Technology advancements are enabling powerful interactions among employees, customers, and businesses. Today, businesses are adopting agile architectures that accelerate services delivery, convergence, and integration to deliver services anywhere, anytime, and to anyone while decreasing cost of the infrastructure.
A Borderless Network Architecture is an imperative for organizations to meet the demanding business challenges and changing business models. Cisco® Borderless Networks is a next-generation architecture that helps IT evolve its infrastructure to deliver seamless, secure, and reliable access in a world with many new and shifting borders. The Cisco Integrated Services Routers Generation 2 (ISR G2) constitute a critical component of the Cisco Borderless Network Architecture and deliver the performance requirements for the next generation of WAN and network services, enabling the cost-effective delivery of high-definition collaboration at the branch office and providing the secure transition to the next generation of cloud and virtualized network services.
Cisco ISR G2 platforms, solutions, and services enable organizations to "go borderless" and enable the "borderless branch". This white paper discusses the concept of integrated services as they apply to the branch-office router and how they help to enable the borderless branch office for small to medium-sized businesses, large enterprises, and service providers offering managed services.
2.0 Borderless Networks
In today's workplace, it is increasingly common that primary business resources, including data centers, applications, employees, and customers, are all outside the traditional business perimeter. IT must deal not only with new devices and usage models, but also with changing business practices that place huge new demands on the infrastructure. IT needs a better way to scale and manage users and customers in any location, given those users may be using virtually any device to access almost any application located anywhere in the world.
Cisco Borderless Networks is a next-generation architecture that connects anyone, anywhere, anytime, using any device to any resource securely, reliably, and seamlessly. It empowers IT to efficiently manage access from multiple locations, from multiple devices, and to applications that can be located anywhere.
The Cisco Borderless Network Architecture delivers two primary sets of services: network services and user or endpoint services. Figure 1 illustrates the architecture and its components. Network services are end-to-end services delivered by the infrastructure that encompass routing, switching, mobility, security, and WAN optimization components. They include:
• Voice and video with medianet: Extends rich-media experiences to partners, customers, and employees with scale and optimization
• Green with Cisco EnergyWise: Measures, monitors, and controls energy usage on IT and non-IT devices from the network for agility and efficiency
• Security with Cisco TrustSec®technology: Strengthens security across distributed networks with visibility and control to connect the right people, devices, and locations
• Mobility with Motion: Provides anywhere, anytime access to information for wired, wireless, and remote users on any device to enhance participation
• Application performance with Application Velocity: Enables the optimal experience of any application, at anytime, and on any device, delivering the fastest application performance possible, using capabilities fully integrated into the Cisco Borderless Networks portfolio; with application awareness built into the network, IT has an effective tool for managing application performance holistically
Endpoint or user services, even though they are the functions of the network, define the user experience and enable the attributes of secure, reliable, and seamless performance on a broad range of devices and environments.
Figure 1. Cisco Borderless Networks Architecture
This architecture creates agility to capture new business opportunities, increases customer intimacy from personalized network-based experiences, and improves workforce productivity. Borderless Networks holistically and extensibly links together users, devices, applications, and business processes with the network.
2.1 Borderless Branch Office: Requirements
The emergence of the corporate branch office as a major center of business activity presents both challenges and opportunities to IT organizations. Today, more than one-third of all employees work in remote sites, and effective collaboration has become challenging. Decision making is becoming localized as branch offices evolve into "mini-headquarters". To be productive in this model, the users and customers in branch offices demand consistent application and end-user experiences, independent of geography and the size of the organization. They also require service coherency and consistency on par with that at headquarters.
As a result, branch offices face two challenges today:
• Embrace technology and deliver a transparent secure and collaborative experience to employees, customers, and partners in the branch office
• Achieve the first objective while focusing on the cost aspects; that is, return on investment (ROI) and total cost of ownership (TCO)
To meet these business demands, IT needs a better way to scale and manage users and customers in any branch office, given those users may be using virtually any device to access almost any application located anywhere in the world. Business would require an infrastructure that supports:
• A robust network platform capable of delivering real-time collaboration experiences to any device and any user in the branch office
• Transparent mobility with location services for anytime, anywhere communications
• Security for devices both on the local network and across cloud services
• Sustainability and reduced energy costs for efficient and cost-effective business operations
• Optimized application performance for rich-media applications in the branch office
• Compliance with current and future government and industry regulatory requirements
A reliable borderless network infrastructure is vital to meet these objectives and deliver a borderless experience in the branch office-and enable the "Borderless Branch".
The Cisco ISR G2 platform is a critical component of the Borderless Network Architecture that brings together network, compute and application, security, mobility, and collaboration services in a single, integrated platform. The Cisco ISR G2 introduces revolutionary ways to make the remote office more productive, more collaborative, and more operationally efficient. These new innovations enable branch offices to:
• Deliver next-generation WAN and network service requirements
• Become more productive through increased video-based collaboration and rich-media services
• Securely transition to cloud and virtualized network services
• Minimize energy consumption and costs to support corporate sustainability
• Enable small IT teams to scale services worldwide
Designed for optimal service delivery on a single platform, the Cisco ISR G2 routers give businesses greater power to deploy services "on demand" as business needs dictate-while reducing overall operating costs. These platforms enable delivery of high-definition collaboration at the branch office and provide secure transition to the next generation of cloud and virtualized network services (Figure 2).
Figure 2. Borderless Branch Office: Any Service, Anytime, in Any Branch Office
• Cisco ISR G2 delivers the next generation of services through a virtualized service framework that helps branch offices manage new services deployments across multiple branch offices on demand, without requiring costly onsite visits or staffing requirements and optimizing operational costs. Services virtualization on the Cisco ISR G2 provides a means to extend cloud-based applications in the branch office and offers the flexibility to customize branch-office applications. This framework enables IT to evolve its infrastructure to provide any service, anytime, in any branch office. The Cisco ISR G2 platform thereby enables enterprises to deliver seamless, secure, and collaborative borderless workspace experiences in the branch office through service virtualization, video-ready capabilities, and operational excellence, and it enables the "Borderless Branch".
• Organizations can adopt the Cisco ISR G2 platform to enable the "borderless experience" in their branch offices, and amplify the business potential of their organization.
