Cisco Application Networking For IBM WebSphere Portal .
Cisco Application Networking for IBMWebSphere Portal Deployment GuideCisco Validated DesignFebruary 18, 2009PrefaceDocument PurposeTo address challenges associated with today’s mission critical enterprise application deployments, Ciscooffers an enterprise network architecture for the ANS WebSphere solution with best practices andimplementation guidance that optimizes application availability, performance, and security and lowersapplication ownership costs.Featuring the Cisco Application Control Engine (ACE) and Wide Area Application Services (WAAS)product families, collectively known as Cisco Application Networking Services (ANS), that provide datacenter, branch, and remote end user application optimization services, the solution addresses thefollowing challenges for ANS WebSphere deployments: Recovery time and point objectives for business continuity End user performance over limited Wide Area Network (WAN) connections Security for service-oriented application architectures (SOA) Reduced capital and operational costsThe purpose of this document is to describe the ANS WebSphere Solution enterprise networkarchitecture and deployment best practices and guidance.PrerequisitesThe following prerequisites are required to deploy the IBM WebSphere Solution: Working knowledge of the WebSphere applicationAmericas Headquarters:Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2007 Cisco Systems, Inc. All rights reserved.
Solution Overview Experience with basic networking and troubleshooting Experience installing the Cisco products covered by this network design, including the Cisco ACEand WAAS product families Working knowledge of Cisco’s Internetworking Operating System (IOS)Document OrganizationSectionDescriptionSolution OverviewSolution Description – Application health monitoring—Continuously and intelligently monitors application anddatabase availability.– Server load balancing—Efficiently routes end user and Web services requests to the bestavailable server.– Network platform health monitoring—Ensures continuity of business operations throughmirroring end user transaction states across pairs of network devices.Application performanceCisco ACE and WAAS product family application optimization services for WebSphere highperformance:– WAN optimization—Provides intelligent caching, compression, and protocol optimization.2OL-15558-01
Solution Overview–Layer termination, and traffic compression, which frees up to 50 percent of application serverprocessing and memory to focus on business logic computations.Server load balancing—Substitutes for WebSphere load balancing.Secure Socket Layer (SSL) termination—Terminates 15,000 connections per second.Transmission Control Protocol (TCP) connection management—Reduces the number of TCPconnections to server.Server health monitoring—Substitutes for WebSphere native server health monitoring.Traffic compression—Scalable LZ compression functionality.Object caching—Reduce requests to server.Application securityCisco ACE product family application optimization services for optimized WebSphere datasecurity:SSL termination—Efficiently encrypts and decrypts SSL enabled traffic, which facilitates theuse of intrusion detection and prevention solutions before traffic reaches the servers.End user access control—Provides Access Control Lists (ACLs) to protect client-to-servertraffic from worms and intruders that attack vulnerable open server ports not used by theapplication.Virtualization of application optimization servicesVirtualization of application optimization services supplies such services for multiple WebSphereinstances as well as other enterprise applications (see Figure 1). Specifically, a single physical CiscoACE can be virtualized into multiple logical Cisco ACEs in which application traffic can traversebetween virtualized Cisco ACEs. This virtualization of load balancing is an exclusive Cisco feature.OL-15558-013
Figure 1Virtualization of Application Optimization ServicesBranch UsersRemote UsersWeb ServicesCisco WAASWANData CenterCisco ApplicationNetworking SolutionsCisco WAAS Cisco ACEMicrosoftSharePointBEAWebLogicCisco torage4
