The application delivery needs of a global enterprise are dynamic and complex. Given the ever-changing conditions that today's businesses face and must adapt to, organizations have learned that a single product is not sufficient to meet the full range of application delivery scenarios for all users across the enterprise and beyond. A suite of coherent products and services, all working in concert, is required to handle the diverse range of information access methods, user types, and classes of applications typical of global enterprises. When deployed together, Akamai and Cisco® application delivery solutions provide the underlying network architecture to handle any access method, for any type of user, anywhere in the world on any device-providing the foundation necessary for application delivery to help ensure user productivity and information access to move today's businesses forward.
Application Delivery Challenges For The Global Enterprise
A variety of application delivery challenges faced by the global enterprise need to be fully understood to determine how to best apply the various products and services to various scenarios.
• Numerous access methods: A diverse range of access methods within the global enterprise is typical as some applications are delivered on the private WAN and other applications are web-enabled and delivered using the public Internet. In addition, remote access methods such as VPN and remote desktop protocols (such as virtual desktop infrastructure [VDI]) are commonly used to enable application access in both private WAN and public Internet scenarios.
• Diverse and distributed users: Global outsourcing, offshoring, telecommuting, and virtual offices have broadened the user base for enterprise applications. Employees, business partners, suppliers, and customers all require consistent, reliable application access and performance for a global enterprise to function efficiently. The type of user plays a crucial role in determining which application delivery technologies can be applied. For example, business partners, suppliers, and customers do not typically have full access to applications on the private WAN and are outside the direct control of IT because they belong to separate business entities.
• Centralized infrastructure and inefficient protocols: Enterprises are aggressively centralizing application infrastructure to reduce IT capital and operating costs while also making securing applications easier. Inefficient protocols, however, make delivering applications over large distances difficult due to performance degradation for users farther away from the centralized application infrastructure. The range of inefficient protocols is very broad from Internet routing protocols such as Border Gateway Protocol (BGP), TCP for transport, and application-specific protocols such as Common Internet File System (CIFS), Messaging API (MAPI), and VDI. Other applications such as voice and video are highly sensitive to latency, packet loss, and real-time congestion.
• Infrastructure capacity and network scale constraints: The scale of existing IT resources needs to be optimized because network traffic within the enterprise is continuously increasing. This growth propels enterprises to build out servers and upgrade network capacity, while also overprovisioning resources to account for peak utilization. Enterprises are continuously evaluating technologies that will gain additional efficiency from existing IT resources to prolong their useful life, while also seeking improved scale from any new investments.
With Akamai and Cisco application delivery, organizations are positioned to meet these challenges and provide consistent, reliable, high-performance access to all types of information for all users in an effective and scalable manner.
Akamai Application Delivery Overview
Akamai provides solutions to optimize application delivery in the Internet cloud.
• Akamai EdgePlatform: The foundation for Akamai's managed service offerings, this highly distributed computing network acts as an intelligent overlay of the Internet. Tens of thousands of Akamai EdgeServers are deployed within ISPs globally, with more than 90 percent of the world's Internet users within a single network hop of an Akamai server. These servers provide the basis for optimizing application delivery over the Internet, providing the hardware architecture needed for symmetric optimization similar to the way that WAN optimization equipment is deployed in private WANs. Enterprises cannot deploy their own hardware everywhere that users have access to the Internet; in essence, Akamai EdgePlatform offers symmetric optimization over the Internet through Domain Name System (DNS) mapping, with readily available computing resources in close proximity to both application users and hosted infrastructure.
• Akamai Application Performance Solutions: This suite of off-the-shelf managed application delivery services uses the Akamai EdgePlatform architecture to optimize performance, availability, and security and scale bottlenecks associated with the Internet itself for dynamic web and IP-enabled applications. The Akamai Web Application Accelerator service improves the delivery of browser-based applications, whereas Akamai IP Application Accelerator enables extension of TCP/IP based applications to the Internet even for applications without a browser interface such as virtualized applications and web conferencing.
• Akamai Media Delivery: This solution provides managed streaming services that enable both live and on-demand video content delivery in any format, such as Adobe Flash and Microsoft Windows Media. On-demand streams are delivered from the Akamai EdgePlatform, at the edge of the Internet, and live-stream delivery is optimized to avoid unnecessary round-trip latency and packet loss. Also available is a publishing system to simplify media management and distribution of video files and the Akamai Open Video Player for facilitating custom player development specific to the enterprise.
• Akamai EdgeControl: This web portal provides enterprises with visibility and control for their own applications delivered by Akamai. It contains a set of infrastructure management, monitoring, and reporting modules to help enterprises optimize performance, view traffic, understand usage patterns, monitor service-level agreements (SLAs), and provide real-time alerting capabilities. Within the portal, Akamai Configuration Manager automates rich application scripting capabilities to configure Akamai network servers for customized profiles.