The Cisco Integrated Services Routers Generation 2 portfolio is a family of products that are part of the Cisco Borderless Network Architecture to enable business innovation and growth across all remote sites. The Cisco ISR G2 is the latest addition to the tremendously successful first generation of Cisco integrated services routers. The next-generation architecture of the Cisco ISR G2 delivers a new workspace experience by meeting the performance requirements for the next generation of WAN and network services. The Cisco ISR G2 portfolio diagram (Figure 3) maps the service capabilities across the platforms. These platforms deliver increased capacities for routing, switching, unified communications, security, and applications integration compared to first-generation platforms. At the same time, these routers are designed for expansion that can deliver increased performance and capabilities over time without the need for expensive system upgrades for hardware as remote sites grow.
Figure 3. Cisco ISR G2 Series Portfolio
3.2 Virtualized Services Framework with Cisco Services-Ready Engine
To enable the borderless services in the branch office, the Cisco ISR G2 platforms introduce a new virtualized services framework. The critical enabler of this capability is the Cisco Services-Ready Engine (SRE) on the Cisco ISR G2 platforms.
The Cisco SRE modules are high-performance router blades for the Cisco ISR G2 routers that provide the capability to host Cisco, third-party, and custom applications. The modules have their own processors, storage, network interfaces, and memory that operate independently of the host router resources, helping ensure maximum concurrent routing and application performance.
The Cisco SRE hosting infrastructure provides a services-ready deployment model that enables you to provision applications on the modules remotely at any time, without a complete system upgrade. With this capability, you can configure a preinstalled application at deployment time, remotely install a new application onto a blank module, or replace an existing application with a different one.
The Cisco SRE modules offer compute performance and storage capacity on par with typical branch-office servers or appliances, including: x86-64 single- or multicore processor options, up to 1 terabyte of hard disk storage capacity, hardware-assisted virtualization, and cryptography. The hardware comes in several form factors and has features to support both general-purpose servers and special-purpose appliances.
4.0 Integrated Services and Solutions on the Cisco ISR G2
The Cisco ISR G2 platform delivers high-performance, scalable integrated services and solutions through a flexible framework of services building blocks. The entire framework revolves around accelerating services delivery, convergence, and integration to deliver services anywhere, anytime, and to anyone while decreasing cost of the infrastructure.
The Cisco ISR G2 platforms support the industry's most comprehensive suite of routing protocols using Cisco IOS® Software. These protocols include Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and Performance Routing (PfR). Highly scalable routing protocols are supported for both IPv4 and IPv6.
The Cisco ISR G2 platforms also support Multiprotocol Label Switching (MPLS) Label Edge Routing and customer-edge functions: Layer 3 VPNs, Layer 2 Any Transport over MPLS (AToM) pseudowires, and Multi-Virtual Route Forwarding (Multi-VRF).
Cisco ISR G2 platforms also support Performance Routing (PfR), which routes data packets through the best IP path between disparate network locations. The router dynamically chooses the optimum route based on variables other than just the shortest path-the criterion used by standard routing algorithms-by correlating real-time data about network latency, jitter, packet loss, link usage, reachability, throughput, and link cost (Figure 4).
Figure 4. Performance Routing: Routes Packets Through the Best IP Path
4.2 Integrated Switching
The Cisco ISR G2 platforms support integrated switching on the Cisco 2900 and 3900 Series Integrated Services Routers using the Cisco EtherSwitch® Service Modules. These innovative solutions reduce TCO by optionally integrating switch ports within a router-offering both routing and switching on a single platform and providing fewer points of management for the branch office.
Other important features include:
• Support for features such as IEEE 802.3af Power over Ethernet (PoE)
• Local, robust Layer 3 flexible WAN routing with wire-speed full-duplex Layer 2 switching
• Support for IEEE 802.1p, 802.1Q, and 802.1D spanning tree
• Voice VLAN feature for IP phones
• Autosensing on each port, quality of service (QoS), and scalable VLANs
• Cisco Network Assistant and Cisco Emergency Responder
• Cisco StackWise® interfaces (available on select network modules)
• Software feature parity with highly advanced Cisco Catalyst® 3750 Series Switches
A unique architectural design helps ensure that the Cisco EtherSwitch Module runs an independent Cisco IOS Software image, providing feature parity with the Cisco Catalyst 3750 Series Switches, thereby helping ensure that voice calls and data connections can stay up through the switch even when the Cisco IOS Software on the router is being reloaded (including during a warm reload).
4.3 Security Services
4.3.1 Virtual Private Networks
The Cisco ISR G2 platforms sffer a variety of VPN offerings for both site-to-site and remote-access deployments that are among the broadest and most secure in the industry. The site to-site VPN offerings include a strong suite of IP Security (IPsec)- and MPLS-based VPNs, the former being more predominant in the branch-office routers. Remote-access VPNs include those based on IPsec, as well as Secure Sockets Layer (SSL) with complementary capabilities. Figure 5 illustrates the categorization of different offerings.
Figure 5. Cisco ISR G2 VPN Offerings
Cisco ISR G2 platforms support both the IPsec and SSL VPN types for remote access:
• Easy VPN Remote: Easy VPN Remote functions allow the Cisco ISRs and other appliances supporting this capability to connect remote offices. It connects to the Easy VPN Server over a VPN tunnel connection and receives security policies, minimizing configuration requirements at the remote location.
• Cisco VPN Client: These IPsec thin clients run on desktops and notebooks and terminate on the Cisco ISRs, giving mobile workers and teleworkers access to corporate infrastructure. The Cisco VPN Clients are supported on a variety of Windows, MAC-OS, Linux, and Solaris operating systems.
• Cisco IOS SSL VPN: Formerly known as Cisco IOS WebVPN, this capability allows for secure remote access through standard browsers supporting native SSL encryption. Cisco IOS SSL VPN provides the flexibility to support secure access for all users, regardless of the endpoint host from which they are establishing the connection. If application access requirements are modest, the SSL VPN does not require a VPN client to be preinstalled on the endpoint host.
IPsec and SSL-based VPN offerings are complementary because they solve different problems (Figure 6). They can coexist on the same platform, allowing the Cisco ISRs to service different remote-access user requirements.