Figure 2Client 1WebSphere Manages the Middle Tier in a Three-Tier ModelClient 2Client 3NetworkDatabaseServer222919WebSphereServersNote5
Solution OverviewProcess FlowFigure 3Process FlowClient Side/BranchClient isperforming sitenavigation anddownloadsDoes any of the content reside on the local WAE – If yes, provide it to theclient, otherwise obtain from the server.Has the file to be downloaded been downloaded before and is now storedin the local WAE cache – If yes, forward the file to the client via thelocal WAE, otherwise obtain the file from the server.WAENote that if data must be retrieved from the server the Local WAEwill apply compression algorithms to data.WAN NetworkThis is the network with a set bandwidth value with some notable delay.Data Center Containing:Core, Aggregation,Access and ServersTraffic/Data from the Client WAE is uncompressed andforwarded to the Data Center Network.Traffic/Data from the Data Center will have a compression algorithmapplied to it by the Data Center WAE and forwarded to the Client Network.WAENote that Data Center WAE will cache data andprovide to the local servers.The ACE will verify the servers are active usinghealth checks and remove any that are non-operational.Traffic/Data from the Data Center WAE is now load balanced to theservers according to the parameter set the ACE.ACE6222792The ACE will perform Layer 4 thru Layer 7 rules (dependant on theapplication) to the traffic/data, this includes SSL offload and TCP reuse.OL-15558-01
Solution ArchitectureSolution ArchitectureApplication and Application Networking ArchitectureApplication and Application Networking ArchitectureWAN EdgeEdge RouterWANCisco WAEWAN Simulation #1CoreBranch SiteBranch WANAggregationdot1q trunkBranchCisco WAEpo 1BranchPCdot1q trunkLoadRunnerGeneratordot1q trunkdot1q trunkdot1q trunkAccessLoadRunnerControllerCisco WAASCMServer Farm222810Figure 4Design Guide (Enterprise Branch Design) and the Data Center Infrastructure Design Guide 2.5, bothfound at www.cisco.com/go/designzone.7
Enterprise BranchHP Mercury LoadRunner, running on a personal computer in the branch, simulates users that wouldperform certain tasks in the application.The traffic is redirected to the Cisco WAE via Web cache communications protocol (WCCP) from thebranch router. The Cisco WAE performs the following functions: Locally cached—If the data that is being requested is locally cached, the Cisco WAE responds tothe requestor with the cached data and requests only required data from the server farm. This allowsthe WAN to become more efficient as only “needed data” requested.New data—If the data that is being forwarded to the server farm or coming from the server farm, theCisco WAE performs compression algorithms on the data allowing for the WAN to become moreefficient.WAN Simulation1.a. Bandwidth - 1.544 Mbps, ESF, B8ZS, Delay - 100 mS, Loss - drop one packet in every 1000packets (0.1%)2.a. Bandwidth - 512 Kbps, ESF, B8ZS, Delay - 200 mS, Loss - drop one packet in every 500 packets(0.2%)Data Center 8
Solution Architecture be configured for different applications and is independent of any others. In the Joint Solution, CiscoACE is configured with the Admin context and the SharePoint context. Note that the Cisco ACE cansupport up to 250 contexts.Session persistence—Session persistence is the ability to forward client requests to the same serverfor the duration of the session. MOSS requires either source Internet Protocol (IP) based sessionpersistence or Hypertext Transfer Protocol (HTTP) cookie based session persistence.Transparent interception—Transparent interception performs a Network Address Translation (NAT)function to conceal the real server IP address that is residing in the server farm. The SharePointcontext is configured with a Virtual IP (VIP) that provides a single address that users use to connectto the server farm. This allows users to access the MOSS application by placing a single IP in theWeb browser.Allowed server connections—Allowed server connections is the maximum number of activeconnections value on a per-server basis and/or globally to the server farm.Health monitoring—Health monitoring is used to track the state of the server and determine itsability to process connections in the