In today's business environment, branch offices are enjoying unprecedented productivity, decision-making authority, and innovation. This paper introduces the factors that are elevating the importance of the branch office, the significance of transforming the branch office for your business, and how Cisco
® delivers value through the Empowered Branch.
Because branch-office employees, by nature, tend to be either customer-facing or operations-oriented, branch offices play a vital role in revenue generation and profit making for every organization. As a result of this crucial role in achieving corporate success, the number of branch offices is increasing. In fact, the number of branch offices is rising 10 percent per year worldwide, and according to The Nemertes Research Group, Inc., 90 percent of current new hires work in a branch office. As the number of branch offices increases, employee talent grows more widely dispersed, presenting some challenges.
Branch-Office Factors and Capabilities
Numerous business factors are contributing to the rise of the branch office and the need to empower the many and varied employees who work there:
• Globalization of the world's markets: Businesses are reaching out to customers around the world, and many have opened offices in major cities to gain a worldwide presence.
• The trend toward mergers and acquisitions: Newly combined companies often leave offices in their original, disparate geographic locations.
• Cultural requirements: Most large organizations need local personnel who understand the culture and language of a given region.
• Desire to hire a more diversified group of employees: Many businesses like to expand their pool of employee prospects across geographic boundaries. Having satellite offices removes the constraints of depending on talent that is locally available to headquarters, as well as of losing prospects who do not wish to relocate.
With the heightened status of branch offices within organizations, it is more important than ever to equip distributed workers with the same productivity tools as their headquarters' counterparts. Historically, most branch offices have been afterthoughts and have received less-sophisticated and lower-performance network technology and IT services than headquarters. One reason is that branch-office networks are tethered to a WAN, which-until recently-has been inherently slower and more latency-prone than local networks. Another is that branch offices have evolved incrementally to contain inconsistent equipment and service sets across sites. This situation makes it complex to add new services, particularly in organizations without local IT staff. However, business conditions make it necessary to elevate remote workers' network experience to be equivalent to that of employees connected directly to the corporate LAN.
Why Make the Transformation?
Generally as branch-office sites develop, often without much strategic thought given to future requirements, equipment and services are added to solve specific problems. The result then is a patchwork of network devices in which branch offices often have very different equipment and architectures. As a result, branch offices are often extremely costly to manage and troubleshoot. In addition, rolling out new services across inconsistent branch-office infrastructures is extremely difficult-if not impossible.
Branch offices that are built in isolation tend to run aging and separate voice and data networks, which do not benefit from the use of collaborative communications applications hosted in IP call servers. Different circuit-switched private branch exchanges (PBXs) from different vendors might exist at various branch-office sites, each with its own feature set, proprietary technology, and special operational requirements.
Figure 1. Branch-Office Transformation
Meanwhile, another developing trend is to consolidate data centers rather than operating local application servers. A primary goal with this consolidation is to gain centralized security and management control, in part to comply with corporate governance mandates that have been issued in recent years. The dispersion of people coupled with the consolidation of IT resources has resulted in much larger WAN loads as distant users all contend for consolidated resources across the wide area. This situation has left older branch offices plagued by poor application response times over the WAN link.
Meeting these challenges demands a formal branch-office strategy. To streamline their architectures and deliver consistent services and service quality to branch-office users, you must define IT requirements across the branch-office population. (Table 1)
Current Branch Challenges
• Service consistency
• Application response times/saturated WAN
• WAN availability
• End-to-end security and QoS
Cisco Empowered Branch
In standardizing the branch office, it is essential to follow an established framework to ensure the best possible user experience in all locations. Because each location type has its specific needs and challenges, using a "place-in-the-network" framework is crucial to providing the best solutions for each location. However, it is still important to provide a common foundation across the entire network so that these disparate locations can still interoperate with each other and work as a system.
Points to Consider for the Branch Network
• Do branches need routed WAN access to business-critical applications hosted in central sites?
• Does the organization run multimedia collaborative applications or other traffic that requires direct branch-to-branch connectivity, as well?
• Will wireless LANs for mobility be supported?
• What kinds of connectivity and security policies should set up and enforced for branch and mobile users?
• Can I afford to let branch security intrusions traverse the WAN to be remediated at the Headquarters or do I need to address them locally at the branch?
• Is it desirable to have branches connected into the corporate unified communications system and dial plan?
• What, if any, amounts of downtime per day, week, month, and year can each site tolerate?
