Downloads |
A new application, Cisco® TelePresence, makes high demands on the network for quality of service, availability, and security. It is a good case study of what your enterprise network will need in the future, as more applications are developed that have performance standards just as high. Is your network ready?
Mobile workers travel for good reason: What makes important meetings effective is the ability to see people's expressions and body language, not just broadly, but in fine detail: a mild shrug or slightly raised eyebrow that denotes skepticism, a slight leaning forward or intensity in the eyes that indicates enthusiasm.
Research shows that more than 60 percent of the communication in a meeting is nonverbal. So there is a clear reason for meeting face to face. Videoconferencing works for some meetings, but it cannot deliver that slight shrug or look of enthusiasm. It simply does not convey enough detail. Participants need to be there.
Until now. Cisco TelePresence, introduced in late 2006, recreates the same "in person" experience: It essentially feels like being there, even from opposite ends of the globe. People who meet using this application are virtually in the same room. They see each other life-size with lifelike realism, able to catch all the nuances of expression and body language they would see being physically in the same room. They speak naturally face to face, looking at each other. Sitting around a virtual conference table, they hear sound coming from where the person speaking is sitting in the room.
The service is already reducing travel costs for enterprises, and not just dollars. It is also reducing opportunity costs: time and availability of employees lost while they are in transit.
Cisco TelePresence can run on your enterprise's existing converged network and does not require a dedicated and separately managed infrastructure. It uses an intelligent network, allowing it to coexist with other applications. This means real savings to your business in capital and operating expenses. To take advantage of this, companies need to make sure that their infrastructures are capable of handling its demands and those of other next-generation applications to come.
Specifically, your network must exhibit the following four critical attributes from end to end:
• Quality of Service (QoS): Your network should have the intelligence to identify each application being delivered and act accordingly, giving priority to critical ones and assuring each the bandwidth and quality of service it needs, while also optimizing use of network facilities.
• Nonstop communications: Business continuity requires that networks be available for critical applications. Networks must also have the minimum of downtime for all applications, because outages can result in lost productivity, loss of business, and lower customer satisfaction.
• Integrated security: Your network must use all available defenses in a coordinated way to protect client identity and application/data confidentiality from internal and external threats.
• Operational manageability: As applications become more demanding and complex, your network must become simpler to manage. Moreover, tools must be available to plan application deployments successfully, monitor QoS, and make the most effective use of your network.
Quality of Service
The high quality of the Cisco TelePresence experience is a distinguishing characteristic. To avoid blurred or discontinuous pixels in the middle of someone's eye and enable real-life imaging, the application imposes new requirements on your network. For example, whereas most IP applications have one-way latency targets of 400 to 450 ms, for best performance this one requires one-way latency end to end of no more than 150 ms. Similarly, jitter cannot exceed 10 ms, and the target for packet loss is 0.05 percent.
Furthermore, video transmission in particular is not "well behaved." It is bursty, even by data standards, and very sensitive to dropped packets. Cisco TelePresence is no exception. Packet sizes and rates vary with the amount of motion in the video image, and, when it is transmitting, the application requires from 5 to 15 Mbps into each meeting room, depending on the number of sites, plasma screens, and pixels per screen.
To deliver the best Cisco TelePresence experience, all parts of your network infrastructure must collaborate to support intelligent QoS policies that are compatible at all LAN and WAN nodes. This requires your network to address the following capabilities:
• Compatible end-to-end QoS
• Stateful application intelligence
Compatible End-to-End QoS
QoS for any application is only as good as the QoS of the weakest link. Creating the high levels needed for this and other new applications depends on designing them into your network coherently from end to end, rather than one device at a time.
To address the latency requirement, all Ethernet interfaces that carry Cisco TelePresence traffic must be at least one Gigabit in capacity. In addition, Cisco TelePresence should be assigned to a dedicated priority queue on all interfaces it traverses. Addressing the transmission bursts and preventing dropped packets require adequate transmit buffer memory.
To this end, dedicated queuing and buffer capacity along with Gigabit Ethernet ports are available on Cisco routers and switches. This minimizes the effects of congestion in the LAN and WAN nodes of the network, thereby preserving the quality of the transmitted video image.
Your network should also be able to provision an end-to-end QoS policy. Cisco QoS tools make this simple. For example, Cisco AutoQoS simplifies provisioning of QoS priorities in Cisco IOS® Software by identifying traffic types and configuring QoS policies appropriate to that traffic. CiscoWorks QoS Policy Manager centrally manages QoS policy creation, deployment, and monitoring.