server farm. The SharePoint context used a compound probe todetermine if servers are operational and responding to HTTP requests.Cisco ACE provides load balancing of the traffic to the server farm using one of the following methods:Round Robin, Weighted Round Robin, Least Connections, Hash address, Hash cookie, Hash Header, andHash URL. In the Joint Solution, Least Connections was used, which selects the server with the fewestnumber of server connections. Cisco ACE is also used to provide SSL offload and TCP reuse.Inter-chassis Cisco ACE redundancy was used, in which a Cisco ACE module in one Cisco Catalyst 6500Series Switch chassis is protected by a Cisco ACE module in a peer Cisco Catalyst 6500 Series Switchchassis connected by a fault tolerant (FT) VLAN. The FT VLAN is used to transmit flow-stateinformation, configuration synchronization information, and the redundancy heartbeat.Server FarmOL-15558-019
Server FarmWebSpherePortal Server 1WebSpherePortal Server 2DeploymentManagerDatabaseServer222920Figure 5servers resides on the Windows 2003 enterprise server operating system. Dual Xeon processors runningat 2.33 Ghz with 4 G of RAM and 4 80 G SATA hard drives were used.The IBM WebSphere deployment manager runs IBM WebSphere Application Server NetworkDeployment version 6.0. The deployment manager resides on the Windows 2003 enterprise serveroperating system. Dual Xeon processors running at 2.33 Ghz with 4 G of RAM and 4 80 G SATA harddrives were used.The IBM DB2 database version is 8.1.7. The IBM DB2 resides on the Windows 2003 enterprise serveroperating system. Dual Xeon processors running at 2.33 Ghz with 4 G of RAM and 4 80 G SATA harddrives were used. The gigabit network interface cards are “nic-teamed” for redundancy.Packet Flow Without Cisco WAAS and Cisco ACEFigure 6Normal Packet FlowWAN SegmentServer Segment222795Client SegmentClient Segment10
Solution ArchitectureWAN SegmentServer SegmentResponse TimesPacket Flow with Cisco WAAS and Cisco ACEFigure 7Packet Flow with Cisco WAAS and Cisco ACEBranch OfficeData CenterBranch RouterWAN Edge Router2b2aClients 1WAN37Cisco WAE468Client VLAN/VIP VLANBranchCisco WAECisco ACE5OL-15558-01Server Farm222796Cached TrafficClient to Server TrafficServer to Client Traffic
The client sends a TCP SYN (synchronize) packet to the server farm VIP address. The packet isforwarded to the branch router. The branch router intercepts the packet with WCCP and forwards itto the branch Cisco WAE appliance.a.) The branch Cisco WAE applies a new TCP option (0x21) to the packet if the application isidentified for optimization by an application classifier. The branch Cisco WAE adds its device IDand application policy support to the new TCP option field. This option is examined and understoodby other Cisco WAEs in the path as the ID and policy fields of the initial Cisco WAE device. Theinitial ID and policy fields are not altered by another Cisco WAE. The packet is forwarded to thebranch router and then to the WAN. b.) During the data transfer phase, if the requested data are inits cache, the branch Cisco WAE returns its cached data to the client. Traffic does not travel throughthe WAN to the server farm. Hence both response time and WAN link utilization are improved.3.4.5.6.7.8.
Implementing and Configuring the Cisco ACE SolutionImplementing and Configuring the Cisco ACE SolutionImplementationImplementation OverviewWhat Was Implemented What Was Not Implemented/Tested OL-15558-01
Implementing and Configuring the Cisco ACE SolutionNetwork TopologyFigure 8Network TopologyANS-Agg 1MSFC IP AddressesVLAN 82 – 172.28.196.43/24VLAN 210 – 10.1.230.2/24HSRP IP AddressesVLAN 230 – 10.1.230.1VLAN 82Application VIP AddressesWebSphere – 10.1.230.10VLAN 230ACE IP AddressesVLAN 82 – 172.28.196.150/24VLAN 230 – 10.1.230.5/24VLAN 231 – 10.1.231.2/24ANS-Agg 2VLAN 82VLAN 230ACE IP AddressesVLAN 82 – 172.28.196.151/24VLAN 230 – 10.1.230.6/24VLAN 231 – 10.1.231.3/24FT VLAN 500 – 192.168.50.0/30ACE Alias IP AddressesVLAN 230 – 10.1.230.4VLAN 231 – 10.1.40.1VLAN 231MSFC IP AddressesVLAN 82 – 172.28.196.44/24VLAN 230 – 10.1.230.3/24VLAN 231VLAN 231 – 10.1.40.0/24AdminWS1WS2WS32227803WebSphereHardware or ComponentsHardwareProductNoteChassisModules InterfacesMemoryData Center Design and Implementation GuideOL-15558-01