• How much consistency is needed per site, and what flexibility is needed to suit the needs of the site?
As part of Cisco Integrated Network solutions, which provide frameworks for each place in the network-data center, the campus, and the branch-office WAN-Cisco Empowered Branch provides a blueprint for harnessing the benefits across the entire Cisco network to meet the needs at the branch office and WAN. The components of this blueprint include the following (Figure 2):
• Routing, switching, and management: This component provides the core foundation for the Empowered Branch, offering critical transport capabilities; facilitating intelligent, integrated services; powering endpoint devices; and providing the operational window to the network to deploy, maintain, and enhance its function.
• Integrated security: Integrated security facilitates basic and advanced security services in the branch office and on the WAN to improve overall network security and extend the trusted domain of the enterprise to include the branch office.
• Application performance: This component provides the differentiated network services that form the basis for security, mobility, application acceleration, and high-availability networking. This technology is the critical enabling technology in the Cisco Empowered Branch-WAN fabric.
• Mobility: Mobility extends the power of campus mobility to every location in the network, and helps enable the branch literally to go anywhere through the industry's broadest portfolio of WAN, LAN, and wireless WAN interfaces.
• Unified communications: This component helps the network services maximize branch-office productivity, such as the Cisco Unified Communications portfolio and integration between Cisco Unified Communications Solutions and the underlying core infrastructure.
Figure 2. Components of Cisco Powered Branch Office
Why Cisco for the Empowered Branch?
Cisco's long-time leadership in router and WAN technologies allows us to meet the specialized needs of the branch office while also optimizing the entire corporate network. Within an integrated network, the branch office can combine multiple components to make the whole better than the sum of its parts. Cisco combines software, hardware, routers, switches, mobility, security, and unified communications to provide consistent, secure service delivery across the WAN, simplifying operations of the entire networked system.
The Cisco Empowered Branch delivers the largest set of services with the flexibility of choice of integrated services or dedicated appliances while providing the assurance of interoperability. Cisco has designed the branch-office platform to help ensure that services are optimized to work together with the best possible performance and productivity. Cisco integrated services routers also combine many of the functions of standalone appliances, giving customers an elegant service platform that offers flexibility to meet the specific needs of each remote branch on a consistent platform. Finally, whether integrated or standalone, the Cisco platform delivers innovation and depth of features for routing, switching, security, unified communications, mobility, and application intelligence.
How Cisco Delivers Business Value to the Empowered Branch Through Router Integrated Services
Integration of services into Cisco integrated services routers optimizes capital expenditures (CapEx) and operating expenses (OpEx) spending; provides technology benefits such as system-tested interoperability; and delivers a consistent, high-quality user experience across all networks. Cisco integrated services routers also provide a consistent set of policies that help meet corporate governance mandates and protect the organization overall. Integrating services into the Cisco integrated services router provides critical benefits: operational efficiency, systems support, and service interoperability.
Cisco integrated services routers can support all required networking functions in a single device. Integration reduces not only the number of devices needed in a branch office, but also the amount of training and expertise needed at the site. With integration and service interoperability, you do not need to rearchitect your branch-office network design each time you add a new service. The services are supported in the router operating system software of the device or in add-on chassis modules with corresponding processing power. This integration can benefit your organization by eliminating the need to select, install, and manage separate components to maintain optimal performance and ensure enforcement of corporate policies.
The Cisco integrated "branch-in-a-box" routers come in a variety of configurations to match the size and requirements of a given branch office. The devices range from supporting small-office and teleworker locations up to large branch offices with up to 240 phones. They bundle the following options into a single integrated device:
• WAN access routing (both terrestrial and wireless WAN or third-generation [3G] cellular)
• Local Ethernet switching with Power over Ethernet (PoE)
• Wireless LAN controller functions to support mobile users in the branch locally
• Unified communications with call processing, either integrated with the centralized Cisco Unified Communications Manager in a standby mode (Survivable Remote Site Telephony) or as branch-localized call processing (Cisco Unified Communications Manager Express), voice messaging with Cisco Unity® Express, and many more features
• Security with specialized dedicated processors for encryption acceleration: In addition to encryption of data in transit for confidentiality, Cisco integrated security services address numerous other different risk types by supporting access control, intrusion prevention, defenses against malware, URL filtering, and other capabilities.
