The network is playing an increasingly strategic role in business planning and the operation and success of IT, both for the data center and for business applications. Often, solutions to deliver applications across the network and the network itself are disconnected. This disconnection may be the result of organizational responsibilities in IT organizations, specialized solutions to point problems, or the urgency of having these problems solved immediately. As the network evolves, by integrating application hooks into the network infrastructure-in the data center, campus, and branch-IT organizations can implement an application delivery network on top of the infrastructure they already have.
To accomplish this, Cisco® is continuing to evolve its Application Networking Services (ANS) portfolio. The Cisco ANS solution, which consists of the Cisco Wide Area Application Services (WAAS) Software, Application Control Engine (ACE), and ACE XML Gateway products, is designed for enterprise, mid-market, and service provider IT organizations that need to optimize and deliver business applications, such as enterprise resource planning (ERP), customer relationship management (CRM), websites and portals, and Web services, across the organization. The Cisco ANS portfolio, in conjunction with an application-fluent foundation, creates a true end-to-end application delivery network consisting of a set of network wide, integrated solutions that provide the availability, security, acceleration, and visibility needed to help ensure that applications are delivered successfully.
As described in this document, Cisco ANS products are a crucial component of the Cisco Data Center 3.0 solution set, enabling the creation of end-to-end application delivery networks and the successful deployment and delivery of applications organization-wide and globally to all users.
Attributes of an Application Delivery Network
The term application delivery network has become ubiquitous in the IT industry and has come to mean many things. In many cases, the application delivery network is little more than a set of specialized products, in some cases communicating through proprietary protocols and forming an overlay network that performs specialized load balancing, Secure Sockets Layer (SSL), or WAN optimization services. This setup, in essence, creates two networks that the network manager needs to maintain and integrate, leading to greater complexity, increased cost, and more infrastructure and management where it should not be necessary.
Cisco has built and implemented its ANS portfolio as part of the data center and branch infrastructure. This approach allows Cisco to deliver on the following attributes, which are critical to the application delivery network's success:
Adaptability
One of the challenges of application delivery networks is that applications grow and change over time, both in scope and in volume. A common solution is to continue purchasing incremental devices to solve point problems. For instance, if a new application is deployed, it is common to purchase yet another load-balancing device instead of using one that already exists.
Cisco integrates application delivery functions directly into the core switching and routing infrastructure. This integrated approach allows customers to rapidly adapt to changing application types, traffic patterns, and volume across the network. While taking advantage of the foundation elements and integration benefits, the Cisco ANS solution incrementally delivers several important benefits:
• Virtualization: Virtualization is an often used but also often misunderstood term. Cisco has created secure, virtual partitions in both the switching, routing, and application delivery controller products. In the Cisco ACE Application Control Engine Module, for example, an IT manager can rapidly partition a new application on the same device, which remains completely separate (on the data, control, and management planes) and, more important, secure from other partitions.
• License-based performance: The performance of many Cisco ANS products can be increased simply by purchasing a software license that can easily and rapidly be installed to support additional demand, without the need to upgrade or deploy new devices.
• Scalable solutions: For the highest possible scalability, Cisco ANS products support multi-device tested and documented solutions. For example, up to four active Cisco ACE Modules can be added within the same Cisco Catalyst® 6500 Series chassis, or a Cisco WAAS design can be scaled through integration with Cisco ACE.
• Transparent solutions: Network services, such as security, can be added (or subtracted) without major overhauls or reconfigurations to the current network. This capability is crucial as services such as voice are added to the existing data network.
Extensibility
The network system underlying the application must be designed to easily allow addition of new capabilities in the overall system. In the early days of IT, this capability was not as important because there were often dedicated networks for specific functions, regardless of whether the network was mainframe or client-server based. Now the network is the common backbone that connects disparate organizations and application. Tying the application delivery function into various places in the network helps ensure optimal application delivery and the best user experience.
Consider an example: If the IT department is managing one main campus, which includes the data center and 20 branch offices, and a user at a branch office sends an e-mail message, what can the network do to optimize the delivery of that e-mail?
• Application recognition: The first step toward optimizing the delivery of the application is to recognize it. Using both the IP and application recognition mechanisms integrated into the Cisco Catalyst 6500 Series Switches or the Cisco routers, the network can classify and then optimize or reprioritize the application throughout the network.
• Server scaling: To better scale the capability of the application to delivery e-mail, the Cisco ACE can be used not only to provide server load balancing, but also as last-line-of-defense security. Client sessions can be scaled across multiple servers. Additionally, by offloading functions such as SSL, URL filtering and parsing, and TCP processing to the network, the server can be better utilized, helping ensure rapid delivery of e-mail traffic.
• WAN optimization: The user at the branch office is limited by the amount of bandwidth available on the WAN. Using Cisco WAAS, the network can optimize the delivery of that traffic over the WAN through innovative TCP optimization, compression, and data redundancy elimination, providing a solution for a complete range of TCP-based applications with the simple addition of policies.