Figure 6. Solution Space for IPsec- and SSL-Based Remote-Access VPNS
4.3.2 High-Touch Security Services
In addition to secure site-to-site and remote-access VPNs, the Cisco ISR G2 is a critical part of the Cisco Self-Defending Network (SDN) security strategy, and its comprehensive services enable a single, resilient platform to rapidly deploy and secure networks and applications. All entry points to the network are protected by best-in-class security functions at multiple layers that are streamlined to lower training and manageability costs, providing Adaptive Threat Defense (ATD).
184.108.40.206 Network Foundation Protection
How can you secure a device that is intended to offer security services and ensure that the device is not overwhelmed by denial-of-service (DoS) attacks, or by actions originating from unlawful access? Cisco IOS Software offers powerful security features that help ensure continual operation for the Cisco ISRs.
4.4 Voice Integration
The Cisco ISR G2 delivers affordable and robust IP communications in enterprise branch offices and small and medium-sized business (SMB) offices. Through the integration of security, voice gateway, call processing, voicemail, Automated Attendant, conferencing, and transcoding capabilities, Cisco ISR G2 platforms deliver a complete office IP communications solution.
The platform architecture embeds voice functions directly on the router motherboard, enabling you to deploy advanced telephony services by installing digital signal processors (DSPs) and advanced integration service modules for IP telephony conferencing, voice gateways, Cisco Unity® Express voicemail, and Automated Attendant in addition to industry-standard security. The advantage with this DSP-based approach is that it frees the modular slots on the router for other modules or the high-speed WAN interface cards (HWICs). Motherboard packet voice DSP modules (PVDM) deliver conferencing, transcoding, and voice termination. Cisco PVDM2 products installed within the integrated services router provide these services for both voice-over-IP (VoIP) and time-division multiplexing (TDM) traffic.
The IP communications component of the Cisco ISR G2 platforms includes the Cisco Unified Communications Manager Express (Unified CME) as part of the Cisco IOS Software with Cisco Unity Express and Survivable Remote Site Telephony (SRST). The Cisco ISR supports industry-standard protocols such as Media Gateway Control Protocol (MGCP), Session Initiation Protocol (SIP), and H.323 as well as a variety of high-density analog and digital network modules to connect to standard telephony equipment such as fax machines, private branch exchanges (PBXs), key systems, and telephones. It can handle localized call processing with Cisco Unified Communications Manager Express while integrated switching with the Cisco EtherSwitch Service Module can aid with support for IEEE 802.3af in powering IP phones.
Important voice applications and benefits with the Cisco ISR G2 platforms include both mature features and recent innovations:
• Operation of the routers as toll-bypass gateways: This operation is accomplished by routing traditional PBX traffic across a corporation's IP network.
• Collaboration services: With the addition of the Cisco Unified CallConnector server, customers at SMBs or branch offices have access to advanced collaboration features such as presence and Instant Messaging (IM).
• Mobility: Cisco Unified Communications Manager Express provides a variety of mobility options, including support for wireless endpoints and dual-mode phones. Additionally, with native Cisco Unified Communications Manager Express Single Number Reach (SNR), office employees can provide their customers a single number to reach them in and out of the office.
• SRST: This mode helps guarantee call quality and preserves communication locally during network outages, promoting higher availability. This feature complements other availability features such as Cisco Unified Communications Manager Express autoregistration and Cisco Unified CME DSP-based conferencing. Here voicemail and Automated-Attendant services can be delivered directly inside the Cisco ISR using Cisco Unity Express or delivered centrally using Cisco Unity software. Customers can also implement Secure SRST to enable authentication and encryption support for both signaling and media transmission during a WAN outage.
• Survivable Remote Site Voicemail (SRSV): This mode provides redundant voicemail and Automated-Attendant or call-handler services during a network outage to your remote branch office.
• Enhanced security:
– Secure SIP gateways: These gateways prevent encryption and fraud with the ability to act as Layer 7 devices that intelligently allow or disallow traffic between networks.
– Secure SRST supports call control in remote offices during network outages
– Secure Cisco Unified Communications Manager Express with media encryption and signaling: The application provides security and helps ensure that voice conversations terminating on either TDM or analog gateway voice ports are protected from eavesdropping by using Secure Real-Time Transport Protocol (SRTP) and Transport Layer Security (TLS).
• Support for VoiceXML: This feature facilitates advanced interactive-voice-response (IVR) and call-center functions as well as do-not-call registry processing.
• Integrated messaging system: The Cisco ISR G2 platforms support Cisco Unity Express messaging and enable a cost-effective voicemail and integrated messaging system. The platforms support multiple languages with Automated Attendant and optional IVR. With advanced features such as live record and live reply, you can record active phone conversations and reply to voicemail by sending voicemail to the sender or returning the call to the sender's number.
• Transparent interconnection of IP-based voice networks: Cisco ISR G2 platforms offer transparent border interconnection services between IP networks through the Cisco Unified Border Element. This solution includes a session border controller (SBC) that facilitates end-to-end IP-based rich-media communication across independent unified communications networks. It transforms communication networks from IP islands by adding the capability to join VoIP and video communications networks without the need to transit through the TDM-based public switched telephone network (PSTN). Some of the supported features on Cisco Unified Border Element include signaling interworking between H.323 and SIP, media interworking (dual-tone multifrequency [DTMF], fax, modem, and codec transcoding), QoS, and bandwidth management (QoS marking using type of service [ToS], differentiated services code point [DSCP], and bandwidth enforcement using Resource Reservation Protocol [RSVP] and codec filtering).
• Voice security: Cisco Unity Express supports voice security capabilities such as Secure FTP (SFTP) for secure backup and restore, 160-bit secured hash algorithms, and hack-prevention lockout.
• Enhanced SIP trunking: The Cisco ISRs can provide VoIP and other real-time services based on SIP trunks and integrated SIP capabilities. With the Cisco SIP trunking solution in place, enterprises can quickly and easily implement secure VoIP throughout their organizations. SIP trunking allows provisioning of end-to-end voice, video, and data services with the ability for convergence while having easy trunk access and easy management of accounts. From a managed services perspective, this scenario allows for higher QoS and better customer satisfaction.
