quality user experience for applications and services that operate in the cloud.
This experience is possible because of the solution's network-integrated intelligence, which optimizes application performance, enhances security, and simplifies network management across your network. With this unique and innovative approach to making your network cloud ready, the Cisco Cloud Intelligent Network can:

• Improve cloud application performance by up to 70 percent with Cisco WAAS for cloud services

• Enable 99.9999 percent up time for your cloud-based security solutions with Cisco ScanSafe Web Security

• Reduce deployment and troubleshooting time by up to 62 percent with Cisco Prime Assurance Manager

• Reduce infrastructure cost by up to 58 percent through consolidation of devices and integrating services using the Cisco ISR G2 and Cisco ASR 1000 Series routers.

For More Information

For more information about the Cisco Cloud Intelligent Network, visit
You can also find out more information about the Cisco Intelligent Network at:

• Cisco Global Cloud Networking Survey (

• Cisco Cloud Intelligent Network (

• Cisco Enterprise Routing (

• Wide Area Application Services (

Cisco Cloud Intelligent Network Complementary Products



Cisco Enterprise Content Delivery System (ECDS)

• Uses two network appliances and a virtual blade to deliver streamed and on-demand video to all types of video endpoints in a small office or large campus

Cisco Medianet

• Defines an enterprise network that is optimized for multimedia while delivering high-quality user experiences and reducing network complexity and costs

Flexible Deployment

Cisco ASR 1000 Series Embedded Services Processor (ESP; the data plane and forwarding engine)

• Allows organizations to enable services such as firewall, VPN, Network Address Translation (NAT), and Network-Based Application Recognition (NBAR) at maximum speeds, without affecting forwarding


Support for IPv6 and hybrid IPv6 and IPv4 networks

• Supports IPv6 and hybrid IPv6 and IPv4 coexistence with stateless NAT 64 address family translation and firewall services


Cisco EnergyWise technology on Cisco ISR G2

• Enables companies to manage the power consumption of network infrastructure and network-attached devices to reduce costs while working with building energy systems across enterprise borders


Cisco TrustSec® with Cisco Identity Services Engine (ISE)

• Provides policy-based management, identity-aware networking, and data integrity and confidentiality services, enforced through the Cisco ASR 1000 Series and Cisco ISR G2 routers to effectively control user and device access to networks; with these services, up to 30% less time is required to create and enforce companywide policies for users and devices

Cisco VPN Internal Service Module for Cisco ISR G2

• Provides hardware acceleration to increase performance for IPsec and SSL-encrypted VPN traffic, with support for next-generation encryption

Unified Management

Cisco Prime Network Control System (NCS) Series Appliances

• Delivers visibility of users, devices, and security policy compliance across the entire wired and wireless access network

Cisco Prime Collaboration Manager

• Provides end-to-end visibility and isolation of video-related issues for Cisco TelePresence ® sessions, endpoints, and network devices

Cisco Prime LAN Management Solution (LMS)

• Simplifies local network operations and support with an integrated suite of management functions