Cisco's portfolio of data center solutions for Application Networking Services combine for the first time application control, performance, and security in a simplified and manageable infrastructure. This approach provides organizations with new levels of control over the way they deploy, operate, deliver, secure, and manage their applications and business services across the extended enterprise.
CHALLENGE
The data centers for enterprises and service providers face continual pressure to raise service speed, improve the reliability and quality of service, and reduce costs. Applications may still be deployed and managed in separate silos across the network where application performance often is a secondary concern. Organizations use various point products to address the worst challenges in specific locations. And security and regulatory compliance mandates place further constraints on how IT can react. The IT groups in these organizations need solutions that give them more control over the application infrastructure, aggregate capabilities to simplify management, and deliver secure and accelerated application service across the extended enterprise.
To meet these challenges, enterprises and service providers require data-center solutions that:
• Deploy and migrate applications without adding to the application infrastructure
• Scale the application infrastructure
• Have multitier data-center and application security
• Provide distributed workflow
• Consolidate functionality, devices, and management
• Increase application throughput
SOLUTION
The Cisco Application Control Engine (ACE) is a new module for the Cisco Catalyst® 6500 Series Switch that enables greater control over application infrastructure, allowing organizations to deploy and migrate applications more quickly, deliver high levels of service to end users, and simplify the management and operation of their data centers. Coupled with the new application security updates to the Cisco Application Velocity System (AVS), Cisco ACE provides an application solution that overcomes the following challenges:
• Application control-Improving the way IT departments deploy, operate, and manage their application infrastructures
• Application performance-Helping ensure better service to end users, including scalability, availability, and failover
• Application security-Helping to protect critical applications, infrastructures, and data abuse and misuse
• Infrastructure simplicity-Reducing the complexity of the infrastructure, shrinking the number of devices and vendors, better integrating the network and the application, and lowering the cost of the infrastructure
BUSINESS BENEFITS
Application Control
Enterprises and service providers need flexible, scalable, and reliable platforms for application delivery. Cisco ACE can be logically partitioned to support virtually separate management contexts using a GUI-based manager, a powerful command-line interface (CLI), or an XML-based API. Resources can be allocated and managed based on business, application, or customer segmentation requirements. Change control (add, delete, change) can be done on a per logical/virtual instance, and role-based access control gives even more granular control with the ability to fully delegate management responsibility for a given instance.
Because ACE provides a layer of logical abstraction, it complements other virtualization and management approaches, including switching and routing, storage, and application and security services. This operational flexibility enables quick response to business and customer demands and does so at a lower cost. By ensuring the flexibility of deployment and change control, Cisco ACE delivers more scalable and more efficient utilization of the application infrastructure as a whole.
Application Performance
To meet business requirements application service must deliver scalability, high availability, and optimal performance to all users across the extended enterprise. By delivering 16 Gbps of raw throughput and 4 million bidirectional connections, the Cisco ACE solution can handle the largest production environments and be partitioned to be shared across different constituents. High availability is provided in a variety of active-active configurations, including across geographically dispersed data centers.
In conjunction with Cisco AVS, Cisco ACE delivers high application performance including high throughput in Layers 2 through 7, highly scalable Secure Sockets Layer (SSL) acceleration and offload, TCP reuse or connection optimization, latency mitigation, and compression, reducing the burden on servers and significantly enhancing the delivery of applications. In addition, this solution provides graphical views of application performance metrics including end-user response times, helping to quickly identify and troubleshoot application bottlenecks. The result is more efficient use of network and server resources, which lowers costs for the entire application infrastructure as well as deployment and support costs for every application.
Application Security
Cisco's Self-Defending Network strategy provides multilayered, defend-in-depth security. As part of that concept, Cisco ACE and Cisco AVS provide multiple levels of application security including SSL encryption/decryption, bidirectional and full content inspection, positive and negative (whitelist and blacklist) security, protocol compliance, anomaly detection, transaction logging and reporting for security forensics, and other security features important for data-center applications.
