Increasingly enterprises are adopting cloud services, with more than 50 percent of all workloads being processed in the cloud by 2014 according to the 2011 Cisco® Global Cloud Index. However, cloud services place new demands and requirements on the enterprise network, especially the enterprise WAN in delivering these services to remote and branch-office users. In order to meet these new requirements, Cisco introduces "cloud connectors" for enterprise routing platforms.
A Cisco Cloud Connector is a software component embedded in, hosted on, or integrated with enterprise routing platforms (the Cisco Integrated Services Routers Generation 2 [ISR G2] or Cisco ASR 1000 Series Aggregation Services Routers) to enable or enhance a cloud service. Examples can be improvement of availability, performance, and security of cloud services. The connector is embedded in Cisco IOS® Software, hosted on the router, or integrated with it, and it uses the network services of the platform for a specific cloud service or a group of cloud services.
Cloud Trends and Challenges
Adoption of cloud-based applications will continue to increase as enterprises realize the benefits for cost savings, flexibility, and reduced operational demands. Indicating the popularity of cloud-based applications, 81 percent of businesses surveyed are either planning their initial forays, are in experimentation, or have full implementations of cloud services, according to an October 2011 KPMG and Forbes Insight global survey. Security and control remain the biggest barriers to cloud adoption, followed by performance and reliability concerns (Source: ZK Research, 2012). Finally, bringing different cloud services together is a complex effort:
• Security: The ability to apply enterprise security policies to cloud services is limited, resulting in inconsistent security policy enforcement across the enterprise.
• Lack of control: Improving user experience and application performance requires more than just adding more bandwidth. Achieving better control over the choke points in a network is challenging and lacks the ability to dynamically apply network optimization techniques to have the cloud service adapt to the capabilities of the network.
• Inconsistent performance: Workers want to access applications wherever they are and when they need them. Unfortunately, the user experience varies widely, depending on whether the user is in a branch office, telecommuting, or working from home or other locations. This inconsistency can be extremely frustrating for end users and can cause them to not want to work in some situations.
• Limited reliability: Link failures and performance degradation of the WAN reduces the availability of cloud services and consequently puts the success of an organization at risk.
• Complex operations: The challenges mentioned previously often make it impossible for the IT organization to ensure a transparent end-user experience and ensure transparency of policy enforcement across the different cloud services.
Requirements for Connecting to the Cloud - Why Network?
Cloud computing is the most network-centric computing model to date. Connecting remote and branch offices to the cloud requires uncompromised performance, security, and availability while simplifying IT operations. The network is the natural home for management and enforcement of policies relating to security risk, performance, and cost. As data centers and applications are transitioned offsite and into clouds, only the WAN network sees all data, connected resources, and user interactions both over the public Internet and between clouds. The network is thus uniquely positioned to control performance and apply security policies, while monitoring the overall performance and metering usage of distributed cloud services.
• Performance: Acceptable and consistent end-user experience irrespective of location and device type
• Security: Consistent security enforcement of enterprise security policies across multiple cloud services
• Availability: Continued operation of cloud services even in case of link failure or degradation
• Simplified operations: Less complexity for IT operations to deliver on these requirements
Cisco Cloud Connectors, embedded within Cisco IOS Software, hosted on, or integrated with the Cisco ISR and ASR, make it possible to take advantage of intelligent capabilities of the network to improve the delivery of cloud services and applications. Cisco Cloud Connectors help ensure that the network gains additional awareness of the cloud service, and allow them to dynamically respond to the conditions of the network. The improved linkage of the network with multiple cloud services contributes to increased transparency of the end-user experience and transparency of managing IT operations.
Cloud-Enabled Branch Office
Delivering on these requirements for cloud services in the branch office is not something that can be solved easily or with a single point solution. Ensuring that branch-office users receive LAN-like performance out of their cloud applications and that those applications are delivered in a secure and highly available manner requires a combination of network and application intelligence.
• Network intelligence: The best possible cloud experience is achievable only when the underlying network is cloud-aware and can deliver the appropriate service levels for cloud applications. Network capabilities such as Layer 7 quality of service (QoS), application recognition, and application acceleration require a significant amount of application awareness within the network.
• Application intelligence: Cloud applications also need to be aware of what the network can provide to them. Being able to react to changing network conditions and communicate application requirements to the network results in a level of network awareness that allows cloud applications to deliver the best possible experience to branch-office users.
