Enterprises, small businesses, and governments are looking to cloud-based solutions to solve some of their biggest business and technology challenges: reducing costs, reaching new levels of efficiency, and creating innovative business models. Cloud services and applications offer compelling economics by reducing capital expenditures (CapEx) and operating expenses (OpEx) through sharing of cloud assets and dynamic, on-demand delivery of services. Clouds enable flexible business models that allow applications and services to be launched more rapidly, with greater and more scalable efficiency, regardless of the geography or size of the business (Figure 1.)
Figure 1. The Cloud Is Changing the Way Organizations Do Business
Yet users who work with applications demand a high-quality, high-performance, and secure cloud experience. However, cloud services place new demands and requirements on the enterprise network. The way applications are delivered and consumed has been fundamentally changed by the cloud and will continue to change drastically. The traditional enterprise network, and specifically the WAN, is a critical component that connects users and devices to cloud services, is not designed to support these new challenges. The WAN often lacks the performance, security, reliability, and application visibility and monitoring tools that are essential for deploying cloud services.
To meet these new challenges, some networking vendors advocate only point products or partial solutions. Although these solutions may be adequate as temporary measures, Cisco believes that the true solution lies in making the network infrastructure "cloud intelligent." With this type of solution, the enterprise network can truly optimize cloud application performance within the available bandwidth to deliver a high-quality user experience, especially for the high-demand applications of today and tomorrow.
® Cloud Intelligent Network delivers an excellent alternative to solve these new networking challenges, enabling organizations to efficiently connect users to the cloud with the confidence, performance, and security of a private network.
New Trends Create New Challenges for Enterprise Networks
Cloud services and applications such as Amazon Web Services (AWS) and Salesforce.com are challenging the way that networks should be designed and managed to deliver business applications to desktop and mobile users. Today, most enterprise networks cannot reliably and securely support the new levels and types of traffic created by cloud applications and services.
Cisco recently conducted a Global Cloud Networking Survey (April 2012) and asked over 1300 IT professionals what are the top priorities and challenges they face when moving applications and services to the cloud. From the survey results IT professionals have high expectations and will require new network architectures in order to overcome these realities. According to the Global Cloud Networking survey, 52 percent of respondents claim to have a better application experience at home then at work.
Is Your WAN Ready for the Cloud?
Adoption of cloud-based applications will continue to increase as enterprises achieve the benefits for cost savings, flexibility, and reduced operational demands. According to Cisco Global Cloud Index (December 2011) 50 percent of all workloads will be processed in the cloud by 2014. For IT, this broad adoption of cloud-based applications will mean connection of branch offices, employees' home offices, and mobile users to a mix of cloud networks such as:
• Public cloud networks such as AWS or software-as-a-service (SaaS) applications such as Salesforce.com
• Private cloud networks managed by enterprise IT
• Hybrid cloud networks that combine connectivity to public and private clouds
According to the Cisco Global Cloud Networking survey 37% of respondents consider a cloud-ready WAN to be the most important infrastructure for connecting to the cloud. The changing traffic patterns created by cloud applications - specifically, public cloud and SaaS applications - produce the major challenge of backhauling traffic from remote users, branch offices, and mobile users to the central site, headquarters, or enterprise data center (Figure 2). This backhauling causes a tremendous increase in network latency, increased WAN bandwidth consumption, and a compromised user experience for cloud services.
Figure 2. Network Challenges with Cloud Services
Do You Have the Bandwidth to Support Virtual Desktops?
Forty-four percent of organizations have deployed virtual desktops, and 70 percent plan to by 2012 (Cloud Networking Report, Ashton Metzler and Associates, 2011). With today's virtual desktop infrastructure (VDI) clients, almost any application can be run in the cloud; however, each application's traffic must be continuously prioritized, monitored, and adjusted in real time to meet user expectations for performance, optimize resource utilization, and increase application availability. For example, a typical Citrix ICA/HDX virtual desktop session requires an average 78 kbps of bandwidth (43 kbps or less for a low-end session and 1812 kbps for a high-end session). A T1 WAN link has just enough bandwidth for about 20 of these virtual desktop sessions, a number that is inadequate for any midsized to large organization. In addition, VDI brings security considerations, because users must be correctly authenticated and provisioned before they gain access to sensitive data and applications. According to the Cisco Global Cloud Networking Survey, 35% of respondents cited performance as a key challenge for the private cloud (Figure 3).
Figure 3. Virtual Desktop Challenge in the Private Cloud
Can You Detect and Prioritize Video Across Your WAN?