Cisco Application Delivery Overview
Cisco provides solutions to optimize application delivery in the data center and the branch office.
• Cisco Application Control Engine (ACE): This solution provides data center application delivery services to improve the scale, security, and performance of today's business applications. Cisco ACE provides core server load-balancing services, application acceleration through server offloading and protocol-specific optimization, and security services to increase application availability, performance, and security in the data center. Cisco ACE is coupled with an innovative virtualized hardware platform, application-specific intelligence, and granular role-based administration, delivering gigabits of throughput and millions of concurrent TCP concurrent connections to meet today's most demanding enterprise application requirements.
• Cisco Wide Area Application Services (WAAS): This optimization solution consists of network-integrated modules and appliances deployed at both ends of a WAN link; it accelerates applications over the private WAN, delivers video to the branch office, and provides local hosting of branch-office IT services through virtual blades. Cisco WAAS enables IT departments to centralize within the data center applications and associated infrastructure (servers, storage, etc.) formerly in remote offices while maintaining LAN-like application performance for remote-office users. Cisco WAAS also enables IT to consolidate file and video server infrastructure through intelligent offloading. By employing application acceleration and WAN optimization techniques, Cisco WAAS can improve performance of almost all of today's TCP-based applications for remote users to increase productivity.
• Cisco WAAS Mobile: This solution extends the benefits of Cisco WAAS to mobile employees and small offices requiring access to applications off the private WAN. Client-side software is installed on the user's device and employs application acceleration and WAN optimization techniques similar to those provided by Cisco WAAS appliances and network modules. Cisco WAAS Mobile delivers superior performance for common productivity and business applications, including transfer of remote files, email attachments, Intranet applications, and Internet browsing, while maintaining overall security and compatibility with a broad range of VPN technologies.
• Cisco ASA Adaptive Security Appliances: The Cisco ASA platform provides secure, flexible, transparent remote access. It provides full-tunnel client support for up to 10,000 simultaneous SSL or true IP Security (IPsec) connections in a single device, all protected by firewall and other security services. Application access can be set on a per-session basis depending on the user group or endpoint requesting access to the network.
• Cisco IOS®Software: This foundational operating system powers the devices that enable global connectivity and provides powerful application-aware services for security (firewall and intrusion detection and prevention) as well as application visibility (NetFlow) and control (quality of service [QoS] and Performance Routing [PfR]). QoS can be configured to align network resources with application requirements and business priorities to maintain performance, and PfR can be used to align routing decisions with application and SLA requirements for the applications that are critical to your business.
Better Together: Akamai and Cisco Solutions for the Global Enterprise
Akamai and Cisco have collaborated to combine their respective best-in-class products and technologies into a unified application delivery network reference architecture that meets the diverse needs of the globally distributed enterprise. The typical scenario deploys Cisco products in the data center and the branch office to improve the scalability of application infrastructure and performance of the private WAN, and deploys Akamai servers at the Internet edge to provide scale, performance, and security for remote users, business partners, and other Internet-enabled applications. Figure 1 shows the reference architecture typical for global enterprise requirements across the entire extended enterprise.
Figure 1. End-to-End Application Delivery Using Cisco and Akamai Solutions
• Branch-office users: Employees in fixed locations such as a remote office or point-of-sale location accessing centralized applications benefit from symmetric optimizations performed by Cisco WAAS appliances and network-integrated modules. Cisco WAAS can be deployed at both ends of the WAN link or using Cisco WAAS Mobile software to provide both application acceleration and WAN optimization. With local Internet connectivity and split-tunnel capabilities in the remote offices, employees can also access Internet-facing applications, including intranet portals and third-party software-as-a-service (SaaS) over the optimized Akamai Internet cloud.
• Partners and customers: Like employees, business partners and customers also need speedy access to a subset of enterprise applications and websites. Because these users typically reside outside the IT department's control, their primary access method is the Internet. These users benefit from single-ended first-mile performance improvements provided by techniques offered by Cisco ACE in the data center, including server load balancing, SSL and TCP offloading, and application acceleration. These users also benefit from symmetric optimization across the Internet through Akamai EdgeServers distributed on a global scale in the cloud. Optionally, a Cisco ASA deployment in the data center can provide an additional level of security and policy-based access for partners and suppliers.