• Centralized and simplified management: With Cisco Unified Communications Manager, the Cisco ISRs deliver next-generation integrated IP telephony, voicemail, and Automated-Attendant functions for all sites of an enterprise, allowing customers to deploy one device to address all their business needs and thereby simplifying management, maintenance, and operations. Features such as SRST provide telephone backup services by automatically detecting failures and initiating call-processing redundancy procedures to help ensure that branch offices have uninterrupted telephony service.
• Scalable voice-messaging framework: The Cisco Unified Messaging Gateway solution on Cisco ISRs integrates Cisco Unity and Cisco Unity Express capabilities to enable scalable end-to-end networked voice-messaging solutions. It supports intelligent voice-message routing, management of system directories, interoperability with older voicemail systems, Network Address Translation (NAT) support, and dial-by-name capability.
Service consolidation on a single Primary Rate Interface (PRI): Integration of voice, video, and data connectivity over a single PRI link allows optimal use of existing bandwidth.
Figure 7. Cisco ISR G2 Used for IP Telephony in Branch-Office Networks
The Cisco ISR G2 platforms are ideal platforms for implementing IP communications in enterprise branch offices and SMBs. Figure 7 shows the use of a Cisco ISR for IP telephones in branch-office networks. Their ability to deliver wire-speed IP communications is the result of a high-performing processor, specialized voice silicon, innovative analog and Basic Rate Interface (BRI) interface capabilities, embedded modular DSPs, and advanced telephony services such as Cisco Unified Communications Manager Express, Cisco Unity Express, conferencing, and transcoding. With room for services growth and scalable options for integrated modularity, Cisco ISR G2 platforms are the platforms for IP communications that protect future investments.
Built for video delivery from the beginning, the Cisco ISR G2 router is a medianet-compliant solution that promotes greater collaboration with comprehensive rich-media services to branch offices, including telepresence, video surveillance, digital signage, and scalable Cisco WebEx™ and desktop conferencing. The media services engine is a voice- and video-ready DSP that enables both voice and video capabilities in a single module. The Cisco ISR G2 enables exceptional, reliable, rich-media experiences anywhere, anytime, and to any device.
• Cisco TelePresence®conferencing: With advanced video-processing capabilities and support for high-performance WAN access, the Cisco ISR G2 platforms enable delivery of telepresence that combines advanced visual, audio, and interactive technologies to create a unique, "in-person" experience in the branch office over the network.
• Cisco Unified MeetingPlace®conferencing: The Cisco Unified MeetingPlace conferencing solution is a complete multimedia conferencing solution with voice, video, and web conferencing. Offering industry-leading video setup and control capabilities, Cisco Unified MeetingPlace conferencing helps branch-office managers remain in constant contact with executives at headquarters. Its conferencing capabilities support a range of applications, from highly collaborative meetings to training sessions and presentations.
• The Cisco IP/TV: This comprehensive streaming solution delivers TV-quality video programming to desktop PCs or display screens; you can use it to provide video content or video on demand. Branch-office personnel can access live or recorded events by using a program listing updated whenever events are scheduled or content is added. This capability also allows you to stream customer content to branch-office retail stores for promotional or educational purposes, for background music to be played, or for training sessions offered to personnel.
• The Cisco Application and Content Networking System (ACNS) on Cisco ISRs delivers standard- to high-definition video quality for live streaming events and video on demand (VoD) over IP networks. With Cisco ACNS, organizations can deliver effective, high-quality, large-scale corporate communications; on-demand training; and digital signage to remote and dispersed branch offices, schools, and stores. It eliminates the need for redundant digital media storage and streaming traffic traversing a WAN by taking advantage of unicast- and multicast-enabled LANs and WANs and preventing deployment of local storage and video-streaming servers at remote sites. It efficiently scales video offerings to more users.
• Video surveillance: By using the IP network, Cisco ISRs transform older physical security systems into enabling applications that enhance security and foster multigroup collaboration. The Cisco Video Surveillance Integrated Services Platform combines, on a single platform, the primary functions of an analog video gateway, a video management system, video switching, and inline power for the connected IP cameras and encoders. Integrating video switching functions in the platform reduces the complexity and lowers the cost of deploying video-surveillance capabilities with the flexibility to design video applications that are customized to unique requirements.
Other video-related capabilities on the Cisco ISR G2 complement the voice integration features and promote higher availability:
• Video SRST: This feature preserves video calling during network outages.
• Cisco Unified Communications Manager Express autoregistration: This feature allows no-touch deployments with few configuration errors.
• High-density video distribution: This feature uses the architectural improvements for voice processing in the ISR with the DSP on the motherboard, allowing high-density conferencing for Cisco Unified Communications Manager Express (with at least 8-party impromptu and 32-party meet-me calls). Additional capabilities offered through streaming licenses include unicast and multicast stream splitting, live broadcasts, and prepositioned digital media content for better end-user experiences.
4.6 WAN Optimization
To optimize WAN performance and bring more parity between LAN and WAN access speeds and experiences, the Cisco ISR G2 supports innovative bandwidth- and application-optimization solutions.
4.6.1 Cisco Wide Area Application Services
Cisco Wide Area Application Services (WAAS) provides a simple and efficient solution to improve application performance throughout the enterprise while also providing state-of-the-art WAN acceleration for TCP-based applications. Cisco WAAS optimizes TCP-based applications across the WAN by using technologies such as compression, data-redundancy elimination, transport optimization, application optimization, and caching.
The Cisco WAAS transparent architecture enables integration into the network and preservation of existing network services, thereby making WAN acceleration easy to deploy and operate. Network transparency and preservation of IP and TCP header information allows ease of operation and interoperability with network services such as QoS, NetFlow, access control lists (ACLs), firewalls, Cisco Optimized Edge Routing, and IP service-level agreements (SLAs). Cisco WAAS is easy to deploy and manage, and it integrates with Cisco IOS Software (Figure 8).
Figure 8. Cisco WAAS Optimization
Cisco WAAS is supported on the Cisco ISR G2 through Cisco IOS Software-based WAN optimization solutions and through dedicated service modules on the Cisco ISR.
