Network-Based Virtualization - Cisco

1y ago
545.86 KB
5 Pages
Last View : 15d ago
Last Download : 6m ago
Upload by : Julia Hutchens

Cisco on Cisco: Inside Cisco ITVirtualization Featured Content – December 2007Network-Based VirtualizationVirtualizing network-based services and resources yields Cisco IT greaterapplications availability, agility, resiliency, and broad cost savings.The inherent constraints of any physical component in terms of failure, provisioning, and limited utilizationhave always constituted an obstacle to optimizing the application hosting environment. Now, with networkbased virtualization, this obstacle can be practically eliminated for both network resources and applicationservices—with impressive results. Network-based virtualization yields greater availability because theuptime no longer depends on an individual physical component. As virtualization turns a hard resourceinto a soft one, most of the operations associated with its lifecycle are transformed from manual tasks toconfiguration changes, enabling automation and fostering increased agility and resiliency. And theincreased flexibility to deal with limited capacity leads to better“Increased utilization, availability,resilience, operability, and agility simplyoutweigh all the overhead associatedwith adoption of the new technology.”—Koen Denecker, IT Architect, Network and DataCenter Services, Ciscoutilization, which is a core enabler for consolidation,rationalization, and pervasive cost savings in the data center.Cisco IT defines virtualization as the decoupling of logical andphysical entities, and categorizes virtualization on two levels:resource (or infrastructure) virtualization and service (orapplication) virtualization. In resource virtualization, physicalresources such as network, compute, and storage resourcesare segmented or pooled as logical resources. An example of resource virtualization: Sharing a loadbalancing device (hardware) between multiple applications virtualizes the infrastructure. In servicevirtualization, on the other hand, multiple physical service instances are grouped to act as one logicalinstance. Service virtualization includes application services (fully functional application instances) andnetwork services (application component instances that are used to build fully functional applications).An example of service virtualization: Load balancing an application (service) between two serversvirtualizes the application and enables high availability. With virtualization, the role of the network istwofold: the network resources themselves are virtualized, and the network also acts as an enabler forservice virtualization.Since 2000, Cisco IT has virtualized five network-based resources and services: Server load balancing Firewalling Secure Sockets Layer (SSL) encryption and decryption Web services gateway Global site selectionFor Cisco IT, virtualizing load balancing alone has increased utilization of the hardware involved from 5to 75 percent. Simultaneously, the physical footprint for the load balancers decreased by 50 percentwhile the total number of virtualized applications increased sixfold. Load balancing was, in fact, the firstshared network service Cisco IT offered across the network that severed the one-to-one link betweenapplication and device.All contents are Copyright 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.Page 1 of 5

Cisco on Cisco: Inside Cisco ITVirtualization Featured Content – December 2007“Before 2000, everything was siloed,” says Wilson Ng,Each partition can be defined by application,network engineer in the IT Networking Design andcustomer, or business organization, and resourceEngineering group at Cisco. “If a client wanted loadallocations such as bandwidth or number ofbalancing, IT would procure the system, go through aconnections can be defined for each partition. Inlearning curve on how to use it for the particularaddition, role-based access control (RBAC) in theapplication, and finally deploy it. The whole processACE Module allows each virtual partition to bewould take two to three months.”managed by the appropriate IT team.Multiple load balancing systems were increasinglyWith the ACE Module, even large applications,becoming harder for IT to manage and maintain andsuch as enterprise resource planning (ERP)produced low average utilization. Moreover, thecan be served by up to 250 virtual loadnumber of application environments that required loadbalancers, with a percentage of the module’sbalancing was doubling each year. By 2003 the groupload balancing resources dedicated to ERPwas operating 14 pairs of load balancers. “Wewhen needed.concluded that this was not the way we shouldprovide the network service,” Ng says.Next, Cisco IT initiated the virtualization offirewalling, deployed on a Cisco Catalyst 6500So in 2003 Cisco IT introduced a virtualized,Series Firewall Services Module (FWSM). Likehorizontal load balancing service using the Ciscothe ACE Module, the FWSM can be partitionedCatalyst 6500 Series Switch Content Switchinginto multiple logical firewalls assigned toModule (CSM) and partitioning techniques to createspecific applications. It, too, runs horizontallylogical, individual load balancers. The first applicationacross the data use a virtualized load balancer was the Ciscoemployee intranet; the CSM was located in a datacenter at the company’s headquarters in San Jose,California. With the success of that application, CiscoIT migrated other applications to the virtualized loadbalancing service.Eliminating various siloed load balancingappliances has given Cisco IT consistentconfiguration, deployment, and monitoringcapabilities, and has also significantly increasedservice availability and load balancinginfrastructure utilization. What’s more, requestsToday one pair of CSM modules has been configuredfor load balancing can be satisfied in hours,to handle the entire production load balancingrather than months.required across the Cisco data center at ResearchTriangle Park, North Carolina. Where only 5 percentof capacity was being used on average with the 14pairs of load balancers, now up to 75 percent of theCSM (paired for redundancy) capacity is used.Into the IT InfrastructureThe virtualized load balancing service was the firstThe CSM and ACE Module are also the keyenabling technologies for application servicevirtualization. Cisco’s primary Internet presence, or, consists ofmultiple server farms, each with multiple physicalservers, which have been optimized for specificapplication functionality.instance of bringing a service into the IT infrastructureFor example, one server farm serves staticrather than having it reside on dedicated systems paidcontent, a second serves dynamic content, and afor by application owners. It became the model andthird provides a supporting authentication role. Tomotivation for Cisco IT to virtualize other services.the outside world, however, the Internet presenceNow Cisco IT is migrating from the CSM to the CiscoApplication Content Engine (ACE) Module, which candivide resources into 250 different virtual partitions.appears as one giant server. In addition, physicalserver failures and server maintenance can behidden from end users.All contents are Copyright 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.Page 2 of 5

