Managed Wide Area Application Services (WAAS) that qualify for the Cisco Powered designation are built end to end with Cisco products and enable you to deliver a powerful application acceleration and WAN optimization solution for the branch office. The managed services improve the performance of any TCP-based application operating in a WAN environment and enable IT organizations to:
Consolidate costly branch-office servers and storage into centrally managed data centers
Deploy new applications directly from a data center
Offer LAN-like application performance for remote users
Strategic Managed Services
Managed WAAS with the Strategic designation include a full suite of WAAS-enabled services that can be implemented immediately or incrementally. The services are delivered in a symmetric configuration of Wide-Area Application Engines (WAEs) involving a WAAS headend and remote site.
Managed WAAS are a good up-sell for that you can offer in conjunction with existing managed services such as a managed router or managed firewall.
The services deliver:
24-hour management, monitoring, and maintenance
Comprehensive SLAs covering the overall performance of the service
The Provider must offer a "WAN Optimization" type service(s) based on technologies enabled by WAAS Transport license. The WAAS Transport license include Data Redundancy Elimination (DRE), Persistent LZ Compression (PLZ), Transport (TCP) Flow Optimization (TFO), and Application Traffic Policy (ATP).
Verify WAAS Transport licenses are enabled as a minimum on all WAEs supporting a "WAN Optimization" type service offer by the Provider.
The Provider must offer an "Application Acceleration" type service(s) specifically for one or more applications that are outlined in the categories below, as enabled by the WAAS Enterprise license. The offered service may additionally be accompanied by the appropriate related server consolidation (the migration of servers to the centralized data center as enabled by WAAS).
- File Services: CIFS acceleration (Windows), file Pre-Positioning
- Print Services (for Windows)
- Email: Microsoft Exchange, Internet Mail, Lotus Notes
- Web & Collaboration: HTTP, WebDAV, FTP, Microsoft Sharepoint
- Software Distribution: Microsoft SMS, Altiris, HP Radia
- Enterprise Applications: Microsoft SQL, Oracle, SAP, Lotus Notes
- Backup Applications: Microsoft NT Backup, Legato Networker, Veritas Netbackup, CommVault Galaxy
- Data Replication: EMC SRDF/A, EMC IP Replicator, NetApp SnapMirror, Data Domain, Double-Take, Veritas Vol Replicator
Verify WAAS Enterprise licenses are enabled as a minimum on all WAEs supporting an "Application Acceleration" type service offer by the Provider. Verify if the service is accompanied by its appropriate related server consolidation (optional).
If the Provider offers greater application networking solutions to complement a managed WAAS service then they are entitled to the same product discount on the following Cisco product families: ACE XML Gateway, ACE Global Services Switch (or Global Site Selector) GSS, Application Velocity System (AVS), Application Networking Manager (ANM), Content Switching Module (CSM), ASA 5500 Series Adaptive Security Appliances, PIX 500 Series Security Appliances, VPN 3000 Series Products, Cisco Secure Access Control Server
Verify if Provider is offering greater application networking services to complement their managed WAAS offerings
Each WAAS remote branch site must be deployed in one of the following configurations:
1) Integrated router WAE network module running in network integrated off-path intercept mode with WCCPv2 protocol
2) WAE appliance running in network integrated off-path intercept mode with WCCPv2 protocol
3) WAE appliance running in simple transparent in-line mode
Verify each branch site is deployed in one of the three configurations stated. However, all sites combined can be deployed in any combination of the three configurations
The WAAS headend site, which is pairing with each remote site, must be deployed in one of the following configurations:
1) WAE appliance running in network integrated off-path intercept mode with WCCPv2 protocol
2) WAE appliance running in network integrated intercept mode with ACE (Application Control Engine) series. ACE can be deployed on either a blade integrated into a switch/router or as a standalone appliance
Verify headend is deployed in one of two configurations stated
WAAS Headend sites must be deployed in a high-availabilily redundant configuration, meaning a cluster must exist with two or more WAEs using either of the following configurations:
1) Network integrated off-path intercept mode with WCCPv2 protocol
With WCCPv2 intercept, active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operation.
2) Network integrated intercept mode with ACE (Application Control Engine) series
ACE can be deployed on either a blade integrated into a switch/router or as a standalone appliance.
ACE is recommended for the most demanding headend environments and can scale to support hunderds of WAEs in numerous clusters and also provide automatic load-balancing, load redistribution, fail-over, and fail through operation.
Validate headend is deployed in a cluster configuration of two or more WAEs running in WCCPv2 mode or with ACE network integration
The Provider must offer a high-availability redundant WAE option for remote branch sites. Each of these remote branch sites must be deployed in either of the following configurations:
1) Two or more WAE appliances in a cluster running in network integrated off-path intercept mode with WCCPv2
2) Two or more WAE appliances running transparent serial in-line clustering
Verify the Provider offers or has customers on a high-availability redundant deployment option for remote branch sites. Verify these remote sites conform to the two options as outlined
Disk encryption for data at rest must be deployed for all headend and remote WAEs, using FIPS 140-2 level 2 compliant 256-bit AES disk encryption with automatic and centralized key management
Verify Provider requires WAAS service to have all WAEs running disk encryption as outlined. Verify all deployments have required Enterprise license and are running WAAS 4.0 or greater software
Provider must offer complete stateful firewall inspection and network virus scanning for all accelerated traffic, and integrate seamlessly and transparently into network security, visibility, and control functions. It must not break security practices of tunneling through and opening application ports in firewalls
Verify Provider offers or has customers running stateful firewall inspection and network virus scanning services, and that they are not violating security practices of tunneling through or opening ports in firewalls
Architecture and Technical Attributes
Requirement
Auditor Instructions (What to Look for)
The Provider must offer a "WAN Optimization" type service(s) based on technologies enabled by WAAS Transport license. The WAAS Transport license include Data Redundancy Elimination (DRE), Persistent LZ Compression (PLZ), Transport (TCP) Flow Optimization (TFO), and Application Traffic Policy (ATP)
Verify WAAS Transport licenses are enabled as a minimum on all WAEs supporting a "WAN Optimization" service offer by the Provider
Each WAAS remote branch site must be deployed in one of the following configurations:
1) Integrated router WAE network module running in network integrated off-path intercept mode with WCCPv2 protocol
2) WAE appliance running in network integrated off-path intercept mode with WCCPv2 protocol
3) WAE appliance running in simple transparent in-line mode
Verify each branch site is deployed in one of the three configurations stated. However, all sites combined can be deployed in any combination of the three configurations
The WAAS headend site, which is pairing with each remote site, must be deployed in the following configuration:
1) WAE appliance running in network integrated off-path intercept mode with WCCPv2 protocol
Verify headend is deployed in one of two configurations stated
Disk encryption for data at rest must be offered for headend and remote WAEs, using FIPS 140-2 level 2 compliant 256-bit AES disk encryption with automatic and centralized key management
Verify Provider offers or has customers running disk encryption as outlined. Verify those offers and deployments have required Enterprise license and are running WAAS 4.0 or greater software
There are no services being offered at the Legacy level.
