Cisco ASR 1000 Zone-Based Firewall helps Sycor secure WAN edge, triple bandwidth.
Sycor is a provider of comprehensive IT services, including high availability IT outsourcing solutions and consulting. Sycor specializes in SAP ERP and Microsoft Dynamics AX services and solutions for mid-sized organizations in manufacturing, mobile goods rental, process and retail industries.
Sycor runs a worldwide network of more than 100 WAN connections from its headquarters in Göttingen, Germany, with branch offices throughout Europe, Asia, and the Americas.
Sycor's global reputation is founded on its intense focus on meeting its clients' data security and privacy, high availability, and performance needs. To help ensure high uptime performance, the service provider maintains two data centers in Göttingen as well as a remote disaster recovery center.
Michael Kunze, head of Global Voice and Data Communications, anticipates growing business trends for Sycor. Some years ago, he noted that companies of all sizes were looking to move their manufacturing and services sites overseas to cut costs. That trend created big market opportunities for service providers such as Sycor. As Kunze says, "Mid-sized companies were willing to try outsourcing IT services because of the security and regulation compliance concerns, and infrastructure complexity and costs involved in supporting a globally interconnected enterprise network."
Cisco® market research predicts that global business Internet fixed and mobile devices and connections (including M2M connections) will grow from 2.2 billion in 2011 to 5.0 billion by 2016, an 18 percent compounded annual growth rate. (Cisco Visual Networking Index Services Adoption Forecast 2011 to 2016.)
To successfully capture this opportunity, Kunze knew that Sycor needed a powerful and agile combination of data center and WAN to overcome scalability and performance issues. But if his mid-sized customers are concerned about the security of their data, they are also very price-sensitive, so it was important to develop a solution that would help enable Sycor to provide high-quality secure outsourcing services while keeping operating costs low. "We wanted to be able to support all of our customers and networks without adding to our small IT staff," he says.
Kunze had a specific list of requirements for the equipment that would power his state-of-the-art service provider network:
• Scalable platform that would easily accommodate minimum of 3-5 years of bandwidth growth
• Smooth connection between data center and WAN
• Redundant stateful firewall security with split-second failover to help ensure data transmission and content privacy and uninterrupted service
• Wire-speed performance even during traffic inspection and prioritization
Sycor is a long-time Cisco Select customer, so a logical choice for Kunze's needs was the Cisco ASR 1000 Series Router with high-density WAN link aggregation, 10-Gigabit Ethernet uplink capability, and network integrated stateful firewall with no performance degradation.
To eliminate traffic flow delays, the Cisco ASR 1000 features Embedded Services Processors (ESPs) that handle data-plane processing tasks as network traffic flows through them. As a result, multigigabits of bandwidth can be routed at the same time the ASR 1000 performs traffic inspection and prioritization.
At a Cisco workshop and subsequent onsite demonstration with a local partner, he learned how zone-based firewalling, together with the virtual routing and forwarding (VRF)-aware Enhanced Interior Gateway Routing Protocol (EIGRP), could help Sycor build a secure, scalable, and highly available managed service within a multitenant environment. With these features, the service provider could streamline its infrastructure to avoid unnecessary overhead and offer more services more efficiently.
Today, Kunze and his IT staff have a secure, solid data center to power Sycor's operations. As shown in Figure 1, the ASR 1000 router connects, secures, and separates customer traffic, creating a smooth wire-speed connection between the data center and the WAN. A second hot-standby ASR 1000 helps ensure the rigorous "5-nine" uptime requirements that Sycor customers rely on. The embedded Cisco ASR 1000 Zone-Based Firewall completely blocks client traffic flows.
"With the ASR 1000 router, we can secure the data center and have wire speed routing capabilities, eliminating the need for a dedicated firewall appliance. It's IOS XE-based zone based firewall and dynamic routing capabilities integrate smoothly into our existing network, securing the network zones while keeping full dynamic routing," says Kunze.
GUI-based firewall monitoring application developed by the IT staff gives them a clear picture of those individual traffic flow profiles across the network.
Behind the ASR 1000 routers in the data center, high-performance Cisco Catalyst® and Cisco Nexus® switches support customer-hosted services and shared resources on storage area networks (SANs).
Figure 1. Sycor End-to-End Cisco Service Provider Network
Thanks to its service provider network based on Cisco technology, Sycor can confidently deliver complex consumer and business services with greater flexibility, and do so more efficiently and cost-effectively. Kunze and his small IT staff of 10 can easily support hundreds of customers and networks from the Göttingen headquarters.
Despite steady growth in customer video, voice, and data bandwidth demands, Sycor's network reliability and performance have proved to be rock solid. "By separating customer traffic in a very smart and secure way, the Cisco ASR 1000 Zone-Based Firewall eliminates complexity and reduces operation costs, while improving reliability and security," he says.
After three year of operation, Sycor still has plenty of capacity for every customer and has encountered no performance issues because the ASR 1000 creates a smooth connection between the data center and WAN. As a result, IT support hours have dropped 50 percent; the staff uses that recaptured time to develop and deliver more services for Sycor customers.
Kunze says, "For us, our homogenous Cisco network is a smart approach because it reduces complexity and interoperability issues. And, Cisco provides an unbeatable range of products for the network core, edge, and customer premise site."
Just as vital to Sycor's success are Cisco worldwide support services. "Partnering with Cisco gives us a global reach. Because we work with clients who do business all over the world, we rely on Cisco's high-quality support services and worldwide coverage," he says. Kunze and his staff strongly believe that Cisco has the services and products they need to successfully compete in the global arena.