The Cisco Cloud Connected Solution is designed with these requirements in mind. It delivers a variety of capabilities within the network that make it end-to-end application-aware. Connectors are also provided to give applications real-time network awareness. Many of these capabilities are explored herein, but an even broader set of capabilities is available in the Cisco Cloud Connected Solution.
When dealing with cloud-based applications in a remote branch-office environment, organizations must deal with some unique challenges. Many of the applications being moved to the cloud were never designed to run with the latency and bandwidth constraints of a typical branch-office WAN environment. When the applications and services critical for the operation of the business are moved to the cloud, the reliability of the service and the network becomes a paramount concern.
So how can you provide the level of survivability, security, and performance needed for these business applications when they are moved into the cloud? Over-the-top applications rarely deliver the end-user experience the business needs when moved into a cloud and branch-office WAN environment. Traditional QoS might work for some applications that have been designed with the WAN in mind, but for many applications a deeper relationship between the intelligent network and the applications running over it is becoming a requirement. This overview examines some of the capabilities of the Cisco Cloud Connected Solution that increase the application awareness of the network and the network awareness of the application like never before. First, consider a new concept in delivering the best cloud application experience, called the cloud connector. The basic structure of a cloud connector, as shown in Figure 1, is as an intelligent piece of software living within the branch-office gateway, providing a better experience for cloud applications.
Figure 1. Connecting to the Cloud Requires Rethinking Traditional WAN Architecture
Build Your Own Cloud Connector
Figure 2. Build Your Own Cloud Connector Anatomy
With the rapidly growing number of cloud applications, besides offering connectors to enhance Cisco rich cloud-based services, Cisco introduces a development environment for customers and partners. The CTERA cloud storage connector is a great example of a cloud connector written by a cloud application provider that makes its service even better in the branch office by improving the experience of business-critical applications while different transactions such as backup and file transfer are taking place and allows CTERA customers to meet their branch-office users' service-level objectives.
The cloud connector development environment is a set of tools provided by Cisco for you to easily and quickly create a cloud connector for your unique business needs. It offers enterprise organizations and application providers everything needed in one single kit to get started:
• Cisco Cloud Intelligent Network: The underlying infrastructure is the most fundamental component to delivering a cloud application to the branch office. The Cisco ISR G2 brings a full suite of cloud-aware capabilities that can make any application perform better in a WAN environment. Many of these capabilities are discussed in the following section.
• Network-aware application programming interface (API): The Cisco One Platform Kit (onePK) API set available within the Cisco Cloud Intelligent Network gives cloud connectors access into the network services. With onePK, a cloud connector can interact with the network at various levels. With the API, users can gain simplified access to a rich variety of network services capabilities.
• Application sandbox: The Cisco UCS® E-Series capabilities of the Cisco ISR G2 provide an environment within the branch-office router for hosting multiple industry-standard virtual machines. As an example, third parties can easily create their cloud connectors as VMware VMs, which can be hosted directly on the router.
Examples of Cloud Connectors
Although the name "cloud connector" is a new one, the concept is not new. Cisco has been developing a portfolio of cloud connectors over the last few years targeted at specific cloud-based services, so our portfolio is already extensive. Many of the following solutions provide intelligence within the network that makes the cloud application experience better for users in a remote branch office. This portfolio is not static - as more and more cloud services become popular in branch-office environments, the portfolio of cloud connectors from both Cisco and third parties will grow to provide increasingly better end-user experiences for those services.
Cisco Cloud Web Security (formerly ScanSafe): A Connector for Secure Web Access Without Client Agents
Cisco Cloud Web Security leads the industry in software-as-a-service (SaaS) web security. Traditional web security services require complex configuration on end-user PCs to set up a web proxy that can provide threat protection from malicious and out-of-policy websites. The Cisco Cloud Web Security Connector eliminates that overhead for the IT organization by incorporating the connection to the Cisco Cloud Web Security service directly from the branch-office router rather than the end-user's PC (Figure 3).
Figure 3. Direct Internet Access with Cisco Cloud Web Security
With Cisco Cloud Web Security, any PC or device brought into the office - whether it is company-owned, employee-owned, or brought in by a visitor - can be provided with enterprise-class web security with zero configuration. The Cisco ISR G2 with the Cisco Cloud Web Security Connector automatically forwards Internet web traffic from the branch office directly to the Cloud Web Security service, where it can be filtered based on business policies and real-time threat alerts. This process has the added benefit of effectively removing much of this Internet web traffic from the corporate WAN connection back to headquarters, resulting in cost savings from keeping nonbusiness traffic off the mission-critical - and expensive - enterprise WAN.