Cisco WAAS Express is a Cisco IOS Software-based WAN optimization solution available on the entire Cisco ISR G2 router portfolio, providing a cost-effective scalable solution for smaller branch offices. Cisco WAAS Express is ideal for organizations that require bandwidth optimization and fast delivery of data over low-speed, high-latency WAN links from data centers. Cisco WAAS Express can double the available bandwidth and increase application scalability. Its ease of deployment and on-demand availability reduce operational expenses and branch-office footprint.
Cisco WAAS Express provides the most value on smaller links such as T1, E1, third-generation (3G), or serial links. Typical WAN links supported range from 2 to 10 Mbps. Product sizing and deployment guidelines are highlighted in Figure 9.
Organizations can enable Cisco WAAS Express as an "on-demand" service on the router, and can expand to Cisco WAAS on the SRE or dedicated WAAS appliance as business needs grow.
Figure 9. Cisco WAAS Sizing and Deployment Guidelines
Cisco WAAS on SRE offers router-integrated advanced WAN optimization and application-level protocol optimization technologies for branch offices, thereby offering remote-office users LAN-like performance when accessing centralized files and applications over the WAN. Cisco WAAS on SRE uses protocol-specific optimizations such as latency mitigation, object caching, metadata caching, and specific application optimizations such as Messaging Application Programming Interface (MAPI) for Microsoft Exchange and HTTP or Secure HTTP (SHTTP) for web applications.
Benefits of the Cisco WAAS Solution
Useful both for branch offices that want to optimize their network WAN bandwidth and consolidate their file servers and storage in centralized data centers and for service providers that want to add value to their bandwidth leasing, the Cisco WAAS solution provides significant overall benefits, including:
• Lower TCO: Cisco WAAS helps consolidate network, storage, and file servers centrally, and eliminate or postpone the need to upgrade network bandwidth on existing WAN links of multisite and global organizations.
• Enhanced data protection: Easier backup, restore, and disaster recovery helps ensure business continuity.
• Employee productivity: Protocol-specific optimizations enable faster access to centralized back-office applications and content, enhancing user productivity.
• Latency, bandwidth, and throughput improvements: The Cisco Network Capacity Expansion (NCE) Module on Cisco ISRs cost-effectively enables expansion of available bandwidth, reduction in bandwidth usage, and increased data-transfer rates on WAN links. Transparent network integration allows Cisco WAAS to take advantage of traffic classification, QoS, policy-based routing, high availability, load balancing, and other network policies.
In turn, this solution permits network administrators to use freed bandwidth to roll out new applications such as voice and other advanced capabilities. They can additionally centralize remote resources to meet regulatory guidelines by consolidating branch-office servers, storage, and backup systems without affecting users. Cisco WAAS also improves the end-user experience by reducing latency, helping make workers more productive.
Administrators benefit from a more easily managed WAN through better monitoring and provisioning, through NetFlow v9, better performance, visibility monitoring, and IP SLAs. They are also able to better preserve network services and protect their investment with dynamic autodiscovery and network transparency. Based on additional bandwidth, applications meet their goals through better QoS and call control using advanced queuing, shaping, and policing.
Providing a framework for a unified wireless architecture, Cisco ISRs offer compelling wireless capabilities on the router platform.
4.7.1 Wireless LAN
Cisco ISRs with wireless services provide a complete, secure, wireless infrastructure solution for enterprise branch offices, SMBs, public wireless LAN (WLAN) and Wi-Fi hotspots, and small remote offices and teleworkers. The Cisco ISR portfolio supports integrated WLAN connectivity, Wi-Fi hotspot services, and centralized management.
Cisco is redefining best-in-class routing for the secure delivery of concurrent data, voice, video, and wireless services. The modular Cisco 1900, 2900, and 3900 Series as well as the fixed-configuration Cisco 800 Series Integrated Services Routers offer the industry's most comprehensive suite of wireless services to enable productivity enhancements for wireless enterprise branch offices, SMBs, public WLAN and Wi-Fi hotspots, small remote offices, and teleworker environments.
The Cisco ISRs supporting the Cisco Unified Wireless Network enable deployment of secure, manageable WLANs optimized for remote sites and branch offices, including fast secure mobility, survivable authentication, and simplified management. The Cisco Unified Wireless Network addresses critical points of potential failure and enables resiliency and survivability for WLANs at remote locations and branch offices. This solution protects the WLAN by providing fast recovery from a variety of faults that may occur. With Cisco's high availability for remote WLANs, hardware and software work together to enable rapid recovery from disruptions and help ensure fault transparency to users and network applications.
The new Cisco 860, 880, and 890 fixed routers and the Cisco 1941W with IEEE 802.11n support both unified and autonomous deployments and are ideal for small branch offices and teleworkers who need to be connected to larger enterprise networks as well as for small businesses. This integrated Wi-Fi access point offers IEEE 802.11n draft 2.0 standard support for mobile access to high-bandwidth data, voice, and video applications through the use of multiple-input, multiple-output (MIMO) technology that provides increased throughput, reliability, and predictability. IEEE 802.11n wireless networks create a cohesive working environment by combining the mobility of wireless with the performance of wired networks. Cisco has innovative, next-generation wireless solutions that offer greater performance and extended reach for pervasive wireless connectivity. IEEE 802.11n technology delivers outstanding reliability and up to nine times the throughput of current IEEE 802.11 a/b/g networks. It makes wireless networks an integral part of every type of organization by offering the following benefits:
• Data rates of up to 600 Mbps support more users, devices, and mission-critical, bandwidth-intensive applications.
• New MIMO technology provides predictable WLAN coverage and reliable connectivity.
• Next-generation wireless technology provides the greatest investment protection to support emerging mobile applications.
These routers help extend corporate networks to secure remote sites while giving users access to the same applications found in corporate offices for both data and voice applications. When users require WLAN access, visibility and control of network security are even more critical at the remote site. The new fixed Cisco ISRs meet this need with a single device that combines integrated IEEE 802.11g/n capabilities with security features such as Wi-Fi Protected Access (WPA), including authentication with IEEE 802.1X with the Cisco Light Extensible Authentication Protocol (LEAP) and Protected EAP (PEAP) and encryption with the WPA Temporal Key Integrity Protocol (TKIP).
