You are on page 1of 30

Application Delivery for the

Extended Enterprise

Application Velocity System
Cisco Application Networking
October 2005

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1

IT Faces Dual Pressures
in the Global Enterprise
Increasing User
Functionality and

Distribution

Increasing
IT Consolidation
and Compliance

Today’s Apparent IT Choices

Emphasize Service at the Emphasize Cost and
Expense of Cost Compliance Over Service
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

A New Perspective for IT

Network Operations Applications

• More bandwidth • More servers • More testing
• Lots of point products • More management tools • Rewrite applications
• Replicate data centers • Re-architect infrastructure • Security patching

Cisco Application Delivery Solutions

Network Operations Applications

CSS/CSM
WAN
Cat 6K
WAE WAE
AVS

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3

flexibility) plus the IT mandate for lower Like a reliable messenger. Cisco Confidential 4 . Cisco Application Delivery Solutions • Cisco Application Delivery Solutions cooperate to deliver service across the extended enterprise. allowing users to interact as though they were local • The Solutions Are network-based devices At different points in the network That offload functions from servers And process applications in real-time • Allow IT to meet business requirements (service. All rights reserved. Inc. Cisco costs and better compliance Helps IT Extend its Reach to Support all Users and Applications Across the Enterprise Session Number Presentation_ID © 2005 Cisco Systems.

Performance Impedes Web-based Business Applications Increasingly Represent the Business • Web promoted process automation across the Extended Enterprise • Pressure to move from staff to software drives productivity Solutions Should Serve All Users. Everywhere • Consolidation encouraging one-to-all application support for all • Fewer and fewer managed endpoints • Security adds necessary overhead Chokepoint Evolves From Bandwidth to Latency • Developers write for functionality • Bandwidth issues are more limited • Individual web page rendering can take 150 network calls Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. Cisco Confidential 5 . Inc.

monitor. Inc. Cisco Confidential 6 . All rights reserved. New Solution for the Data Center • Accelerate and optimize all web-based applications across the extended enterprise • Data center-only deployment Application Velocity System No client-side deployment AVS • Only data center appliance to control and optimize at Layer-7 2X–response time improvements 80% decrease in bandwidth requirements 80% fewer server cycles • Deliver. and secure Cisco AVS 3120 application service to all users Session Number Presentation_ID © 2005 Cisco Systems.

Inc. Cisco Confidential 7 . robust. All rights reserved. Application Delivery in the Data Center Breakthrough impact on user response times Features Benefits • Full reverse application proxy • Dramatic response time Application • Powerful unique optimizations improvements Velocity System • Integrated security/monitoring • No changes to infrastructure or apps The market-leading L4-7 switching platform Features Benefits • Load balancing • Application availability CSS/CSM • SSL encryption/decryption • Server offload Content Switch • Session redundancy • Network integrated The World’s leading LAN switching platform Features Benefits • Highest industry performance • Scalable. and future-proof Catalyst Switch • Modular architecture • Multi-service integration • Multi-service ready • World-class support Session Number Presentation_ID © 2005 Cisco Systems.

Cisco Confidential 8 . and optimization • Any HTML or XML-based application • Transparent session optimization and Network client management Latency Control • Comprehensive policy and Serv nctions Redu width rules-based operation Func ction Fu tions er O • Pre-built templates for applications and Band content Application ffloa Delivery • Interoperability with other Cisco d Engine solutions En n Mo d-to a tio nit -En c l or d ppli wal ing A ire F Session Number Presentation_ID © 2005 Cisco Systems. Inc. All rights reserved. AVS Does Real-time Application Processing • Real-time application processing. control.

All rights reserved. Inc. AVS Delivers Real-World Value Application Software AVS Cost of Likely Business Impact Improvement Alternative Call Center PeopleSoft 270% $4MM • Meet support goals with no (High tech) (2 New Overseas additional staffing or costs Data Centers) Purchasing SAP 350% $5MM • Increase procurement (Manufacturing) (Multiple Overseas automation Data Centers) Mortgage Custom 300% $2MM • 30% more transactions across Origination J2EE: (Reengineer Apps same infrastructure (Financial) WebSphere and Infrastructure) Claims Custom 220% $3MM • Support “zero-footprint” branch Management J2EE: (No Reengineering) (Insurance) WebSphere B2B Operations Plumtree 350% $500K annually • Move all costly paper-based (Retail) (Upgrade 650 Sites) processes online CRM Siebel 290% $2.4MM annually • Immediate jump in CRM usage (Financial) (Upgrade 200 with Improved account retention U.S. Locations) Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 9 .