This example demonstrates how broad the solution needs to be, but what about how deep? Cisco solutions include customizable elements that allow the network to respond to new threats, functions, and capabilities as they become available. The Cisco ACE XML Gateway, for example, supports programmable plug-ins so that new functions can be developed and integrated into the network. For instance, Cisco offers plug-ins to exchange authentication messages with identity management systems and to detect dangerous packets through the regular expression (regex) capabilities in Cisco ACE.
Integration
These capabilities are all critical to the delivery of applications from the data center to users; however, the mechanism by which they are delivered is important as well. The creation of an overlay network-for server load balancing or WAN optimization, for instance-adds complexity, increases management burdens, and adds to the already-overcrowded data center. Additionally, an overlay network does not provide any hooks into the existing network infrastructure that can make application delivery more effective.
Besides building application intelligence into the foundation, such as with Network-Based Application Recognition (NBAR) in the Cisco Catalyst 6500 Supervisor Engine 32, Cisco has integrated ANS capabilities into the foundation. Integrated features include the Firewall Services Module (FWSM) and Cisco ACE Module for the Cisco Catalyst 6500 Series, which is often the data center server switch of choice. Likewise, the Cisco WAAS solution, while it can be purchased in an appliance form factor, is integrated into the Cisco Integrated Services Routers as well as into Cisco IOS® Software. This integration allows the application delivery functions and the network to work together. For instance:
• Using Cisco ACE virtualization in conjunction with virtual LANs (VLANs) on Cisco Catalyst 6500 Series Switches, a secure, virtually partitioned network can be created for a new application on a common platform, without having to purchase a new device.
• The Cisco Catalyst 6500 Series can detect local physical connectivity failure and can instruct the Cisco ACE to perform a failover to a secondary device.
• Cisco ACE can map a virtual partition to a virtual route forwarding (VRF) engine, extending a private network to the data center.
• Cisco WAAS can be inserted transparently into the existing network, with no changes to quality of service (QoS) or security access control lists needed.
• The Cisco WAAS transparency elements allow the network to deliver valuable statistics through Cisco NetFlow to network management and monitoring tools.
How the Cisco ANS Portfolio Enables the Application Delivery Network
By integrating into the Cisco data center, branch, and campus foundation, the Cisco ANS portfolio delivers solutions to the primary challenges for application owners, IT management, and end users. These challenges include security, availability, acceleration, and visibility.
Security
Cisco delivers strong end-to-end security to protect hosts, applications, and network elements. The Cisco network can adapt to all attack types, from network-level Layer 2 to application-level, including Extensible Markup Language (XML), attacks. Cisco delivers integrated security, including embedded firewall and intrusion protection services on the Cisco Integrated Services Routers as well as a high-speed firewall in the Cisco Catalyst 6500 Series. Security features in the Cisco ACE Module provide the last line of defense prior to reaching the physical server itself, as well as application-level security for both client-to-application access and server-to-server communication in multi-tier designs. In addition, the Cisco ACE XML Gateway can be used to protect XML-based applications from newer types of attacks.
Availability
Availability is crucial in application delivery networking. Cisco has designed its application delivery solution to adapt to all types of failures, recovering from or working around the failure, whether it is a networking, server, or application component failure. For example, the Cisco ACE Global Site Selector (GSS) helps ensure that users can be rerouted to a secondary data center should the primary data center become congested or fail. Within the data center, the Cisco ACE Module works with the Cisco Catalyst 6500 Series to help ensure route health in the network and reroute around failures, while also supporting active-active stateful resiliency between Cisco ACE Modules to help ensure that application sessions remain intact.
Acceleration
Cisco delivers the most complete set of application acceleration features on the market today to provide performance improvements for all clients and applications. The network adapts to all types of applications, such as generic TCP-based applications, with Cisco ACE used for load balancing and server offloading and Cisco WAAS used for WAN acceleration, which can yield up to 100X improvement in end-user performance. In conjunction with specific application optimization engines for protocols, such as Common Internet File System (CIFS), Cisco WAAS can add benefits specific for each application. Cisco can also optimize specific HTTP-based sessions with Cisco ACE Web acceleration features. Additionally, Cisco is working with application vendors, such as Microsoft, to better optimize specific applications, such as Microsoft Exchange, over the WAN and data center networks.
Visibility
Visibility is an often-overlooked element in the deployment of an application delivery network, yet it is critical because it is what allows network and application managers to monitor performance and end-user productivity. Through integration of application delivery functions into the network, Cisco provides the most complete visibility solution available today. Starting with application recognition in the Cisco Catalyst 6500 Series and Cisco Integrated Services Routers, network managers can understand (and limit) the traffic coming into the network. Cisco NetFlow statistics can be reported and monitored at all places in the network. Transparency throughout the network helps ensure uniform measurement, including across the WAN (where many WAN optimization solutions change IP header information). Finally, through partners such as NetQoS, Cisco delivers end-to-end performance visibility to truly gauge how applications are operating over the application delivery network and what end users are experiencing.
Conclusion
The network has played, and will continue to play, an increasing role in delivering IT services to users, enabling businesses to increase efficiency and deliver results. By combining an application-fluent network foundation using Cisco industry-leading switches and routers and Cisco ANS capabilities, Cisco provides the most complete, most manageable, and most integrated application delivery network solution available today.