• Application intelligence for WAN optimization, improved application response times, and per-application quality-of-service (QoS) control
Efficiencies from fewer devices include less power consumed by the branch office. Consolidating services and functions into fewer devices reduces power consumption, power dissipation, and cooling requirements. Integrated switching with PoE is another power-saving capability that the Cisco integrated services routers offer. PoE provides an extremely efficient distribution model for powering appliances such as IP phones, WLAN access points, Webcams, Ethernet hubs, and embedded computers in locations where it would be too expensive or inconvenient to supply power separately.
The Cisco Empowered Branch offers you a single support system. The Cisco Technical Assistance Center (TAC) provides world-class, 24-hour support for the Empowered Branch and every part of your network.
Part of the OpEx savings that the Cisco integrated services routers offer comes from the maintenance contract covering not just the router chassis, but also every service that is integrated into the chassis. A single annual maintenance contract from Cisco incorporating contracts for hardware maintenance (Cisco SMARTnet
® support) as well as maintaining software updates on all components of the integrated platform (Cisco Software Application Support plus Upgrades [SASU]) costs only one-third of the multiple contracts from diverse vendors. But more importantly, you have only one phone number to call for support on your WAN, LAN, unified communications, and more.
Cisco thoroughly tested its integrated services to help ensure optimal performance and compatibility. Cisco WAN optimization services function transparently to QoS and security policies without the use of encrypted tunnels. Transparency is an important Cisco differentiator here, too, because existing policies can be preserved without requiring your enterprise to rearchitect its network around the tunnels.
Cisco strives for interoperability and has even developed new features to preserve it to solve customer problems. For example, Group Encrypted Transport (GET) VPN was engineered for Multiprotocol Label Switching (MPLS) networks so that the packet security would not interfere with QoS prioritization markings required for delay-sensitive traffic such as voice. Cisco designed encryption and voice prioritization to work together by enabling a copy of the priority marking to be attached to the new encrypted-packet header before transmission, so traffic priorities can continue to be honored across the network while security also is in effect.
Business Value Offered Through Flexibility of Choice
Although integrating services into a single device offers many benefits, some organizations prefer to use a standalone appliance for certain functions. You may want to use this standalone approach because of the division of responsibility among your different IT groups, or because of your specific business policy requirements. You can choose dedicated appliances to take on more complex tasks, require the latest capabilities, or require higher performance. In any event, if your company uses a standalone approach, you must have a network plan that supports these standalone devices as well as an integrated services platform. Therefore, Cisco offers standalone devices for many branch-office network services. For example, you can purchase an integrated services router along with a separate Ethernet switch, WLAN controller, security appliance, call processor, and WAN-optimization and application-acceleration appliance. However, although these devices are physically separate, they, too, integrate at a physical and service level with Cisco branch-office routers, other appliances and controllers, and headend equipment at the data center. This design can help your company deliver one consistent set of synchronized voice, data, and video services across both branch-office sites and central offices while managing and securing them centrally.
As talent, innovation, and decision making become dispersed across highly distributed enterprises, it is critical that network experiences of branch-office users improve to match those of headquarters users. Making this happen requires transforming isolated and disparate branch-office network designs into replicable branch-office architectures to which new services can easily be added.
To accomplish this scenario in a way that also curbs overall branch-office total cost of ownership (TCO), IT departments need to build a branch-office strategy that standardizes each type of site, rather than attempting to add services here and there as afterthoughts. The strategy should account for network application types in use now and in the future, where they are hosted, traffic flow patterns, and security.
Cisco offers a large set of services for the branch office, both integrated into Cisco integrated services routers and added to an appliance dedicated to a specific task. Either way, Cisco offers service integration and interoperability with other services over the network. Advantages of integration with Cisco integrated services routers include operational efficiencies as well as flexible price-to-performance offerings that make it attractive for multiple branch offices. This integration effectively lowers the barriers to entry for branch-office service adoption, making the services available to a broader range of locations.
A standardized, integrated branch-office architecture elevates branch-office users to the productivity status of those employees at headquarters using the corporate LAN. Integration at a physical level reduces CapEx by requiring less equipment and real estate, and OpEx by providing a common management interface to manage all integrated functions. Integration at the services level allows all services to be provisioned, managed, and secured centrally by IT staff. Service-level integration also supports the application intelligence needed for one service not to interfere with another, as happens frequently with nonintegrated solutions. Rather, correlation among a variety of security, QoS, and WAN-optimization services makes the power of the branch office greater than the sum of its parts.