Cisco Unified Survivable Remote Site Telephony: A Connector for Cisco Hosted Collaboration Solution
Cisco Hosted Collaboration Solution (HCS) uses the power of the cloud to deliver Cisco Unified Communications and Collaboration applications to your business. It delivers a people-centric collaboration experience anywhere, with any content, on any device. Cisco HCS uses a flexible, pay-as-you-go model that preserves precious capital for core business priorities and is delivered through Cisco cloud providers and resellers.
Cisco Unified Survivable Remote Site Telephony (SRST) provides added telephony reliability for Cisco HCS solutions. Cisco Unified SRST is deployed on the Cisco ISR at the customer site. If a site loses its connection to the cloud, Cisco Unified SRST automatically takes over the main functions of Cisco HCS so that employees can continue to make and receive calls without interruption. When the disrupted WAN link is restored, phones automatically connect to Cisco HCS again with no effort from the IT team (Figure 4).
Figure 4. Cisco Unified SRST with Cisco HCS
Cisco Unified Border Element: A Connector for Cisco WebEx Cloud Connected Audio
Cisco WebEx® conferencing is another industry-leading cloud service that provides a rich conferencing and collaboration environment. With Cisco WebEx conferencing, employees from around the globe can collaborate in ways that can be as effective as face-to-face. WebEx® conferencing provides new productivity capabilities and makes rich customer interactions instantly available from any location at any time. The productivity gains and reduced travel costs make Cisco WebEx conferencing an exciting cloud service for any company.
When deployed with Cisco WebEx applications, Cisco Unified Border Element (CUBE) helps enterprises avoid expensive toll charges for audio conference bridges (Figure 5). Without Cisco Unified Border Element, WebEx audio conferences will use traditional voice circuits from the service provider with potentially expensive toll charges. Cisco Unified Border Element provides a direct connection between the enterprise IP voice network and the WebEx service, allowing audio conferences to traverse the network rather than using the traditional and expensive traditional voice service provider network. For large corporations frequently using the WebEx service for collaboration, the resulting savings can be substantial.
Figure 5. Cisco WebEx Cloud Connected Audio and Cisco Unified Border Element
CTERA Cloud Storage Connector for Cisco ISR G2
The CTERA Cloud Storage Connector for Cisco ISR G2 is a great example of how companies interested in improving the performance of a cloud service can build their own cloud connectors. CTERA provides hosted cloud storage and data protection services for small and medium-sized enterprise environments. CTERA's goal is to provide the perfect mix of offsite data backup and archiving in the cloud combined with local onsite availability.
By combining CTERA's cloud-based storage solution with the capabilities of the Cisco ISR G2 and the Cisco UCS E-Series Server blades, companies have a fully integrated network environment with integrated on- and offsite data storage in a single box.
Figure 6. CTERA Cloud Storage Connector for Cisco ISR G2
With the CTERA connector running within the branch office, you have immediate access to your most frequently used data (Figure 6). You also have high-speed access for your daily client backups across the LAN. Onsite data is then encrypted and transparently mirrored to the cloud in the background to optimize WAN bandwidth. Combine this connector with a single web portal for managing on- and off-premises storage, and the branch-office user has the optimal experience.
Table 1 gives examples of the Cisco portfolio of cloud connectors.
Cisco Cloud Web Security provides reliable, secure filtering for web traffic in a scalable, easy-to-manage cloud service. The Cloud Web Security Connector in the ISR G2 branch-office platforms makes Cisco Cloud Web Security deployments simple, with no end-user configuration, while removing unnecessary web traffic from the expensive corporate WAN backbone.
Offers consistent end-user experience irrespective of location and device type
Provides consistent security enforcement of enterprise security policies
Helps ensure web filtering is 100-percent available to all users
Reduces IT overhead by removing the need for end client configuration
The Cisco Hosted Collaboration Solution provides best-in-class Cisco Collaboration in a hosted cloud environment. Cisco Unified SRST provides additional reliability through redundant, localized call processing at the customer site during network outages.
Offers business continuity during WAN disruption
Offers secure, trusted connections
Enables always-on voice service
Provides intelligent and automatic failover configuration without manual IT or telecom intervention
Cisco Unified Border Element
The Cisco WebEx solution is an industry-leading web conferencing and collaboration solution. Cisco Unified Border Element ties this cloud service together with an intelligent network to deliver lower costs, better bandwidth usage, better survivability, and an overall better end-user experience to WebEx users in remote locations.