Cisco on Cisco: Inside Cisco ITVirtualization Featured Content – December 2007This deployment of application virtualization enableshosts the bulk of the internal and external HTTP-greater availability, agility, and operability.based applications. Because thesecommunications include queries about personnelSome Complexity of Integrationmatters, the entire payload, including incomingThe next two services that Cisco IT sought toURLs, is encrypted and must be decryptedvirtualize require more involvement from applicationbefore the application can go to the appropriateowners: SSL encryption and decryption and an XMLapplication server selected by the content switch.Gateway. SSL encryption and decryption, using theThe SSLSM performs the first task; the CSMCisco Catalyst 6500 ACE Module or the earlier SSLperforms the second. Today, both functions canService Module (SSLSM), was first used in 2004 tobe performed within a single pair of ACEenable content switching of encrypted HTTP traffic inModules.the Java 2 Enterprise Edition environment. Thisenvironment hosts more than 40 percent of Cisco’sinternal and external applications and is missioncritical to Cisco’s business.The Cisco ACE XML Gateway is anotherexample of network-based service virtualization.It provides a virtual web services gateway to theInternet for a broad range of users whoseLater, in 2006, it was adopted to support employeesapplications need XML links to other software, towho use a non-Windows-based operating system,databases, or other systems to do their jobs.such as UNIX, and who need access to Windowsbased e-mail. The SSLSM offloads the encryption anddecryption required from the e-mail server, resulting inmuch faster access for the employees. Thisfunctionality is being transitioned to the newer, morescalable ACE Module, which integrates it better intothe load balancing and content switching function.“The ACE XML Gateway can act as a virtualfront door for B2B [business to business]interactions within Cisco,” says Sandeep Puri,IT architect in the Platform Services and Supportgroup at Cisco. “This gives us one interfacepoint through which our partners may talk to us.The XML Gateway can transform different dataThe application owner’s involvement with this serviceformats involved in B2B interactions on the flymust increase because there is more integrationto what we use at Cisco. The appliance gives uswork, according to Koen Denecker, IT architect in thea central point to enforce different serviceNetwork and Data Center Services group at Cisco.policies that we may have for services that Cisco“There is the benefit to the owner of not paying for thehosts. In addition, the gateway can be positionedhardware, but the owner must sit down with IT toto add an additional layer of security by usingdiscuss the application’s specific needs.”the appliance’s XML level firewall policies,”The SSLSM has been installed in all major Cisco ITproduction centers, and Cisco IT is using it to supportother services in a virtual way. Additionally, Deneckersays, IT now uses the SSLSM to support applicationenvironments, not just individual applications, forexample, the Java-to-enterprise environment. “Weuse the SSLSM to encrypt and decrypt for hundredsof applications by putting it on that singleenvironment,” he says.Cisco IT is also using the SSLSM with the CSM toenable back-end migration and vendor transition inthe Java 2 Enterprise Edition environment, whichhe explains.An Enabler of VirtualizationThe latest service to be virtualized is as much anenabler of the technology as a use of it. TheCisco ACE GSS 4400 Series Global Site Selector(GSS) performs global server load balancing. Itdistributes client requests for applications todifferent geographic instances of thoseapplications.“Users anywhere in the world can reach thenearest instance of an application for fasteraccess and response times—it’s a form ofAll contents are Copyright 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.Page 3 of 5