Whereas intrusion prevention and intrusion detection systems protect Web servers, the Cisco ACE and Cisco AVS solution protects against vulnerabilities in Web-based applications. What firewalls accomplish at the network level-denying all activities unless explicitly allowed-Cisco ACE and AVS accomplishes at the application level. A rules-based, policy-directed approach helps ensure that automated requests to and from the application comply with policy and do not, for example, include a request to turn off the application.
In a typical threat scenario, an attacker uses a Web proxy that resides on a legitimate user's desktop. The attacker can tamper with message headers, protocols, or payloads-for example, by inserting malicious code into different parts of the application. Developers often do not protect their code from these types of attacks.
The Cisco ACE and AVS solution provides protection against entire classes of attacks. Unlike signature-based protection, which handles only specific known threats, or learned-rules-based protection, which requires an extensive training phase, the Cisco ACE and AVS security solution protects applications from both known and unknown threats. The AppScope graphical tool on the Cisco AVS 3180 appliance also provides a view of activity between the data center and any remote location, facilitating the isolation and resolution of any problems.
Infrastructure Simplicity
The Cisco ACE module provides a wide variety of optimization, offload, and security capabilities within a single device. Incorporating these functions in a fabric-based hardware-accelerated architecture and within a single data flow allows highly efficient use of its resources. All policy decisions can be made and applied at one time rather than executing expensive operations in multiple locations across the infrastructure. With functions such as connection management, SSL offload, and payload analysis, Cisco ACE allows IT to collapse tiers within the infrastructure. With functional integration providing vertical simplification and application control allowing horizontal simplification, Cisco ACE transforms the application infrastructure and the ways in which IT can take control of business demands.
SUPPORTING SOLUTIONS, PRODUCTS, PARTNERS, OR SERVICE OFFERINGS
Cisco Application Networking Services consists of three solution groups:
Besides Cisco ACE, the Cisco Application Networking Services portfolio includes several other appliances and software modules.
The Cisco AVS 3120 Application Velocity System significantly lowers the cost of Web application deployments by accelerating performance and optimizing server and network resources. In addition, more business transactions are achieved per minute, reducing the need for local data centers. Acceleration is accomplished by reducing latency and bandwidth required for any given Web application. The Cisco AVS 3120 also provides Web application security and delivers strong attack protection. High visibility into the application layer enables the Cisco AVS 3120 to provide real-time threat detection and analysis.
Other data center solutions for Cisco Application Networking products include:
For application networking over a wide area, the Cisco Wide Area Application Services solution provides remote offices with access to centrally hosted applications, servers, storage, and rich media in a common managed form, while offering LAN-like performance. These services also support video streaming and distribution, application and content filtering, and automated software distribution. Products include:
Cisco Application-Oriented Networking (AON) brings to the Cisco Application Networking Services products the ability to deliver application infrastructure functions as network-based services. Cisco AON helps simplify enterprise application deployment, integration, and management by providing common infrastructure capabilities directly within the network. This intelligent network can understand application messages (such as purchase orders, delivery notices, or stock trades) and apply policies such as those for routing, transformation, and security. Cisco AON technology helps enterprises make the transition from an application-centric view to a service-oriented architecture that uses the network's inherent capabilities to reduce complexity and improve scalability.
WHY CISCO
Cisco Application Networking Services is a unified portfolio of data-center and wide-area solutions that secure, scale, optimize, and accelerate the delivery of internal- and external-facing applications. These products have comprehensive support from a global network of Cisco field personnel and partners, online support, certified training programs, open discussion forums, and equipment replacement in as little as four hours.
FOR MORE INFORMATION
For more information about Cisco Application Networking Services, Cisco data center solutions for Application Networking Services, Cisco ACE, or Cisco AVS, visit http://www.cisco.com/go/applicationservices or contact your local Cisco account representative.