Offers reliable audio quality through dedicated enterprise connection
Provides secure peer relationship and minimized risk of audio interception
Offers consistent configuration and operation with the rest of the enterprise voice network
CTERA Cloud Storage Connector for Cisco ISR G2
CTERA is a leading enterprise cloud storage provider. Working with the Cisco Unified Computing System™ E-Series server platform, the company has developed its own cloud connector that delivers better experience and availability for its users in remote branch offices.
Offers improved response time for backups and most frequently accessed data
Encrypts sensitive data before exporting to the cloud
Provides access to most important data when the WAN is down
As mentioned previously, the cloud connector is only one part of delivering the best possible cloud experience to the branch-office user. The Cisco Cloud Intelligent Network also provides a variety of capabilities specifically designed to improve cloud applications in a low-bandwidth, high-latency WAN environment. All of these applications, shown in Table 2, are designed specifically to work in a services-rich branch-office environment building on the experience delivering services with the hugely popular Cisco Integrated Services Routers. The growing popularity of cloud applications provides another services delivery model that can benefit from the same rich portfolio of network services.
Table 2. Cloud-Enabling Network Services
Uses for Cloud Services
Cisco Wide Area Application Services (WAAS)
• Reduces bandwidth consumption through data redundancy elimination
• Improves latency through transport flow optimization and application accelerators
• Cisco WAAS dramatically improves the bandwidth consumption and latency for all applications across the WAN.
• Cisco WAAS recognizes and accelerates many cloud applications, including remote desktop protocols such as Microsoft RDP and Citrix ICA.
Cisco Performance Routing (PfR)
• Applies business rules to intelligently divide WAN traffic across multiple primary and backup WAN connections
• Eliminates "waste" from backup interfaces sitting idle
• Cisco PfR works with Cisco AVC to identify mission-critical applications for the remote office and guarantees they take the best possible route from the branch office to the cloud.
Cisco Application Visibility and Control (AVC)
• Provides Layer 7 and beyond application recognition to understand the applications on the WAN and provide appropriate quality of service (QoS)
• Cisco AVC recognizes well-known and hard-to-find web-based cloud applications to provide appropriate QoS guarantees for cloud services.
• It reports applications running on the network using standard NetFlow so that IT can accurately assess the applications used in the office.
Cisco IOS® Zone-Based Firewall
• Brings an intelligent enterprise-class firewall directly into the branch-office router
• Cisco AVC provides security in the branch office to allow direct handoff for Internet traffic, conserving expensive enterprise WAN bandwidth.
• Offers consistent end-to-end media delivery architecture for both service providers and enterprises
• When cloud applications cross into rich-media environments, Cisco solutions for optimizing medianets provides the assessment, monitoring, and tools to maintain the appropriate service levels for each service.
Cisco TrustSec® Security framework
• Delivers Layer 2 end-device and end-user identity awareness and secure access to the network
• Many cloud-based applications can benefit from an awareness of who the end user is, where that user is located, and what device the user is using to connect to the network. Cisco TrustSec security can provide all of this knowledge to deliver the best possible cloud experience.
Cisco UCS E-Series
• Brings the power of industry-standard virtualization into the branch-office router; VMware virtual machines can be hosted on Cisco UCS E-Series Servers inside an ISR G2
• Cloud application providers can create their own connectors in virtual machines that can be hosted directly inside the branch-office router, giving them a quick path to creating a better cloud experience for users in the branch office.
Cisco onePK API set
• Provides rich network interaction to applications through a common software development kit (SDK). Apps can integrate deeply into the Cloud Intelligent Network.
• Cloud application providers can develop extremely powerful connectors that interact with the entire network through the Cisco OnePK API set. This level of integration allows the connector real-time access to monitor and affect changes within the network itself.
Connecting to the Cloud with Confidence
Cloud services offer enterprises compelling economics by reducing capital and operating expenses while at the same time enabling flexible business models and reaching new levels of scale. However, uncontrolled growth of cloud services without taking advantage of the intelligence of the network will result in subpar performance and availability, inconsistent security enforcement, and unnecessary complex operations. Cisco Cloud Connectors apply the intelligence of the network to the delivery of cloud services. With these types of solutions, the enterprise can connect to the cloud with confidence, because it can now truly optimize cloud application performance within the available bandwidth to deliver a high-quality user experiences and deploy multiple cloud services while enforcing consistent security policies.