PNG) Reduction  Flexible processing rules Offload  TCP connection multiplexing   Configurable dynamic caching* Load-based caching* Server Efficiency  SSL offload and acceleration  Lazy request evaluation*  Static caching  Single sign-on optimizations  XML merging/transformation Monitor  End-to-end response time monitoring  Business transactions capability Application QoS  Logging  First-line service triage  System health checking Secure  Rules-based protection  Out-of-the-box Layer-7 protections  Stateful Content inspection policies Protect  Comprehensive exception handling and monitoring Applications and Infrastructure Management/ Session Number  SNMP access and control  Application delivery dashboard  Service-level integration with BMC. Cisco etc. Confidential Presentation_ID © 2005 Cisco Systems. HP. 10 . Technology Advantage Functional Areas Basic Capabilities AVS Capabilities (*= Patented) Accelerate   Request aggregation / browser cache management* Browser TCP multiplexing* Network Latency  PDF download optimization Management  Response redirection control* Optimize  Gzip/DEFLATE compression  Delta encoding*  Dynamic browser caching* Bandwidth  Dynamic image optimization (JPG. All rights reserved. GIF. Inc.

Inc. Application Acceleration Examples FlashForward • Embedded objects referenced in HTML container pages are served with Expires: which sets expiry in the future. • This reduces the total number of HTTP requests for subsequent visits to the same page. Cisco Confidential 11 . • Benefits: Decreased page download time Decreased network congestion Decreased number of requests to origin server Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. • On 2nd visit Browser will not send GET for objects in cache if the current date & time is not greater than the object expiry date.

All rights reserved. Application Acceleration Examples Delta Encoding • HTML pages today are largely dynamically generated making it not cacheable • Browser must download entire page each visit. Inc. Cisco Confidential 12 . • Delta works by calculating and sending only the difference between two visits to an dynamic HTML page • Benefits: Reduced bandwidth usage Reduced page download times Works in combination with other optimizations Session Number Presentation_ID © 2005 Cisco Systems.

com AVS makes dynamic content fully cacheable WAE serves locally in the branch AVS cuts • IT or Line of Business push response Content pre-positioned time by 53% in the branch AVS ensures freshness es nopse R iT • Solutions cooperate to optimize WAE cuts response em SSL sessions time an additional 90% C is c o . Cisco Confidential 13 . All rights reserved. WAE and AVS Cooperate in the Branch • End-user pull Cisco. c o m + A V S AVS+W AE Session Number Presentation_ID © 2005 Cisco Systems. Inc.

Cisco Confidential 14 . Tivoli. All rights reserved.and process-level aggregation Delivery Full drill-down to page and location Engine • “Drop-in” deployment End-to-End No changes to application or desktop Monitoring Data center installation • Delivery Dashboard and flexible reporting Wizard-based transaction builder Support for Enterprise Consoles (BMC. Application Monitoring • End-user response time monitoring Actual users and transactions Application Business. Inc. OpenView…) • Benefits End-user visibility First-line problem triage Reduce mean-time-to-repair Session Number Presentation_ID © 2005 Cisco Systems.

Cisco Confidential 15 . Cisco Is Committed to Application Networking INTEGRATED APPLICATIONS Application Get More Value Networking From Applications INTEGRATED PHASE 3 and Services Network Intelligence SERVICES Virtualized Networking Get More Value Resources From Infrastructure INTEGRATED PHASE 2 and Resources TRANSPORT The Intelligent Movement of Get More Access Data/Voice/Video Across a System to Your People and of Networks PHASE 1 Resources Time Cisco’s Technology Vision: The Intelligent Information Network Session Number Presentation_ID © 2005 Cisco Systems. Inc. All rights reserved.

Global and Diverse Customer Base Manufacturi Financial Retail Government Other ng Services Industries & High Tech Portals and Collaborati on Back-Office Enterprise Application s Customer Care and CRM Custom J2EE & . Inc. All rights reserved.NET Note: Not all customers are externally reference-able application Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 16 .

Results Measure and Meet global service levels without data-center replication. All rights reserved. Cisco Confidential 17 .000 employees in 120 countries.5B CHF global lCisco AVS 3110er in compliance services. Session Number Presentation_ID © 2005 Cisco Systems. HQ: Geneva. SGS Profile 2. Inc. Switz. Challenge Could not measure or meet service levels on key applications to 36.

All rights reserved. Customer Profile: BMW UK Profile Global automaker known for performance Challenge Improve performance of used car application for consumers and retail dealers. Inc. Deployment: Custom Vignette application. Results Double performance without rewriting application. Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 18 .

All rights reserved. UK. HQ: Framingham. Ireland. Deployment WebSphere & Lotus.000 employees US. TJX Companies Profile $14B apparel retailer. Results Meet service levels on VSAT WAN without application rewrites. MA. Inc. Challenge Could not meet service levels for data-center consolidation of store management applications. Cisco AVS 3110 S/W on IBM Linux Session Number Presentation_ID © 2005 Cisco Systems. 105. Cisco Confidential 19 .

000 employees. Deployment Various applications. 150 destinations. Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 20 . All rights reserved. American Airlines Profile $18B airline 100. Challenge Difficulty measuring/meeting service levels at global user base for enterprise applications Results Measure and Meet service levels without additional data centers in Europe and Latin America. Inc.

Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Quantum Profile Cisco AVS 3110ing disk-drives manufacturer Challenge Difficulty measuring and meeting service levels for employee portal & ERP worldwide. All rights reserved. Results Measure service levels at end-user. Inc. Cisco Confidential 21 . Deployment Plumtree & PeopleSoft. meet service levels without additional data centers.

All rights reserved.000 employees worldwide. Cisco Confidential 22 . Customer Profile: AXA Financial Profile $96B commercial and personal insurer. France. Deployment: Custom Websphere. Siebel. 80. Cisco AVS 3110 Appliance. Challenge Poor application service levels of Siebel and claims adjustment applications hindered business automation Results Meet service levels at branch offices without infrastructure upgrades or performance engineering. HQ: Paris. Cisco Edge Cache Session Number Presentation_ID © 2005 Cisco Systems. Inc.

Q and A Like a reliable messenger. Cisco Helps IT Extend its Reach to Support all Users and Applications Across the Enterprise Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 23 . All rights reserved. Inc.

Inc. disposition and actions are expanded Policy and Precedent – Cisco C3PL-like Security Model SQL Injection Cross-Site Scripting • Application Cloaking Command Injection • Customizable Error Return Codes Cookie/Session Poisoning • Encrypted & Tamperproof Cookies Application Reconnaissance • Learning Mode – Parameter Tampering LDAP Injection Buffer Overflows • Click_To_Rule Recommendation Wizard Directory Traversals • Granular URL Request and Header Limits Attack Obfuscation • Data Theft Prevention Application Platform Exploits Zero Day Attacks • Add Transparent Inline & Out of Band Monitoring Cookie Poisoning • Increased performance Parameter Tampering Session Number Presentation_ID © 2005 Cisco Systems. Roadmap: Next Version of AVS • Supports AVS 3110 and 3120 • Supports All FineGround AppScreen Features • Improve inbound attack feature sets Quantity of attack rules Ease of configuration Customization attack rules Attacks Blocked Match criteria. Cisco Confidential 24 . All rights reserved.

All rights reserved. Inc. Focus of Attacks Moves the Application Layer 75% of Attacks Focused Here re tu Custom Web Applications o N na Customized Packaged Apps Internal and 3rd Party Code i g Business Logic & Code S r o es Web s t ch Servers Application Servers Database Servers Systems P Operating a Operating Systems Operating Systems Network IDS Network Firewall IPS Comprehensive Application Security is the Answer! Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 25 .

Bi-Directional Deep Inspection Enables Application Inspection and Control INSPECTS FOR: HTTP FTP User Access and Feature usage H. Cisco Confidential 26 .323 Malicious Software SIP IP UDP Illegal URLs & Key Words SCCP Malevolent XML & Web Services IP TCP IM Parameter Tampering P2P SMTP Application Abuse DNS Instant Messenger MS RPC Spyware CIFS NetBIOS • Deep packet inspection • Enforce policy for application feature usage and user controls • Transaction logging and report for Application Security forensics • Protocol compliance and anomaly detection Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. Inc.

xyz.com Servers: COULD NOT DETERMINE Patch Levels Server returned no data Known Vulnerabilities Vulnerable URL : None found IP Addresses Session Number Presentation_ID © 2005 Cisco Systems. Application Cloaking Hard to attack what you can’t see Invisible to Outside Web Server type Error Codes App Server type Nighthawk Operating System Version Numbers Whisker scanning http://www. All rights reserved. Cisco Confidential 27 . Inc.

/home/user #Ôm]ëæoª5Zòˆ!0^Ý£kê ØmtÈ‘œín‘k»A %2F%7Eroot%2Fetc%2Fpas /~root/etc/p H?>'5@Ì¿êÜ°Ýë. Cisco Confidential 28 .u ³7JMµ4[ø´Èò¾ø má¼ %2Fhomepage%2Findex%2/homepage/index/pictures/thumbs.. All rights reserved. Nighthawk Foundation – Full visibility Normalization of all traffic to a canonical form before applying policies d5opx.html Apply Security Normalize Policy Terminate and decrypt SSL Stops attacks disguised by encrypting and encoding Session Number Presentation_ID © 2005 Cisco Systems.ÐÓGE]Ì€³óâ= [Zܾç­Ù‰Vð„'‰<½ %2E%2E%2Fhome%2Fuser. Inc.

Protection Method: Data Theft Protection Credit Card 1234-5678-9012-3456 Social Security 123-45-6789 Driver’s License A123456 Employee ID S-924600 Patient ID 134-AR-627 PROBLEM Users Any web app that links to critical Web data may expose that data to Applications hackers Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. Inc. Cisco Confidential 29 .

All rights reserved. Cisco Confidential 30 . Inc. Data Theft Protection Credit Card MASK XXXX-XXXX-XXXX-3456 Social Security MASK XXX-XX-XXXX Driver’s License BLOCK A123456 Employee ID MASK XXXX Patient ID BLOCK 134-AR-627 Users Night hawk Appliance Web Applications Session Number Presentation_ID © 2005 Cisco Systems.