Cisco on Cisco: Inside Cisco ITVirtualization Featured Content – December 2007application acceleration,” says Jon Woolwine, ITWhen integrating services into the network, ITarchitect in the IT Networking Design and Engineeringstaff should also look for opportunities to maintaingroup at Cisco.current data center architecture and keep existingIt is also very useful for disaster recovery and evenroutine maintenance and software upgrades. When asystem goes down, whether planned or not, the GSScan reroute application requests from clients to anapplication instance in a different geographic location.logical components. Cisco IT took advantage ofthe flexibility built into the CSM, ACE, SSL, andFWSM modules to deploy them without anychange to the application’s server. The IT groupalso kept the same access controls, spanningtree protocols, and other data center provisions.RecommendationsIn addition, the costs to virtualize should beGlobal server load balancing, like local server loadfactored in at the beginning.balancing and firewalling, have been easy to pitch asvirtualized network-based services. Whether easy topitch or not, any virtualized service must beundertaken only after considerable planning.“Virtualization makes operations more complex,and tracking down a complex network applicationintegration problem may take significantly moreresources and last longer if the support staff hasWoolwine, who has worked closely with applicationsnot been trained appropriately,” says Denecker.teams within Cisco IT and with application owners,“It is critical to accompany the introduction of newbelieves that it is imperative to bring both thesetechnologies with the appropriate organizationalgroups together with network engineers andevolution and skillset developments.”architects. This collaboration, he says, is required “toget an end-to-end perspective and an understandingof all the complexities of a given application, itsdependencies, how it links to servers and storage,and other intricacies, along with how they will beaffected by virtualizing a given service. That is achallenge, because typically people are from onecamp or another.”Cisco IT chose to employ this process not for all ofthe thousands of applications it uses, but rather forthe large and critical ones and those with commonenvironments or front ends.Virtualizing network-based services might also requirethe convergence of technologies and multiple groupswithin a company, not unlike that seen when voiceand data converged.Some tasks, he adds, increase in importance,such as capacity planning, fault containment,testing, quality management, monitoring,dependency management, and changemanagement. Then again, virtualizationincreases cross-functional collaboration andavoids silos of technical expertise.Even so, says Denecker, “The value of theincreased availability that virtualization brings willoutweigh the cost issues and risks. Increasedutilization, availability, resilience, operability, andagility simply outweigh all the overheadassociated with adoption of the new technology.”And very tantalizing are the possibilitiesinherent in the level of service integrationattainable with virtualization, when services are“The server, storage, and network teams need toabstracted from applications and componentswork together to develop policies and standards for(e.g., a reusable pricing module in an orderingareas that will be virtualized,” says Ng. “For example,tool) may be distributed among many locationswhen using VMware, the network and server teamsand shared with many applications.had to standardize to 801.1Q trunking for VMwareservers. This allows virtual server provisioning andnetwork service access.”This abstraction gives IT enormous flexibility inprovisioning and even compiling applications.All contents are Copyright 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.Page 4 of 5

Cisco on Cisco: Inside Cisco ITVirtualization Featured Content – December 2007“We can begin to build services in a serviceoriented architecture,” says Denecker. “WeFURTHER READINGmight take one component from one application,another from a second, and so on to compile anew application, as long as all the parts operatewithin the same environment. This is how CiscoIT sees the data center becoming the computer Cisco on Cisco Featured Content: “ServerVirtualization on Fast rk/featured content/fc july aug 2007 article01.htmlwith the network as the enabling platform.” Cisco on Cisco Featured Content: “StorageVirtualization a Work in twork/featured content/fc july aug 2007 article03.htmlFor more Cisco IT featured content and casestudies, visit Cisco on Cisco Featured Content: “VFrame DataCenter First twork/featured content/fc july aug 2007 article02.html Cisco ACE ndex.html Cisco ACE XML index.html Cisco ACE GSS 4400 Series Global Site tnetw/ps4162/index.htmlAll contents are Copyright 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.Page 5 of 5

physical entities, and categorizes virtualization on two levels: resource (or infrastructure) virtualization and service (or application) virtualization. In resource virtualization, physical resources such as network, compute, and storage resources are segmented or pooled as logical resources. An example of resource virtualization: Sharing a load

Related Documents:

Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser

Apr 05, 2017 · Cisco 4G LTE and Cisco 4G LTE-Advanced Network Interface Module Installation Guide Table 1 Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Description Mode Operating Region Band NIM-4G-LTE-LA Cisco 4G LTE NIM module (LTE 2.5) for LATAM/APAC carriers. This SKU is File Size: 2MBPage Count: 18Explore furtherCisco 4G LTE Software Configuration Guide - GfK Etilizecontent.etilize.comSolved: 4G LTE Configuration - Cisco 4G LTE Software Configuration Guide - 4G LTE-Advanced LTE Configuration - Cisco to you b

Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se

Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single

Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .

Sep 11, 2017 · Note: Refer to the Getting Started with Cisco Commerce User Guide for detailed information on how to use common utilities for a record in Cisco Commerce. See Cisco Commerce Estimates and Configurations User Guide for more information.File Size: 664KBPage Count: 5Explore furtherSolved: Cisco Serial Number Lookups - Cisco to view and/or update your CCO How do I associate a contract to my do I find my Cisco Contract Number? - calculator tool - Cisco to you b

Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS

Cisco 2951 2 2 Cisco 3925 4 4 Cisco 3945 4 4 Cisco 3925E 3 3 Cisco 3945E 3 3 Cisco 1841 1 1 Cisco 2801 2 1 Cisco 2811 2 1 Cisco 2821 2 1 Cisco 2851 2 1 Cisco 3825 4 2 Cisco 3845 4 4 Table 1A provides relevant software information Router Chassis Software Release Minimum Software Package Cisco 1921 15.0(1)M2 IP Base