• Remote employees: Mobile employees and small-office and home-office (SOHO) locations have application access requirements similar to those of remote-office users, but their mobility or small size makes private WAN access prohibitive. As a result, remote employees rely on secure remote access over the Internet through VPN software and a VPN device such as Cisco ASA for their secure access to the corporate network from the Internet. In this scenario, first-mile and middle-mile optimizations are handled by Cisco ACE and the optimized Akamai Internet cloud services respectively. Since remote employees are within IT's direct control and are subject to application performance limitations caused by latency and bandwidth, these users also benefit from the installation of Cisco WAAS Mobile deployed on their local workstations. For cases in which VPN access is handled by a nearby VPN termination point other than the corporate campus, remote users benefit from optimized delivery from the remote user to the access concentrator with the Akamai solution, and internal acceleration across the private WAN with Cisco WAAS.
• Wireless handheld users: An increasing number of users are requesting content and applications over wireless handheld devices. In addition to the aforementioned first-mile and middle-mile optimizations, the deployment of Akamai's dynamic web and IP acceleration services mitigates the effect of lossy, oversubscribed wireless networks by quickly detecting dropped packets and optimizing retransmission and communication in the last mile.
• Third-party application access: A variety of new cloud computing models are being developed in which enterprises have access to third-party on-demand utility computing infrastructure and development platforms in the cloud. Akamai plays a critical role in improving the delivery of such applications over public clouds. Akamai in-cloud optimization services are applied to valued applications built on utility computing or platform-as-a-service platforms. Since Akamai services are activated through DNS, it does not matter that the application infrastructure is hosted and managed by a third party.
Akamai and Cisco Together Offer a Full Suite of Acceleration Capabilities
In addition to diverse access methods and user types, the extended enterprise requires a variety of applications and associated optimizations for each class of applications. A single enterprise typically concurrently runs real-time applications such as video, voice over IP (VoIP), and web conferencing; browser-based applications; virtualized applications and desktops; client-server applications; email; file services; and data archives. Akamai and Cisco together provide a range of routing, transport, and application-specific optimizations while allowing the enterprise to determine whether the application is suited for access on the private WAN, the public Internet, or both.
Table 1 summarizes the specific optimizations performed by each product.
Table 1. Optimizations Performed
Internet
Private WAN
Akamai Application Performance Solutions
Akamai Media Delivery
Cisco ACE
Cisco WAAS Mobile
Cisco WAAS
Cisco IOS Software
Routing
• Global traffic management across multiple data centers
• Dynamic edge server mapping
• Real-time route optimization to optimize round-trip time (RTT) and Internet availability
• Packet redundancy
• Latency and packet-loss optimization of live streams
• Server load balancing
• Layer 4 to 7 switching
• Optimized routing and path selection using PfR
• IP SLA
Transport
• High-performance transport protocol with secure SSL termination, optimized window sizing, long-lived persistent connections, pipelining of requests, and intelligent retransmission
• TCP offloading from application servers in the data center
• Intelligent Transport Protocol (ITP)
• TCP optimization: Transport Flow Optimization (TFO), including selective acknowledgment (SACK), large windows, adaptive buffering and congestion avoidance
• Hierarchical queuing and scheduling
• Policing, shaping, and weighted random early detection
• Optimized routing and path selection using PfR
Applications
• VoIP
• Video
• Web-based applications
• File servers
• Email
• Hierarchical edge caching with advanced control
• Parsing of HTML pages and prefetching of embedded content
• Live and on-demand streaming and HTTP downloading
• Support for all major video formats provided by Adobe, Apple, Microsoft, and Real
• Integrated digital rights management (DRM)
• Protocol acceleration
• Content-aware compression
• Protocol acceleration
• Stream splitting
• Object and metadata caching
• Content prepositioning
• Server offloading
• Classification marking, prioritization, reservation, and protection for any application
• Voice
• Video
• Bulk
• Transactional
Data Transfer Efficiency
• Client-aware compression
• Application compression
• Application-aware compression
• Generic compression
• Delta caching
• Persistent LZ compression
• Data Redundancy Elimination (DRE)
• Object and metadata caching
• Header compression
• Link fragmentation and interleaving (LFI)
Solution Benefits and Examples
The combined Akamai and Cisco reference architecture provides a variety of solution benefits related to application performance, scalability, availability, and security. The combination of technologies provides greater benefits than any of the technologies provides on its own.
Performance
Centralized application infrastructure is provided for both Internet and private-WAN applications while maintaining LAN-like performance for global users anywhere in the world. Speedy, consistent application response times improve user productivity, increase adoption of online business processes, and accelerate responsiveness to new market opportunities. With a centralized architecture, unnecessary capital and operational costs can be removed from the business model to improve business efficiency and confidence in deploying new applications.
Figure 2 shows an example of response times for applications delivered over the Internet. It shows global response times to complete a four-step dynamic transaction for a web-based service portal hosted in the eastern United States. Prior to the use of Akamai Application Performance Solutions, users in some cities experienced response times of more than 40 seconds. After the Akamai solution was deployed, all locations exhibited local response times.