Cisco Wireless LAN Controllers
Cisco Wireless LAN Controllers work in conjunction with Cisco Lightweight Access Points and the Cisco Wireless Control System (WCS) to provide systemwide WLAN functions. As components of the Cisco Unified Wireless Architecture, Cisco Wireless LAN Controllers offer network administrators the visibility and control necessary to effectively and securely manage business-class WLANs and mobility services, such as enhanced security, voice, guest access, and location services. Cisco Wireless LAN Controllers help reduce overall operating expenses by simplifying network deployment, operations, and management. The flexibility allows network managers to design networks to meet their specific needs, whether implementing standalone or highly integrated network designs (Figure 10).
Figure 10. Cisco Wireless LAN Controller Module with Cisco Integrated Services Routers
The Cisco Wireless LAN Controller Module allows SMBs and enterprise branch offices to cost-effectively deploy and manage secure WLANs. The module provides outstanding security, mobility, and ease of use for business-critical WLANs, delivering the most secure enterprise-class wireless system available today. As a Cisco Integrated Services Router module, it delivers centralized security policies, wireless intrusion-prevention-system (IPS) capabilities, award-winning radio frequency management, QoS, and Layer 3 fast secure roaming for WLANs. The Cisco Wireless LAN Controller Module manages 6, 12, and 25 Cisco Aironet® Lightweight Access Points and is supported on Cisco 2900 and 3900 Series Integrated Services Routers.
The Cisco Wireless LAN Controller Module enables enterprises to create and enforce policies that support business-critical applications. From voice and data services to location tracking, the module provides the control, scalability, and reliability that IT managers need to build secure enterprise-class IEEE 802.11 wireless networks.
Significant other benefits include the following:
• Intelligent RF management: The Cisco Wireless LAN Controller Module comes equipped with embedded software for adaptive real-time RF management. The Cisco Centralized Wireless Solution uses Cisco patent-pending Radio Resource Management (RRM) algorithms, which detect and adapt to changes in the air space in real time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks. Cisco RMM creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization of the wireless network.
• Enterprise-class security: The Cisco Wireless LAN Controller Module adheres to the strictest level of security standards, including:
– IEEE 802.1X with multiple Extensible Authentication Protocol (EAP) types: PEAP, EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-TTLS), and Cisco LEAP
The result is the industry's most comprehensive WLAN security solution.
In the Cisco Centralized Wireless LAN Solution, access points act as air monitors, communicating real-time information about the wireless domain to Cisco Wireless LAN Controllers. All security threats are rapidly identified and presented to network administrators through Cisco WCS, where accurate analysis can take place and corrective action can be taken.
Cisco provides the only WLAN system that offers simultaneous wireless protection and WLAN service delivery, helping ensure complete WLAN protection with no unnecessary overlay equipment costs or additional monitoring devices. You can deploy the Cisco Centralized Wireless LAN Solution initially as a standalone wireless IPS and reconfigure it later to add WLAN data service. This approach allows network managers to create a defense shield around their RF domains, containing unauthorized wireless activity until they are ready to deploy WLAN services.
• Real-time application support: The Cisco Centralized Wireless LAN Solution provides best-in-class performance to support real-time applications such as voice. The Cisco Wireless LAN Controller Module enables rapid hand-off between access points, providing smooth mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management of the air space. The Cisco Wireless LAN Controller Module also supports QoS capabilities that are Wi-Fi multimedia (WMM)-compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved through a software upgrade when the final standard is ratified.
• Mobility: The Cisco Wireless LAN Controller Module allows users to roam between access points and across bridged and routed subnets without requiring changes to underlying infrastructure. Security and QoS context information follows users wherever they roam, helping ensure that mobility does not compromise performance, reliability, or privacy. The Cisco Wireless LAN Controller Module does not require any modifications to existing infrastructures or client devices to enable mobility (mobile IP, for example).
• Simplified deployment and management: The Cisco Wireless LAN Controller Module is easy to deploy and cost-effective to own and operate. It provides high flexibility for deployment in SMBs and enterprise branch offices. It supports zero-touch deployments that do not require manual configuration or preconfiguration of the access points. It also supports template-based configuration management. These intuitive templates enable the quick application of systemwide security configurations, QoS policies, mobility groups, back-end services, and other critical configurations through the easy-to-use, award-winning Cisco Centralized Wireless LAN Solution user interface.
When deployed with the Cisco WCS, it supports enhanced monitoring and troubleshooting features, including intuitive heat-map displays, alarm filtering, event correlation, and granular reporting tools.
4.7.2 4G Wireless WAN
In markets where customers are constantly moving and business opportunities open up suddenly, you need to be able to quickly deliver enhanced services anywhere at any time. The 4G LTE solution on the Cisco second-generation integrated services routers (ISR G2) helps businesses expand rapidly while making critical applications and services available when and where needed.
The Cisco 4G LTE WWAN enhanced high-speed WAN interface card (EHWIC) offers a highly secure, simplified, and cost-effective WAN alternative to DSL or Frame Relay. In areas where terrestrial broadband services (cable, DSL, or T1) are not available or are expensive, 4G LTE WWAN connectivity can be a viable alternative.
With 4G LTE, wireless WAN (WWAN) is no longer just a backup solution. Businesses can run applications such as interactive video and telepresence on a primary 4G LTE WWAN link, which is 10 to 15 times faster with 5 times lower latency than 3G. Cisco 4G LTE EHWICs support peak uplink and downlink speeds of 50 and 100 Mbps, respectively, on the 20- x 20-MHz channel. Round-trip time (RTT) on the LTE is less than 50 ms.
The 4G solution enables businesses to reduce cost, complexity, and time to deployment by securely extending wireless mobility to any location covered by a 4G LTE tower, without compromising quality of experience and timely delivery.
3G Wireless WAN
With new high-speed 3G wireless technologies taking shape in the marketplace, businesses now have more reasons to engrain mobility into business processes. Many firms use 3G for remote-access connectivity for mobile workers. New advancements in downlink and uplink speed and lower network latency now enable 3G to be used for basic connectivity in the office to enable business-critical applications. 3G is no longer reserved for the mobile and field worker.