Greater use of real-time streaming video for live communications means WAN bandwidth must now be prioritized to preserve video quality and optimized to provide the capacity necessary to handle the higher data volumes produced by video. In order to do this, you need functionality in the network that can identify applications and apply the appropriate prioritization or optimization policy. According to the Cisco Global Cloud Networking Survey, 45% of respondents cited visibility and control as a key challenge for the public cloud. Instead of backhauling traffic from each branch site to one location for centralized processing of security, voice, and video, that processing needs to be performed locally whenever possible to optimize the network's overall performance and responsiveness.
Can You Secure and Optimize Applications for Mobile Users?
Today, in many organizations, trends such as "bring your own device" (BYOD) allow users to work while mobile by using company-owned or personal laptops, smartphones, and tablet PCs. In fact 71% of organizations are extending or planning to extend their cloud applications to mobile devices according to IDC (Mobile Enterprise Software Survey 2011). For IT, supporting these many and varied devices brings new security risks and greater traffic levels, which can compromise confidential data and affect application performance. 55% of respondents to the Cisco Global Cloud Networking Survey cited security and policy as a key challenge for the public cloud.
Among networking vendors, there are two fundamental but opposing views on how to address these new cloud challenges. The first view considers the network to be simply a collection of basic transmission pipes that need specialized appliances placed at the WAN to optimize bandwidth for specific applications. The second view considers the network to be the foundation for intelligent services that deliver the essential capabilities for new application and traffic demands. In this view, advanced routers and network-level tools provide a single unified solution for optimal user experience, cloud security, and simplified operations.
Limitations of Today's Networks
The challenges faced by IT departments are compounded by the limitations of today's enterprise networks. The trends discussed in this document are particularly difficult for today's enterprise networks to address, for reasons that include the following:
• Inefficient network topologies that cannot easily optimize bandwidth, scale to support numerous new applications and devices, or deliver the performance levels required for a high-quality user experience with video and VDI applications - for example:
– Typical users of cloud applications prefer 50 milliseconds (ms) of latency.
– Most IT managers cannot predict application behavior.
– A typical WAN (T1 line) cannot handle more than 20 VDI sessions.
• Limited awareness of application, user, and device security postures, which leads to security policies that are often hard to enforce consistently:
– 90 percent of organizations back-haul Internet traffic over costly WAN links to core security devices (Cloud Networking Report, Ashton Metzler and Associates, 2011).
– Organizations have hybrid cloud islands without any-to-any VPN connectivity to the enterprise.
• Islands of network devices, services, and management tools that mean IT managers have limited visibility into application performance across the network; this architecture also hinders the capability to isolate and resolve network and application delivery problems and meet service-level agreements (SLAs):
– Organizations have inconsistent policies and visibility for managing data center, branch-office, and cloud infrastructure.
– Organizations have less budget and staff available to manage the IT infrastructure.
The Cisco Cloud Intelligent Network
The Cisco Cloud Intelligent Network concept defines a true multiservice network that is built to achieve the best cloud application performance, user experience, and video delivery across the entire network (Figure 4).
The Cisco Cloud Intelligent Network is key element of the Cisco CloudVerse
® framework that combines the foundational elements needed to enable organizations to build, manage and connect public, private and hybrid clouds.
The importance of the routing and WAN optimization infrastructure in addressing the requirements of the new enterprise network is often understated. In fact, new user expectations for application performance place more emphasis on the network to deliver advanced services and a high-quality user experience. The Cloud Connecter framework is built around three foundational pillars:
• Integrated Management that simplifies management across Enterprise IT and the Cloud. A common API for Cisco Management Applications and third party customized cloud management platforms.
• Cisco and 3rd Party Cloud Connectors enable critical services to extend the enterprise network to the cloud. The Cisco Cloud Connector is an IOS integrated or hosted software which makes the network aware of a particular cloud service and then applies custom network services embedded within Cisco IOS to optimize the delivery of cloud services to end-users on the enterprise branch network.
• Industry leading physical and virtual platforms spanning branches, data center and the cloud. Common embedded monitoring and control across the network for simplifying deployments, detecting applications and applying the appropriate optimization policy.
These new intelligent routing capabilities in the Cisco Integrated Services Router Generation 2 (ISR G2) and Cisco ASR 1000 Series Aggregation Services Router platforms connect the network to private data centers and public clouds with confidence, helping ensure an optimal experience, cloud security, and simplified operations.
Delivering an Optimal User Experience
Cisco enables organizations to get the best possible user experience, optimize resource utilization, and increase reliability with network-embedded granular visibility and control, context-aware application acceleration and optimization, and enhanced application survivability for both traditional and emerging applications such as video, virtual desktops, and cloud services (Table 1).