Figure 2. Performance Improvements Provided by Akamai
Figure 3 shows application throughput measured with and without Akamai Application Performance Solutions for a virtualized desktop environment hosted in the western United States. With Akamai Application Performance Solutions, optimal VDI protocol throughput was maintained regardless of user location. Without Akamai, VDI protocol throughput degraded sharply, by 50 to 85 percent, when users accessed the application outside the United States.
Figure 3. Application Throughput
Figure 4 shows the performance improvements registered over the private WAN of a major industrial company with employees scattered in rural areas and R&D scientists distributed globally. Using Cisco WAAS within the private WAN, the Microsoft SharePoint portal was centrally deployed, and LAN-like performance was achieved for all. The average response time fell from 270 seconds to 8 seconds, and bandwidth usage dropped from 90 percent utilization to 50 percent.
Offloading techniques extend the longevity of data center and network resources and provide opportunities for consolidation to reduce the infrastructure footprint and allow more energy-efficient designs. Internet-facing applications benefit from load-balancing and server-offloading techniques in the data center, including SSL, TCP, and XML. Additional offloading of static content, reusable dynamic content, TCP overhead, and storage is achieved through the use of the Akamai cloud. The bandwidth required to support Internet applications is reduced, and a dramatic reduction in server workload and overall processing is achieved. Similarly, tremendous gains in scalability can be achieved within the private WAN. Techniques such as caching and protocol acceleration reduce WAN bandwidth utilization while increasing application throughput, decreasing spending on costly private-WAN connections.
Figure 5 shows that Akamai greatly improves server scale within the data center by offloading static content and classes of dynamic content to Akamai EdgePlatform. The result is a dramatic reduction in server hits, freeing precious bandwidth and server resources while optimizing power and rack space in the data center. This example shows nearly a 75 percent reduction in server hits when using Akamai offloading for this dynamic web application.
Figure 5. Scalability Improvements Provided by Akamai
Availability
The combined Akamai and Cisco solution provides a reference architecture designed for high availability without a single point of failure. High-availability and fault-tolerant designs involving redundancy at each place in the network, clustering, data replication, ongoing health monitoring of servers and applications, and fault-tolerant network designs help ensure continuous operation and performance in the event of a component failure or even a catastrophic disaster. To match the availability provided in the data center, the Akamai cloud addresses challenges associated with the Internet itself. Whether a failure is caused by an earthquake, cable cut, outage, peering problem, or simply congestion, Akamai's dynamic routing algorithms identify a path that avoids the problem, improving application uptime from the end-user's perspective by always connecting users to application servers.
Figure 6 shows how Akamai improved availability when an undersea cable in the Middle East was cut in early 2008. Internet users in India accessing centralized application infrastructure in the eastern United States would have experienced severe performance degradation over the course of 3 days (blue) as a result of this event. Instead, Akamai avoided the problem area (red) altogether through dynamic routing, resulting in greater application uptime for application users.
Figure 6. High-Availability Design Using Akamai
Security
Working together, Akamai and Cisco technologies offer dual-perimeter security protection for Internet applications by blocking malicious activity in the data center and at the Internet edge. The result is secure application delivery, protecting your business from high-scale attacks such as distributed denial of service (DDoS) using edge filtering and removing threats from application-layer vulnerabilities including cross-site scripting and SQL injection. Branch-office users with split-tunnel access also have secure access to Internet applications with similar dual-perimeter protection through firewalls at the Internet edge and in the branch office using Cisco IOS Software security features and Cisco ASA devices. Secure applications remain secure even when accelerated through trust-boundary-compliant SSL acceleration provided by both Cisco WAAS and Akamai solutions. With these capabilities, enterprises can securely deploy applications with confidence on both the Internet and private WAN.
Conclusion
Different application delivery solutions can serve complementary purposes across the global enterprise. Working together, Akamai and Cisco provide a reference architecture that combines both companies' best-in-class offerings in the data center, branch office, and cloud to provide organizations with outstanding end-to-end application delivery solutions, enabling secure, scalable, consistent application delivery for any type of user, over any access method or device, to anywhere in the world. These combined technologies provide a variety of business benefits, including improved user productivity and operations, simplified IT infrastructure environment, and revenue gains, helping give businesses the agility they need to move forward in today's world.
Akamai® provides market-leading managed services for powering rich media, dynamic transactions, and enterprise applications online. Having pioneered the content delivery market one decade ago, Akamai's services have been adopted by the world's most recognized brands across diverse industries. The alternative to centralized Web infrastructure, Akamai's global network of tens of thousands of distributed servers provides the scale, reliability, insight and performance for businesses to succeed online. Akamai has transformed the Internet into a more viable place to inform, entertain, interact, and collaborate. To experience The Akamai Difference, visit http://www.akamai.com.