Cisco is offering 3G Wireless WAN on its ISR platforms to provide customers with true multipath WAN backup (Figure 11) and rapidly deployable primary WAN connectivity. Cisco 3G solutions support the latest 3G standards, HSPA (uplink data rate of 2.0 Mbps, upgradable to 5.7 Mbps and downlink 7.2 Mbps) and EVDO Rev A (uplink data rate of 1.8 Mbps and downlink of 3.2 Mbps), which are backward-compatible with widely deployed networks, namely, High-Speed Downlink Packet Access (HSDPA), Universal Mobile Telecommunications Service (UMTS), Enhanced Data GSM Environment (EDGE), and General Packet Radio Service (GPRS) and Evolution-Data Optimized (EVDO) Rev 0/1xRTT, respectively.
Cisco 3G WWAN supported on the Cisco 880 Series (fixed ISRs), Cisco 1841, 2800, and 3800 first-generation ISRs, and Cisco 1900, 2900, and 3900 second-generation ISRs (modular ISRs) combine traditional enterprise router functions such as remote management, and advanced IP services such as VoIP and security with mobility capabilities of 3G WAN access. Using high-speed 3G wireless networks, routers can replace or complement existing landline infrastructure, such as dialup, Frame Relay, and ISDN.
Cisco 3G WWAN supports the familiar Cisco IOS Software command-line interface (CLI) for modem activation and provisioning, the HTTP web interface option, and Simple Network Management Protocol (SNMP) 3G, Entity MIB, and IF MIB for remote modem management. Cisco 3G WWAN includes a wide range of accessory industrial-grade TNC antenna connectors with 15-, 20-, 50-, and 75-foot remote antenna options.
Figure 11. Cisco 3G WWAN HWIC for WAN Backup
Examples of use case scenarios for 3G-enabled ISRs follow:
• 3G as primary access: 3G provides typical uplink speeds of 600-1400 kbps, downlink speeds of 800-.3200 kbps, and round-trip latency under 120 ms; it offers a secure, high-speed and cost-effective alternative to traditional landline access methods such as Frame Relay and ISDN. Many environments that rely on ports providing uplink access in the 56- to 256-kbps range could benefit from added flexibility and mobility from 3G.
• 3G as backup access: Companies seeking network redundancy and business continuity for critical applications and communications can take advantage of emerging high-speed wireless networks as an optimal alternative to terrestrial wired connections.
• Cost savings and usability:3G-enabled ISRs can provide wireless access to retail environments that rely on low-speed port connections for point-of-sale transactions or new store site locations where wireline access may not be available.
• Solution flexibility and rapid implementation: With 3G-enabled ISRs you can use temporary locations such as ATM connections at sporting events or data connectivity to support promotional retail kiosks.
4.8 Cloud Infrastructure in the Branch Office
Multisite organizations are consolidating their infrastructure by moving applications to the data center, yet they continue to place a few essential applications locally in the branch office because of performance, survivability, or compliance requirements.
Taking advantage of advanced virtualization technologies, the Cisco ISR G2 routers enable rapid deployment of the newest applications in the branch office. Flexible and scalable, they support a wide variety of service deployment options, including cloud-based, hosted, or managed on-premises solutions. By enabling infrastructure to deliver cloud-based services, branch offices can increase use of local infrastructure, reduce application downtime and recovery time, and shorten the time needed to deploy local applications while lowering infrastructure and operating costs.
4.8.1 Cisco Unified Computing System Express
The Cisco Unified Computing System™ Express (Cisco UCS Express) is a converged computing, virtualization, and networking platform that enables the delivery of cloud-based services in the branch office. Cisco UCS Express extends unified data center infrastructure to the branch office. It is a platform for hosting essential infrastructure services and mission-critical business applications in the branch office. It consists of three platforms (Figure 12):
• Network platform: Servers and network devices can be housed under one chassis-the Cisco ISR G2. A multigigabit backplane switch directly connects the different components together without any need for physical wires.
• Computing platform: Cisco Services-Ready Engine (SRE) x86 blade serverthe form factor favored in data centers-is available to small and medium-sized branch offices and can be housed in the Cisco ISR G2 platforms.
• Virtualization platform: The Cisco SRE Virtualization (SRE-V) server virtualization platform is powered by VMware vSphere Hypervisor (ESXi). SRE-V is a joint Cisco and VMware solution that provides a bare-metal hypervisor for the branch office that enables consolidation of physical servers.
Although the physical infrastructure has been converged, the management of each platform has not. The same familiar tools used to manage the different functional domains-servers, virtualization, and network with their separated access control-are used to manage Cisco UCS Express.
Figure 12. Cisco UCS Express Components
Cisco UCS Express is best suited for multisite organizations with centralized IT infrastructure that need to host applications locally in the branch office. With Cisco UCS Express, multisite organizations can increase business agility, lower TCO, and get more value out of their branch-office infrastructure.
4.8.2 Cisco Server Virtualization Powered by VMware vSphere Hypervisor (ESXi)
Cisco SRE-V a jointly developed solution from Cisco and VMware, facilitates the consolidation of all branch-office network and application services into the Cisco ISR G2 routers. It combines the on-demand application provisioning capabilities of the Cisco SRE service module and the hardware-like reliability and performance of the VMware vSphere hypervisor into a server virtualization platform for the lean branch office.
Unlike appliance-based virtualization products, Cisco SRE-V combined with VMware vSphere hypervisor provides enterprise-class virtualization hosted on high-performance, feature-rich hardware.
The Cisco ISR G2 acts as a blade-server chassis capable of hosting one or more Cisco SRE-V modules, depending on the Cisco ISR model. Therefore, with just a small increase in power consumption (50W per module) and no increase in rack space or cabling, you can deploy one or more servers in the branch office. The Cisco SRE-V modules communicate with each other and the router over a multigigabit fabric backplane, eliminating the need for external cables. You can add IP addresses, switch-port assignment, and routing services including NAT, firewall, and IPS dynamically as required without the need to physically re-cable the modules.
Cisco SRE-V powered by the VMware vSphere hypervisor enhances the Cisco SRE on-demand application-provisioning model by providing the capability to host any application in the Cisco ISR G2 while taking advantage of all the benefits provided by virtualization such as:
• Lower infrastructure and operating costs
• Less application downtime and faster response time and failure recovery time
• Faster time to deployment for applications
Cisco SRE-V allows one or multiple instances of Microsoft Windows Server to run directly on the Cisco ISR G2. This capability helps organizations with the Cisco ISR G2 to consolidate Microsoft Windows applications and core Microsoft Windows services such as Microsoft Dynamic Host Configuration Protocol (DHCP) server, Domain Name System (DNS) server, Active Directory Domain Services, and print services on a single branch-office device.