Table 1. Cisco Cloud Intelligent Network Solutions for Optimal User Experience
• Provides local hosting of branch-office IT services
• Enables a smooth evolution to cloud-based services
• Provides a flexible WAN optimization solution from data centers to branch offices while requiring up to 66 percent fewer devices
• Optimizes cloud performance
• Simplifies deployment
• Enhances IT efficiency by enabling organizations to virtualize different WAN optimization resources by pooling them into one elastic resource and then assigning WAN optimization capacity to specific applications, lines of business, or customers or users as needed
Cisco SRST Connector on ISR G2
• Survivable Remote Site Telephony (SRST) enables voice survivability for Cisco Hosted Collaboration Solution (HCS)
CTERA Cloud Storage on Cisco UCS™ E-Series Server Modules on ISR G2
• Improves the efficiency and availability of cloud storage for branch offices and remote sites
Ensuring a Secure Connection to the Cloud
Cisco enables organizations to protect their business assets and end users, meet compliance requirements, and increase business innovation by using context-aware intelligence embedded in the network to deliver secure connectivity to the cloud and consistent security enforcement throughout the organization (Table 2).
Table 2. Cisco Cloud Intelligent Network Solutions for Cloud Security
Cisco Cloud Services Router (CSR) 1000V
• Provides Cisco's comprehensive networking and security services in a virtual form factor for deployment in cloud environments
• Enables enterprises to extend and control various facets of their enterprise network even in clouds, which are traditionally out of bounds, while providing cloud service providers (CSPs) with increased revenue opportunities though an on-demand, flexible network-as-a-service (NaaS) model
• Provides direct and secure access to the cloud and Internet from branch offices
• Redirects web connectivity to the Cisco ScanSafe cloud services to block web-based malware from enterprise networks and allow IT managers to control web access requests and content blocks
• Provides up to 99.9999 percent uptime for cloud security services for branch-office users
Cisco FlexVPN on Cisco ASR 1000 Series
• Offers a highly secure, scalable, and manageable solution for IP Security (IPsec) site-to-site and remote-access VPNs
• Supports next-generation encryption, the latest cryptography standards, and regulated cryptographic algorithms (including Internet Key Exchange [IKE] Version 2, Suite B, and Advanced Encryption Standard [AES] 256), as well as user authentication, authorization, and accounting (AAA)
Simplifying Operations and Management
Cisco enables organizations to improve operation efficiency, simplify and accelerate network deployment, and reduce costs with a unified management solution, a pay-as-you-grow network model, and an on-demand service enablement architecture (Table 3).
Table 3. Cisco Cloud Intelligent Network Solutions for Simplified Operations
Cisco Unified Computing System™ (Cisco UCS) E-Series Server Modules with Cisco ISR G2 routers
• Provides a virtualization platform suited for organizations that need to host applications locally in branch offices for performance, survivability, or compliance
• Provides up to 80 percent OpEx savings over a traditional tower server
• Proactively and centrally monitors services across the branch office, data center, and cloud
• Provides deeper visibility into application health and user experience
• Resolves problems faster by providing workflows that allow IT to look at health of services and applications in context of the health of the underlying infrastructure
Cisco ASR 1002-X Router
• Increases WAN performance by up to 7 times
• Enhances deployment agility with an easy pay-as-you-grow performance upgrade model that delivers up to 36-Gbps performance with services turned on for the WAN edge, the Internet edge, and managed services environments
Assessing Your Network's Readiness for Your Journey to the Cloud
The following questions will help you assess the readiness of your enterprise network for handling more traffic, more demanding applications, and cloud-based services:
• Does your application performance meet user expectations?
• Are you using your bandwidth efficiently?
• Can your network deliver a high-quality experience for any video application?
• Can you secure your applications in the branch office? In the cloud? On any device?
• Can you support more applications and users without redesigning your network? Will you be able to do so in the future?
• Can your network deliver the same user experience on both physical and virtual desktops?
• Do you have visibility into your network data? Can you troubleshoot it effectively?
The Cisco Cloud Intelligent Network goes beyond traditional point-product WAN appliances to help organizations deliver a secure, scalable, high-quality user experience for applications and services that operate in the cloud.
This experience is possible because of the solution's network-integrated intelligence, which optimizes application performance, enhances security, and simplifies network management across your network. With this unique and innovative approach to making your network cloud ready, the Cisco Cloud Intelligent Network can:
• Improve cloud application performance by up to 70 percent with Cisco WAAS for cloud services
• Enable 99.9999 percent up time for your cloud-based security solutions with Cisco ScanSafe Web Security
• Reduce deployment and troubleshooting time by up to 62 percent with Cisco Prime Assurance Manager
• Reduce infrastructure cost by up to 58 percent through consolidation of devices and integrating services using the Cisco ISR G2 and Cisco ASR 1000 Series routers.
• Provides policy-based management, identity-aware networking, and data integrity and confidentiality services, enforced through the Cisco ASR 1000 Series and Cisco ISR G2 routers to effectively control user and device access to networks; with these services, up to 30% less time is required to create and enforce companywide policies for users and devices