Implementing and Configuring the Cisco ACE SolutionSoftwareProductSoftware/Code Versionc6ace-t1k9-mz.3.0.0 A1 6 G-LICFeatures and FunctionalityProductFeatures and Functionality Used in the Solution Features, Services, and Application Design ConsiderationsHigh Availability, Scalability, and RedundancyOL-15558-01
Implementing and Configuring the Cisco ACE Solution Configuration Task ListsInstalling Cisco ACE and MSFC ConfigurationStep 1vlan 230name ACE-CLIENT!vlan 231name ACE-SERVER!vlan 500name ACE-FT-VLAN!svclc multiple-vlan-interfacessvclc module 3 vlan-group 1svclc vlan-group 1 230,231,500interface Vlan230description ACE Client Side VLANip address 10.1.230.2 255.255.255.0OL-15558-01
standby 230 ip 10.1.230.1standby 230 Priority 120VirtualizationContext ConfigurationStep 1ACE 1/Admin(config)# resource-class Gold cr Carriage return.ACE 1/Admin(config-resource)# limit-resource ?acl-memoryLimit ACL memoryallLimit all resource parametersbufferSet resource-limit for buffersconc-connectionsLimit concurrent connections (thru-the-box traffic)mgmt-connectionsLimit management connections (to-the-box traffic)proxy-connections Limit proxy connectionsrateSet resource-limit as a rate (number per second)regexpLimit amount of regular expression memorystickyLimit number of sticky entriesxlatesLimit number of Xlate entriescontext webspheredescription WebSphere Testingallocate-interface vlan 230-231member GoldACE 1/Admin# changeto websphere
Redundancy/High Availabilityft interface vlan 500ACE 1/Admin(config-ft-intf)# ip address 192.168.50.1 255.255.255.252peer ip address 192.168.50.2 255.255.255.252no shutdownft peer 1ft-interface vlan 500heartbeat count 10heartbeat interval 300ft group 1peer 1priority 200preemptassociate-context Admininserviceft group 3peer 1priority 200associate-context websphereinserviceREMOTE-MGMT10 match protocol ssh any20 match protocol telnet any30 match protocol icmp any40 match protocol http any50 match protocol https anypolicy-map type management first-match REMOTE-ACCESSclass REMOTE-MGMTpermitinterface vlan 230service-policy input REMOTE-ACCESS
interface vlan 231service-policy input REMOTE-ACCESSConfiguring Interface(s) and Default GatewayStep 1ANYONE line 10 extended permit icmp any anyaccess-list ANYONE line 20 extended permit ip any anyStep 2interface vlan 230ip address 10.1.230.5 255.255.255.0peer ip address 10.1.230.6 255.255.255.0alias 10.1.230.4 255.255.255.0interface vlan 231ip address 10.1.50.2 255.255.255.0peer ip address 10.1.50.3 255.255.255.0alias 10.1.50.1 255.255.255.0interface vlan 230access-group input ANYONEaccess-group output ANYONEservice-policy input REMOTE-ACCESSno shutdowninterface vlan 231access-group input ANYONEaccess-group output ANYONEservice-policy input REMOTE-ACCESSno shutdownip route 0.0.0.0 0.0.0.0 10.1.230.1show interfaceHardware type is VLANMAC address is 00:1b:d5:9b:88:edVirtual MAC address is 00:0b:fc:fe:1b:02Mode : routedIP address is 10.1.230.5 netmask is 255.255.255.0FT status is activeDescription:Client side vlanMTU: 1500 bytes
Last cleared: neverAlias IP address is 10.1.230.4 netmask is 255.255.255.0Peer IP address is 10.1.230.6 Peer IP netmask is 255.255.255.0Assigned from the Supervisor, up on Supervisor53808467 unicast packets input, 17900167965 bytes7331701 multicast, 7776 broadcast0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops91028995 unicast packets output, 5455629020 bytes4 multicast, 5202 broadcast0 output errors, 0 ignoredvlan231 is upHardware type is VLANMAC address is 00:1b:d5:9b:88:edVirtual MAC address is 00:0b:fc:fe:1b:02Mode : routedIP address is 10.1.231.2 netmask is 255.255.255.0FT status is activeDescription:Server side vlanMTU: 1500 bytesLast cleared: neverAlias IP address is 10.1.231.1 netmask is 255.255.255.0Peer IP address is 10.1.231.3 Peer IP netmask is 255.255.255.0Assigned from the Supervisor, up on Supervisor83222640 unicast packets input, 95861661879 bytes1118208 multicast, 47974 broadcast0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops53089290 unicast packets output, 4304456323 bytes4 multicast, 14950 broadcast0 output errors, 0 ignoredProbesACE 1/Admin(config)# probe ?