Stateful Application Intelligence
Because Cisco TelePresence can reside on a converged network, it must coexist with other applications on your network. The growing rise of recreational applications and peer-to-peer traffic can affect the delivery of critical applications. To address this, switches and routers can be equipped to inspect and prioritize traffic at the packet level. This capability, which is built into Cisco integrated services routers (ISRs) and is now available at multigigabit line speeds on Cisco Catalyst® 6500 Series Switches with the new Cisco Catalyst 6500 Supervisor Engine 32 PISA. The Deep Packet Inspection and application recognition that PISA performs prioritize traffic for critical applications. In addition, it can identify and control lower priority traffic on your network. This helps ensure that business-critical applications and Cisco TelePresence get the necessary priority and coexist on the same network.
Nonstop Communications
QoS depends on high availability: without it, there is no QoS. Your network must maintain 99.999 percent availability from one meeting room to another. This may seem daunting, but it can be achieved with today's technology and best practices.
An application such as Cisco TelePresence must be available whenever needed, for as long as needed. It must remain up and running even through network maintenance and mitigation of problems. The network must have a wide range of attributes that keep it available, including:
• Resiliency
• Automated recovery
• Load balancing
Resiliency across the entire network can be delivered by software features such as Nonstop Forwarding (NSF) and Stateful Switchover (SSO). NSF maintains routing information between redundant processors in a router, enabling changeovers without packet losses. SSO maintains link-layer state information on network links so packets continue to be forwarded if a route processor fails. Optimized Edge Routing avoids congestion in the network by dynamically selecting the best path. Collectively these help ensure that the Cisco TelePresence traffic continues to reach its destination even under failure of a primary supervisor or disruptions in your network.
Cisco IOS Software Modularity helps in several ways to maintain availability. Cisco IOS Software consists of hundreds of subsystems that cooperate in a shared memory space to maximize performance. Features such as In-Service Software Upgrades (ISSU) reduce downtime caused by planned maintenance and software upgrades, even for an entire Cisco IOS Software image. With subsystem ISSU, which is available on Cisco Catalyst 6500 Series Switches, even individual Cisco IOS Software modules can be upgraded without restarting the system. In addition, the modular processes can be restarted individually. A high-availability subsystem constantly checks the health of switch processes and can, if necessary, even initiate a supervisor engine switchover or a system restart.
Load-balancing technologies, which maximize the use of bandwidth and distribute traffic evenly among devices, can also enhance availability. Tools such as these make sure that your network will accommodate sensitive traffic such as voice and video, and now Cisco TelePresence.
Integrated Security
Security protects confidentiality. Executives and managers meeting using Cisco TelePresence are often discussing strategic directions, sales data, mergers, and other extremely proprietary information, so their communications must be thoroughly guarded from both internal and external threats.
Among other things, the network's security attributes must:
• Be self-defending, using adaptive technologies that automatically recognize even day-zero threats and protect against them
• Provide wide deployment and integration, with protection in multiple levels and layers throughout the network
• Provide comprehensive, easy-to-use security management
Self-Defending Network
A truly self-defending network must have certain capabilities: It must protect against the most common problems through multiple firewalls, intrusion prevention and detection capabilities, network admission controls, and other specific types of protection. And it should find and circumvent threats automatically, without human intervention.
These functions must be integrated into systems across your network, including routers, switches, and standalone devices at all levels. In turn, these devices must collaborate with each other, using information from other systems to monitor traffic and search for threats. For example, an intrusion prevention system can update an access control list to deny access to a threat it has identified.
Your network should also protect against snooping and attempts to intercept communications. The Cisco Catalyst integrated security feature, available on Cisco Catalyst switches, provides tools to protect against man-in-the-middle attacks, unauthorized Dynamic Host Configuration Protocol (DHCP) servers responding to DHCP requests, and IP address spoofing.
The network should also employ adaptive security capabilities. With Deep Packet Inspection, for example, various systems can penetrate far into packets to read origin, destination, and payload information with which to assess the content and behavior of traffic flows, thwarting intruders before they ever get into your network. The PISA engine on Cisco Catalyst 6500 Series Switches performs Flexible Packet Matching at line speeds for day-zero protection. It can detect not only known threats, but also variants that have similar but not identical signatures, as well as protection against a multitude of other threats.
Wide Deployment and Integration
The Cisco switches and routers include mechanisms to avert denial-of-service attacks, Network Access Control to control network access, intrusion detection and intrusion protection systems to provide protection from threats, identity-based networking services, and many others. All based on Cisco IOS Software, these features work together, taking advantage of each other's intelligence to deliver highly integrated security.
This compatibility and coordination of technologies allow the defenses that cover end and aggregation points to collaborate: Access point defenses prevent intruders from getting on the LAN; aggregation systems keep them off the WAN and also provide backup checks.
Comprehensive, Easy Security Management
The network must then incorporate security management tools that are both comprehensive and easy to use. Network personnel need to be able to configure multiple security capabilities on firewalls and appliances throughout your network simultaneously with just a few clicks, rather than configuring different systems separately. Since one of the distinguishing characteristics of Cisco TelePresence is its ease of use, that should be reflected in the network that supports it.
Automated tools must be able to monitor and analyze the network, correlating reports of security incidents across the entire network and then indicating to network personnel the best place for mitigation. They should also protect against threats aimed both at endpoints (such as phishing, viruses, spam) and at the network (such as worms, spyware, and Trojan horses).
Protected by these technologies, your network will be able to detect and mitigate harmful activities collaboratively and automatically, without human intervention, before they affect the quality of the Cisco TelePresence session.
Operational Manageability
In addition to application intelligence, nonstop communications, and security, next-generation applications such as Cisco TelePresence require a network that makes them easy to deploy and manage. Management tools should:
• Assess whether the company's network is capable of supporting the application
• Manage the health of the converged network
Assessing Network Readiness
As with many applications, there are specific tools that evaluate network preparedness and service quality. In addition to these, the well-qualified network must possess broad-ranging tools that monitor overall its ability to support demanding applications. The TelePresence Readiness Assessment Manager determines if a company's network is suitable for deploying the service and how best to do so.
The Cisco Network Planning Solution is another predictive tool. It can help predict the effects of deploying new technologies, protocols, or hosted applications, including voice and video services on your network. It models and analyzes your network infrastructure, allowing it to simulate application traffic flows. It then clarifies routing dynamics and identifies nodes where the potential for congestion exists. This information, in turn, can be used to help ensure that all the devices at those nodes are adequate to handle the multiple applications. This helps ensure that Cisco TelePresence can coexist on your network with your other business-critical applications.
Managing Network Health
The Cisco Network Application Performance Analysis solution helps IT managers answer questions such as how a new application will affect the existing infrastructure and other applications and how to control network traffic based on application priority. In addition, when a problem arises, Network Application Performance Analysis tools can visualize the complex interactions between applications and the network, to identify the specific source of a problem. This is especially useful when deploying a new application, such as Cisco TelePresence, on a converged network.
Cisco IOS NetFlow monitors the converged network's performance, tracking usage of applications, peak usage times, traffic routing, security, and other factors of traffic flow.
The Cisco Network Analysis Module (NAM), integrated into Cisco Catalyst 6500 Series Switches as well as Cisco 7600 Series Routers and Cisco integrated services routers, also monitor the operating network with a rich set of data collection and analysis capabilities. This enables them to see down to the individual packet level, from inside the router or switch, so your IT personnel can better understand how the network is being used and what the performance is. On the switches and the larger routers, the NAM now supports Encapsulated Remote Switched Port Analyzer, which extends traffic monitoring to remote parts of your network.
Based on the information provided by NetFlow and NAM, the Performance Visibility Manager can set thresholds based on the applications running. This allows it to monitor the performance of applications, for example, Cisco TelePresence, and provide alerts if issues are detected.
An Embedded Event Manager can help automate network management by detecting specific events such as failovers, timers, online diagnostic activities, counters, and application usage and then invoking actions based on custom scripts written by network personnel. An action might be sending an e-mail or page, issuing a command-line interface command, or restarting the switch.
Breadth and depth of network management tools help to ensure satisfactory user experiences with any application, and by enabling greater automation, they ease the role of IT professionals. This is all the more necessary as both the applications and the networks on which they are deployed become more complex.
It Is All About the Experience
Applications are only as good as their delivery. An application that runs slowly or with poor quality will not be useful. Yet applications are the tools with which your enterprise builds productivity. Cisco TelePresence is a new and exciting application that is already delivering benefits for businesses. In terms of the demands applications will make to help ensure user experience, Cisco TelePresence is just the beginning. More applications just as demanding of network capabilities are on the way, and for your business to make use of them, you must be sure your network is ready.
To meet the needs of your business, your network must support the most demanding applications with application intelligence, nonstop communications, integrated security, and ease of management.
Applications such as Cisco TelePresence are all about the experience. Your network delivers the experience. Is your network ready?