Access to virtualization management tools is controlled and enforced by Cisco SRE-V Software or VMware vCenter Server.
5.0 Relevance to Managed Service Providers
Service providers offering managed services stand to gain significantly by deploying the Cisco ISR G2 as a managed customer-premises-equipment (CPE) offering. Today service providers all over the world are helping their customers turn on managed VPNs, firewall, NAT, high-touch security services, and voice solutions. With the emergence of new business models, from hosted models to software as a service (SaaS) to cloud, managed service providers will be able to offer CPE managed services that enable branch offices to adopt IT on demand for applications coming over the WAN. These new business models can easily be accomplished with the Cisco ISR G2 (Figure 13).
Figure 13. Cisco ISR G2 as a Complete Solution Platform for Managed Services
6.0 Energy Management
The Cisco Integrated Services Routers Generation 2 routers support Cisco EnergyWise technology at the platform level. The Cisco ISR G2 is the first series of routers to take advantage of the full Cisco EnergyWise capabilities natively. In brief, the Cisco EnergyWise system extends the ability to evaluate, monitor, and control devices throughout a network in order to reduce operating expenses (OpEx) and greenhouse gas emissions (refer to Figure 14).
Figure 14. Cisco EnergyWise Technology Benefits
With Cisco EnergyWise, evaluation, monitoring, and controlling network power consumption is accomplished by using a unique domain-naming method to group endpoints at an enterprise scale. This solution monitors the power of all Cisco network-connected devices, from PoE devices to IP-enabled building controllers, and reports aggregate power consumption to provide a clear understanding of an organization's power habits. With Cisco EnergyWise, you can instruct servers and PCs to enter a low-power state and control facilities such as lighting, heating, ventilation, and air conditioning (HVAC).
The Cisco EnergyWise solution enables network sustainability by offering a holistic approach to reduce energy costs and greenhouse gas emissions (GHGs), increase overall operating efficiency, and attain sustainable business behavior.
Rising energy costs, environmental concerns, and new government regulations are accelerating a global effort to monitor and conserve the power required to create and operate networks. At the same time, we are expanding the capacity and functions of those same networks, expecting to do more with less.
The Cisco Integrated Services Routers Generation 2 platforms were designed with a holistic approach to reduce their environmental effect throughout the product lifecycle through:
1. Efficiency in manufacturing and deployment: Consolidating a broad set of networking and application services onto a single platform, the Cisco ISR G2, resulted in significantly lower consumption of raw materials, including sheet metal, electronic components, and the energy required to build multiple systems.
2. Operational efficiencies: The new power supplies operate at 85-percent efficiency under typical power load, representing an improvement of approximately 30 percent over previous designs. This savings is multiplied when one Cisco ISR G2 platform is used to consolidate several standalone systems. For example, you can reduce the power associated with your applications deployment by up to 75 percent.
3. End of life-reduce, reuse, and recycle: The Cisco ISR G2 system is designed for backward compatibility with network modules currently in production networks. Reusing modules and consolidating peripheral appliances conserve materials and save costs.
7.0 Business Benefits of a Cisco Integrated Services Router
Built on 25 years of innovation and product leadership along with broad market acceptance, the new generation of access routers continues to optimize service integration to transform the branch-office experience with the speed, scale, and flexibility to deliver tomorrow's services transparently at a low cost of ownership. The benefits of using integrated services on the branch-office router are manifold for both the device owner who owns and manages the device and the end user who experiences services off the integrated services router.
Lower operating costs and TCO are achieved with a best-in-class, integrated single-box solution in a small form factor compared to multiple-box solutions. Typically the costs for initial purchase are minimal compared to the ongoing operating costs. The industry generally assigns 20 percent of the total lifetime costs for a system toward capital expenditures (CapEx) and the remaining 80 percent toward OpEx and unscheduled blackouts (Figure 15).
Figure 15. Comparing TCO of a Cisco ISR G2 with Overlay Appliances
An internal Cisco commissioned study to find out the TCO savings for the Cisco Integrated Services Router as opposed to a set of comparable overlay appliances (for a similar functional solution deliverable) estimated direct and indirect cost savings in the range of 50 to 70 percent per year considering operating costs alone.
Other benefits include:
• Enhance productivity through increased video-based collaboration and rich-media services, and optimized application delivery.
• Optimize energy usage with slot-based controls to decrease costs and support sustainability.
• Simplify network management through effective monitoring and diagnostics with integrated operations, administration, and maintenance (OA&M) capabilities for easier troubleshooting, and applications such as Network-Based Application Recognition (NBAR) for traffic management.
• Improve operational efficiency; it is easier to configure, deploy, and maintain a network with a single Cisco IOS Software solution, and increase the accuracy, speed, and efficiency of deployment.
• Protect your investment with support for most of the prior generation of ISR interfaces.
• Simplify end-to-end solution design with proven Cisco validated designs, simpler topologies, and fewer interoperability concerns-a scenario that leads to a superior solution.
• Increase availability with multilevel redundancy and quick failover at either a system or network level.
• Help ensure that your network will be compatible with future generations with access to best-in-class services that are scalable and offer the flexibility to deploy new innovative solutions on demand.
• Mitigate risk with the Cisco brand; buying and deploying a Cisco ISR also means building on the staying power of a market leader with a proven history of meeting customer and channel commitments.
8.0 Cisco and Partner Services for the Cisco ISR G2
Services for the Cisco ISR G2 platforms help plan, build, and run a more intelligent, responsive, integrated routing and switching network. The technical services for Cisco ISR G2 include:
• Cisco SMARTnet®Service: Simplifies the customer experience when engaging with Cisco Technical Assistance Center (TAC) from a diagnosis, troubleshooting, and resolution perspective
• Cisco Services for IPS: Improves security with hardware and OS support plus signature updates for ISR G2 chassis with an IPS feature set.
• Cisco Software Application Support plus Upgrades (SASU): Entitles support and upgrades for any Cisco software application running on the SRE through a single SASU contract.