HTTP return code expected; it has to be explicitly configured.expect regex—A regex can be configured to parse a specific field in the response data.This parameter is only applicable to HTTP/HTTPS probes.SSL—Configured to define what cipher and SSL version Cisco ACE should use when sending anHTTPS probe. Ciphers and SSL versions supported on Cisco ACE are:RSA EXPORT1024 WITH DES CBC SHARSA EXPORT1024 WITH RC4 56 MD5EXP1024-DES-CBC-SHA CipherEXP1024-RC4-MD5 Cipher
RSA EXPORT1024 WITH RC4 56 SHARSA EXPORT WITH DES40 CBC SHARSA EXPORT WITH RC4 40 MD5RSA WITH 3DES EDE CBC SHARSA WITH AES 128 CBC SHARSA WITH AES 256 CBC SHARSA WITH DES CBC SHARSA WITH RC4 128 MD5RSA WITH RC4 128 SHAssl versions:SSLv2 SSL Version 2.0SSLv3 SSL Version 3.0TLSv1 TLS Version 1.0probe tcp PROBE-TCPinterval 2faildetect 2passdetect interval 10passdetect count 2probe icmp PINGinterval 2faildetect 2rserver host WL1ip address 10.1.50.51inserviceEXP1024-RC4-SHA CipherEXP-DES-CBC-SHA CipherEXP-RC4-MD5 Cipher3DES-EDE-CBC-SHA CipherAES-128-CBC-SHA CipherAES-256-CBC-SHA CipherDES-CBC-SHA CipherRC4-MD5 CipherRC4-SHA Cipher
1-65535 Specify slowstart duration in secondsroundrobin—Load balance in a roundrobin fashion (default).probe—Allows a probe to be applied to the server farm. Multiple probes can be applied to the sameserver farm.retcode—Used to configure server health-checks based on the HTTP return code. The configurationallows you to define a range of HTTP return codes and take an action once a threshold is reached.retcode min max check remove count log threshold value resume-service valuein seconds rserver—Used to associate real server(s) with a server farm. Port address translation, maximum andminimum connections, and weight are some common configurations that can be done in rserversub-configuration mode.transparent—When configured, Cisco ACE does not NAT Layer 3 IP address from VIP to realserver’s IP address.The following is an example of basic server farm configuration:serverfarm host WEBSPHEREpredictor leastconnsprobe ICMPrserver WL1inservicerserver WL2inserviceLayer 4 Load BalancingNoteStep 12 match virtual-address 10.1.230.10 tcp eq 7041Step 2
Implementing and Configuring the Cisco ACE Solutionsticky-serverfarm SRC-IP-STICKYStep 3policy-map multi-match LB-VIPclass VIP-HTTP-10loadbalance vip inserviceloadbalance policy VIP-POLICY-10loadbalance vip icmp-replyStep 4interface vlan 230service-policy input LB-VIPLayer 7 Load BalancingStep 1url .*.htmparameter-map type http L7-mapcase-insensitiveclass-map match-all VIP-HTTP-102 match virtual-address 10.1.230.10 tcp eq 7041policy-map type loadbalance first-match L7-matchclass L7-URLsticky-serverfarm STICKY-INSERT-COOKIEclass class-defaultserverfarm WEBSPHEREpolicy-map multi-match LB-VIPclass VIP-HTTP-10loadbalance vip inserviceloadbalance policy L7-matchloadbalance vip icmp-replyOL-15558-01
in
The IBM WebSphere deployment manager runs IBM WebSphere Application Server Network Deployment version 6.0. The deployment manager resides on the Windows 2003 enterprise server operating system. Dual Xeon processors running at 2.33 Ghz with 4 G of RAM and 4 80 G SATA hard drives were used. The IBM DB2 database version is 8.1.7.
Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser
Modi ed IBM IBM Informix Client SDK 4.10 03/2019 Modi ed IBM KVM for IBM z Systems 1.1 03/2019 Modi ed IBM IBM Tivoli Application Dependency Discovery Manager 7.3 03/2019 New added IBM IBM Workspace Analyzer for Banking 6.0 03/2019 New added IBM IBM StoredIQ Suite 7.6 03/2019 New added IBM IBM Rational Performance Test Server 9.5 03/2019 New .
Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se
Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single
Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .
Sep 11, 2017 · Note: Refer to the Getting Started with Cisco Commerce User Guide for detailed information on how to use common utilities for a record in Cisco Commerce. See Cisco Commerce Estimates and Configurations User Guide for more information.File Size: 664KBPage Count: 5Explore furtherSolved: Cisco Serial Number Lookups - Cisco Communitycommunity.cisco.comHow to view and/or update your CCO profilewww.cisco.comSolved: How do I associate a contract to my Cisco.com .community.cisco.comHow do I find my Cisco Contract Number? - Ciscowww.cisco.comPower calculator tool - Cisco Communitycommunity.cisco.comRecommended to you b
Apr 05, 2017 · Cisco 4G LTE and Cisco 4G LTE-Advanced Network Interface Module Installation Guide Table 1 Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Description Mode Operating Region Band NIM-4G-LTE-LA Cisco 4G LTE NIM module (LTE 2.5) for LATAM/APAC carriers. This SKU is File Size: 2MBPage Count: 18Explore furtherCisco 4G LTE Software Configuration Guide - GfK Etilizecontent.etilize.comSolved: 4G LTE Configuration - Cisco Communitycommunity.cisco.comCisco 4G LTE Software Configuration Guide - Ciscowww.cisco.comCisco 4G LTE-Advanced Configurationwww.cisco.com4G LTE Configuration - Cisco Communitycommunity.cisco.comRecommended to you b
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS
