Cloud services offer potential cost and efficiency benefits, but organizations have been hesitant to move applications to the cloud, especially those critical to the business, because of the lack of service assurance for application performance and availability. The hesitance to adopt cloud services has in turn posed a dilemma for service providers as they attempt to forecast demand and plan to develop data center assets. Now, a technology framework within the Cisco® Unified Service Delivery environment allows service providers to take full advantage of their data center and the Cisco IP Next-Generation Network (IP NGN) to deliver cloud service assurance for application performance and availability.
This white paper provides an overview of the need for cloud service assurance and the evolution of application performance management solutions. It then describes the Cisco technologies and platforms in the data center and Cisco IP NGN that form the Cisco Cloud Service Assurance solution for application performance and workload mobility and availability, helping organizations to adopt cloud services with longer-term contracts while rewarding service providers with more predictable revenues.
Overview
Many businesses today, seeking to lower their costs while supporting applications that serve the business, understand the capital and operational cost savings and benefits possible with the cloud services model. By using cloud services, businesses can avoid the costs of expanding their data center capacity to meet peak loads, with much capacity underutilized most of the time, and employing server farms that often sit idle for special projects. Instead, businesses can use resources from service providers on demand and be environmentally responsible by not wasting underutilized network and computing resources that must be available to handle unpredictable workload requirements and seasonal demand fluctuations. To reduce risk as they try the cloud service delivery model, businesses are now considering a mix of traditional data center application services and cloud-based application services.
When organizations consider over-the-top (OTT) application providers (such as Amazon Elastic Compute Cloud [EC2] and Google App Engine), which deliver cloud services over the public Internet, they learn that these vendors cannot ensure the end-to-end security and performance of their applications. By operating their own private networks and data centers, service providers can provide cloud service assurance if they implement an appropriate architecture.
Service providers need to be able to offer SLAs for cloud services that give businesses the confidence necessary to move mission-critical applications to the cloud. Service providers that implement the Cisco Unified Service Delivery environment, which includes the many platforms and technologies in the data center and in the Cisco IP NGN, can gain a competitive advantage by offering Cisco Cloud Service Assurance based on:
• Provisioning workloads efficiently and scaling workloads flexibly in a virtualized environment
• Managing application performance in the data center and over the WAN through application monitoring, control, and reporting
• Moving workloads between servers and between data centers to ensure high performance and availability
• Ensuring application performance over the WAN with application acceleration and WAN optimization
The predictability of cloud resource utilization based on SLAs with the Cisco Cloud Service Assurance solution also allows service providers to use their own resources more efficiently. This solution also opens up new business partnership opportunities with OTT providers that offer software as a service (SaaS), with the capacity to host their applications and offer their customers assurance for cloud-based services.
Cisco Cloud Service Assurance provides a competitive advantage that positions service providers to gain new customers with the offer of application SLAs, which can lead to predictable longer-term service contracts, and to partner with third-party SaaS providers. This capability enables service providers to better forecast and respond to shifting demand and therefore offer more agile services and more competitive pricing.
The Evolution of Service Assurance
In 2010, IDC predicted that 40 percent of business customers will purchase information and communications technology (ICT) from the network cloud between 2012 and 2015, despite a 2009 IDC finding that more than 75 percent of corporate enterprise respondents had major concerns about security, availability, performance, and other issues when asked about cloud services.
This concern over cloud service assurance is not new. A 2008 Gartner report claimed that the availability of application-level performance SLAs for cloud services, in response to customer demand, would be a major competitive differentiator for service providers by 2010. The report described how SLAs have evolved from those based only on general network performance in Layers 1 through 3 (measuring metrics such as jitter and availability) to SLAs increasingly focused on network performance for specific applications (as managed by technologies such as a WAN optimization controller), to SLAs based on specific application metrics and business process SLAs based on key performance indicators (KPIs) such as cycle time or productivity rate. Examples of KPIs are the number of airline passengers who check in per hour or the number of new customer accounts provisioned. Customers expect that the cloud service assurance solution can recognize the difference between a sales order being processed and an ordinary inquiry.
Customers expect that their critical business processes (such as payroll and order fulfillment) will always be available and that sufficient resources are provided by the service provider to ensure application performance even in the event that a server fails or a data center becomes unavailable. This requires cloud providers to be able to scale up data center resources, ensure the mobility of virtual machines within the data center and across data centers, and provide supplemental computer resources in another data center, if needed.
With their combined data center and Cisco IP NGN assets, service providers can attract relationships with independent software vendor with SaaS offerings, where end customers purchase services from the SaaS provider while the service provider delivers an assured end-to-end application experience.
In addition to SLAs for performance over the WAN and SLAs for application availability, customers expect that their cloud-hosted applications will have security protection in the cloud hosting environment. In many cases they want the cloud service provider to improve the performance of applications in the data center and over the WAN, minimizing application response times and mitigating the effects of latency and congestion.
With their private Cisco IP/MPLS networks, service providers can enhance application performance and availability in the cloud and to deliver the visibility, monitoring, and reporting that customers require for assurance. As cloud service providers engineer their solutions, they should consider how they can continue to improve on their service offerings to support not only network and application SLAs, but also SLAs for application transactions and business processes.
Use Cases for Cloud Service Assurance
Application Performance Management
One major category of use cases for cloud service assurance is application performance monitoring. Service providers and businesses are looking for visibility, monitoring, and reporting services for the performance of business applications over the WAN from the service provider or enterprise data center to multiple locations. Application performance monitoring includes visibility into application response times, analysis of which applications and branch offices use how much bandwidth, and the ability to prioritize mission-critical applications, such as those from Oracle and SAP, as well as collaboration applications such as Microsoft SharePoint and Citrix. Customers are more likely to adopt a service that provides these service assurance capabilities on a monthly basis, along with corresponding consulting and application tuning services.
Workload Availability and Mobility
Another category of cloud service assurance use cases is promoting the availability and mobility of virtualized workloads. To provide cloud services on a large scale and to provide services cost effectively to large enterprise customers, service providers must be able to provision workloads efficiently and to scale up workloads flexibly in a virtualized environment. They need to overcome the limitations of their current protocols and expand the number of connections and virtual machines that they can support, beyond current limits.
• To ensure availability of virtual machine workloads in the event of a server failure in the data center, service providers must be able to move a virtual machine from one server to another without service interruption.
• To ensure availability of virtual machine workloads if a data center service becomes unavailable, service providers must be able to move a virtual machine workload from one data center to another without service interruption.
• To accommodate customers who need to burst a virtual machine workload from an enterprise data center to a service provider data center during peak workloads without service interruption, service providers need a way to maintain network awareness of the connections to the virtual machine.
• To ensure that virtual machine workloads can be accommodated, service providers need a way to locate available resources and determine the best path to connect, allowing a business VPN user to transparently switch from one data center to another to find and use the most available resources.
Security and Application Acceleration
A third category of cloud service assurance use cases is providing security and application acceleration.
• To provide performance assurance for cloud-hosted applications traversing the WAN to remote users, service providers need a way to optimize and accelerate application traffic over the WAN from the cloud-hosting data center.
• To provide security for virtual machines, service providers need security services that are virtualization-aware and work in a multitenant environment.
• To ensure application response-time performance and to distribute connection requests efficiently, service providers need server load balancing and application control capabilities.
Cisco Cloud Service Assurance
The Cisco Cloud Service Assurance solution encompasses the intelligence, tools, and capabilities necessary to provide Application Performance Management (APM) and workload mobility, as well as network services to provide security and improve application performance.
Application Performance Management
Cisco APM provides the capability to natively understand the content and context of application traffic and to help ensure availability and performance of workloads in the cloud. A range of intelligent Cisco products and technologies perform operations on application traffic to provide greater visibility, prioritization, WAN optimization, application control, and enhanced security, as determined by business policies and rules. Specific capabilities and the corresponding products and technologies from Cisco and Cisco partners include the following.
• Performance monitoring: The Cisco Network Analysis Module (NAM) and Virtual Blade for the NAM collect network performance data and make it available to reporting systems. Cisco NAM can help improve application performance when paired with Cisco control and optimization solutions, such as quality of service (QoS) and Cisco Wide Area Application Services (WAAS). Cisco NAM can also accelerate problem resolution and increase operational efficiency through the ability to enhance troubleshooting, preempting performance issues with threshold-based, proactive alerts.
• Reporting: Cisco works with various third-party management vendors whose products gather metrics and report on application performance. Best-in-class Cisco reporting partners include NetQoS, InfoVista, and Fluke Networks. Their products gather link statistics using Cisco NetFlow and measure application performance using Cisco IP SLA.
• Application visibility and control: Application visibility solutions provide real-time performance monitoring to discover applications running on the network, to understand how those applications utilize network resources, and to measure the performance of critical applications. Application control gives service providers dynamic and adaptive tools to monitor and assure application performance. Critical applications can be prioritized and applications not related to the business can be treated with lower priority. Special policies may be provisioned for customers dynamically and the security behind the firewall may be extended to protect information resources. Application-aware path optimization matches critical applications to the best path, ensuring application performance and availability that can be linked to SLA guarantees.
Available in Cisco IOS® Software, Cisco NetFlow efficiently provides crucial instrumentation to support services such as traffic accounting, usage-based network billing, network planning, security, denial of service (DoS) monitoring capabilities, and network monitoring. NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing.
Cisco IP SLA is a feature included in Cisco IOS Software on Cisco routers that can give network administrators the ability to analyze IP service levels for IP applications and services. Cisco IP SLA is widely used in networks to generate time-based network and service performance data.
Cisco Network-Based Application Recognition (NBAR) is a classification engine in Cisco IOS Software that can recognize a wide variety of applications, including Web-based applications and client/server applications that dynamically assign TCP/IP or User Datagram Protocol (UDP) port numbers. After an application is recognized, the network can invoke specific services, such as QoS or intelligent path selection, for that particular application. Cisco NBAR works with QoS features to help ensure that network bandwidth is used efficiently based on defined business policies.
Workload Availability and Mobility
Another facet of the Cisco Cloud Service Assurance solution, workload assurance and mobility services, allow workloads to move within the physical and virtual data center and across different data centers to help ensure application availability and to locate available data center resources in the cloud. Platforms and technologies that provide workload assurance and mobility include the following.
• The Cisco Unified Computing System (UCS) unites network, compute, and virtualization resources into a transparent system that simplifies server setup, improves business metrics, and supports lower-cost, just-in-time resource provisioning. The system integrates a low-latency unified network fabric with enterprise-class servers with x86 architectures. Cisco UCS components form an integrated, scalable, multichassis platform in which all resources participate in a unified management domain. A single system scales to up to a 40 blade server chassis, 320 compute nodes, and up to thousands of virtual machines.
• Cisco FabricPath is a feature in Cisco NX-OS Software that combines the plug-and-play simplicity of Ethernet with the reliability and scalability of Layer 3 routing, enabling highly-scalable Layer 2 networks without the use of a spanning tree. FabricPath allows cloud providers to build resilient, scalable, and simplified Layer 2 switching fabrics that can span the entire data center, providing virtualization deployment flexibility and low-latency, high-performance computing.
• Cisco Nexus® 1000V Series Switch incorporates the Cisco Virtual Security Gateway (VSG), using virtualization-aware switching capabilities to provide network awareness for virtual machines. The Cisco Nexus 1000V Series Switch is integrated with the VMWare hypervisor and sits in the kernel to provide fast path performance. The switch connects physical workloads with virtualized workloads using Cisco VN-Link, providing mobility for workloads without network reconfiguration.
• Cisco Overlay Transport Virtualization (OTV) allows service providers to move virtual machines from one data center to another while retaining their network attributes. With Cisco OTV, service providers can deploy data center interconnect (DCI) between data centers, with virtual computing resources and clusters spread across different points of delivery (PoDs) separated by the Layer 3 network in the same data center or in geographically distributed data centers.
• Cisco Network Positioning System (NPS) on the Cisco CRS-3 Carrier Routing System (CRS) helps to locate applications, services, and content in cloud service delivery environments. The feature searches the network from one data center to another, using recommendations for application layers based on accurate information such as routing protocols, management statistics, and policy databases.
Unified Network Services
• Cisco Application Control Engine (ACE) is a load-balancing and application delivery solution designed for both physical and virtual data center environments. Cisco ACE (available as a module, appliance, or virtual module) provides server load balancing, content switching, server offloading, and application optimization. Server load balancing, the primary capability of the Cisco ACE, is a mechanism for distributing traffic across multiple servers, offering high application availability and server resource utilization. All Cisco ACE features reduce the time required to deploy and upgrade applications and the costs and resource requirements associated with data center application infrastructure.
• Cisco Virtual WAAS (VWAAS) is a virtual appliance that accelerates business applications delivered from private and virtual private cloud infrastructures to provide an optimal user experience. The appliance runs on VMWare ESXi hypervisor and the Cisco UCS x86 servers, providing an agile, elastic, and multitenant deployment. VWAAS is the prime WAN optimization solution that can be deployed in an application-specific, virtualization-aware, and on-demand configuration.
• Cisco VSG supplies security to the network and the virtualized infrastructure. It goes beyond IP address, port numbers, and VLANs, recognizing virtual machines and applying security policies to virtual ports while following the virtual machine from one data center to another in the cloud. Cisco VSG utilizes an extensible rule engine to interpret virtual machine context and apply rules accordingly. Cisco VSG can also apply policies to security zones beyond a VLAN and within a VLAN, so that a service provider can designate one VLAN per customer and provide a security zone within that VLAN, much like a workload. As a multitenant component, the Cisco VSG can be deployed in the virtualized data center environment and it can be centrally managed through APIs so that other portals and orchestration tools can use it as part of an automated provisioning process. This process is managed by the Cisco Virtual Network Management Center, a centralized console for configuring policies across a virtualized cloud infrastructure.
Summary of Cisco Cloud Service Assurance Use Cases
Table 1 includes customer use cases and the corresponding Cisco Cloud Service Assurance solution components.
Table 1. Cisco Cloud Service Assurance Customer Use Cases
Function
Cisco Cloud Service Assurance Solution Components
Offer an SLA from the service provider data center to the customer location
Cisco virtual NAM and Cisco NAM to collect network performance data and make it available to reporting systems (such as those from Cisco partners NetQoS, InfoVista, and Fluke Networks)
Cisco NetFlow to gather network traffic statistics
Cisco IP SLA to analyze network traffic policies
Cisco NBAR to invoke specific services in coordination with QoS for control of application traffic
Host enterprise customer virtual machines in the service provider data center with service assurance
Cisco UCS as the server platform
Cisco FabricPath on the data center switch to provide scaling of Ethernet connections
Move a virtual machine from one server to another without service interruption
Cisco VN-Link on the Cisco Nexus 1000V Series Switch
Move a virtual machine from one data center to another without service interruption
Cisco OTV on the Cisco Nexus 7000 Series Switch on both ends
Burst a virtual machine from an enterprise data center to a service provider data center
Cisco VN-Link on the Cisco Nexus 1000V Series Switch and OTV on the Cisco Nexus 7000 Series Switch in both data centers
Provide network resources from any data center
Cisco CRS-3 NPS to provide Layers 3 to 7 with application information for best path to content, enabling a business VPN user to switch from one data center to another to find and use the most available resources
Provide performance assurance for hosted applications
Cisco VWAAS to provide performance acceleration for applications traversing the WAN to remote users and to provide WAN optimization for VMWare vMotion™ events between data centers - technology that allows for virtual machine mobility between two VMware vSphere™ servers instantaneously with no application downtime
Provide security for hosted virtual machines in a multitenant environment
Cisco VSG to provide security for virtual machines in a virtualized environment, operating in a multitenant environment such as a hosting data center
Provide availability and control for hosted applications
Cisco ACE and virtual ACE to provide server load balancing and application control
Why Cisco
The Cisco Cloud Assurance Solution is based on a product and technology portfolio that spans the entire scope of service delivery infrastructure, from technologies and platforms used for service delivery in the data center through transport and intelligence in the Cisco IP NGN, and out to endpoints for business and residential subscribers. Other solutions on the market tend to focus on a few narrow areas, resulting in an environment that perpetuates disconnected and localized improvements while sacrificing the greater gains obtained from a full optimization across the entire service delivery environment. As a result, Cisco is in a leading position to assist service providers as they position cloud offerings.
Conclusion
With the Cisco Cloud Assurance Solution, service providers can promote cloud offerings that include stringent application assurance SLAs. This is a powerful new motivator to give customers confidence in cloud-based services as cost-effective options for mission-critical as well as standard business applications. Service providers can also take full advantage of their APM-ready infrastructure for SaaS providers, where the service is hosted by the service provider on behalf of the SaaS vendor.
APM and workload assurance and mobility differentiate service providers from third-party OTT providers, with application assurance over Cisco Unified Service Delivery environments becoming a significant competitive advantage.
For More Information
For more information about the Cisco Cloud Service Assurance solution, contact your Cisco account representative today.
