You are on page 1of 30

Application Delivery for the Extended Enterprise

Application Velocity System Cisco Application Networking October 2005

Session Number Presentation_ID

© 2005 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

IT Faces Dual Pressures in the Global Enterprise
Increasing User Functionality and Distribution

Increasing IT Consolidation and Compliance

Today’s Apparent IT Choices

Emphasize Service at the Expense of Cost
Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved.

Emphasize Cost and Compliance Over Service
Cisco Confidential
2

A New Perspective for IT
Network
• More bandwidth • Lots of point products • Replicate data centers

Operations
• More servers • More management tools • Re-architect infrastructure

Applications
• More testing • Rewrite applications • Security patching

Cisco Application Delivery Solutions
Network
WAN WAE WAE AVS
Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved.

Operations
CSS/CSM Cat 6K

Applications

Cisco Confidential

3

Cisco Application Delivery Solutions • Cisco Application Delivery Solutions cooperate to deliver service across the extended enterprise. All rights reserved. . Cisco Helps IT Extend its Reach to Support all Users and Applications Across the Enterprise Cisco Confidential 4 Session Number Presentation_ID © 2005 Cisco Systems. allowing users to interact as though they were local • The Solutions Are network-based devices At different points in the network That offload functions from servers And process applications in real-time • Allow IT to meet business requirements (service. flexibility) plus the IT mandate for lower costs and better compliance Like a reliable messenger. Inc.

All rights reserved. Cisco Confidential 5 .Performance Impedes Web-based Business Applications Increasingly Represent the Business • Web promoted process automation across the Extended Enterprise • Pressure to move from staff to software drives productivity Solutions Should Serve All Users. Inc. Everywhere • Consolidation encouraging one-to-all application support for all • Fewer and fewer managed endpoints • Security adds necessary overhead Chokepoint Evolves From Bandwidth to Latency • Developers write for functionality • Bandwidth issues are more limited • Individual web page rendering can take 150 network calls Session Number Presentation_ID © 2005 Cisco Systems.

and secure application service to all users Cisco AVS 3120 Session Number Presentation_ID © 2005 Cisco Systems. monitor. Inc. Cisco Confidential 6 . All rights reserved.New Solution for the Data Center • Accelerate and optimize all web-based applications across the extended enterprise • Data center-only deployment No client-side deployment Application Velocity System AVS • Only data center appliance to control and optimize at Layer-7 2X–response time improvements 80% decrease in bandwidth requirements 80% fewer server cycles • Deliver.

Application Delivery in the Data Center Breakthrough impact on user response times Features • Full reverse application proxy • Powerful unique optimizations • Integrated security/monitoring Benefits • Dramatic response time improvements • No changes to infrastructure or apps Application Velocity System The market-leading L4-7 switching platform Features • Load balancing • SSL encryption/decryption • Session redundancy Benefits • Application availability • Server offload • Network integrated CSS/CSM Content Switch The World’s leading LAN switching platform Features • Highest industry performance • Modular architecture • Multi-service ready © 2005 Cisco Systems. Inc. robust. Catalyst Switch Benefits • Scalable. All rights reserved. and future-proof • Multi-service integration • World-class support Cisco Confidential 7 Session Number Presentation_ID .

All rights reserved.AVS Does Real-time Application Processing • Real-time application processing. and optimization • Any HTML or XML-based application • Transparent session optimization and client management Band Redu width Func ction tions • Comprehensive policy and rules-based operation • Pre-built templates for applications and content • Interoperability with other Cisco solutions Network Latency Control d ffloa er O Serv nctions Fu Application Delivery Engine En Mo d-to nit -En or d ing on ati ll lic pp rewa A i F Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 8 . Inc. control.

All rights reserved. Cisco Confidential 9 . Locations) $500K annually Session Number Presentation_ID © 2005 Cisco Systems.4MM annually • Immediate jump in CRM usage (Upgrade 200 with Improved account retention U.S.AVS Delivers Real-World Value Application Software AVS Improvement 270% 350% 300% Cost of Likely Alternative $4MM Business Impact Call Center (High tech) Purchasing (Manufacturing) Mortgage Origination (Financial) Claims Management (Insurance) B2B Operations (Retail) CRM (Financial) PeopleSoft SAP Custom J2EE: WebSphere Custom J2EE: WebSphere Plumtree Siebel (2 New Overseas Data Centers) (Multiple Overseas Data Centers) (Reengineer Apps and Infrastructure) (No Reengineering) • Meet support goals with no additional staffing or costs • Increase procurement automation • 30% more transactions across same infrastructure • Support “zero-footprint” branch $5MM $2MM 220% $3MM 350% 290% • Move all costly paper-based (Upgrade 650 Sites) processes online $2. Inc.

10 . All rights reserved. HP. Cisco Confidential etc.  Application delivery dashboard  Service-level integration with BMC. Inc. PNG)  Flexible processing rules      Configurable dynamic caching* Load-based caching* Lazy request evaluation* Single sign-on optimizations XML merging/transformation Offload  TCP connection multiplexing Server Efficiency  SSL offload and acceleration  Static caching Monitor Application QoS  Logging  System health checking  Rules-based protection  End-to-end response time monitoring  Business transactions capability  First-line service triage  Out-of-the-box Layer-7 protections  Stateful Content inspection policies  Comprehensive exception handling and monitoring Secure Protect Applications and Infrastructure Session Number Presentation_ID Management/  SNMP access and control © 2005 Cisco Systems. GIF.Technology Advantage Functional Areas Accelerate Network Latency Management Basic Capabilities AVS Capabilities (*= Patented)     Request aggregation / browser cache management* Browser TCP multiplexing* PDF download optimization Response redirection control* Optimize  Gzip/DEFLATE compression  Delta encoding* Bandwidth Reduction  Dynamic browser caching*  Dynamic image optimization (JPG.

All rights reserved. • This reduces the total number of HTTP requests for subsequent visits to the same page.Application Acceleration Examples FlashForward • Embedded objects referenced in HTML container pages are served with Expires: which sets expiry in the future. • Benefits: Decreased page download time Decreased network congestion Decreased number of requests to origin server Session Number Presentation_ID © 2005 Cisco Systems. Inc. • On 2nd visit Browser will not send GET for objects in cache if the current date & time is not greater than the object expiry date. Cisco Confidential 11 .

Inc. Cisco Confidential 12 . • Delta works by calculating and sending only the difference between two visits to an dynamic HTML page • Benefits: Reduced bandwidth usage Reduced page download times Works in combination with other optimizations Session Number Presentation_ID © 2005 Cisco Systems.Application Acceleration Examples Delta Encoding • HTML pages today are largely dynamically generated making it not cacheable • Browser must download entire page each visit. All rights reserved.

All rights reserved. Inc. Cisco Confidential 13 .WAE and AVS Cooperate in the Branch • End-user pull AVS makes dynamic content fully cacheable WAE serves locally in the branch Cisco.com • IT or Line of Business push Content pre-positioned in the branch AVS ensures freshness es nopse R e mT i AVS cuts response time by 53% • Solutions cooperate to optimize SSL sessions C is c o . c o m + A V S WAE cuts response time an additional 90% AVS+W AE Session Number Presentation_ID © 2005 Cisco Systems.

OpenView…) • Benefits End-user visibility First-line problem triage Reduce mean-time-to-repair Session Number Presentation_ID © 2005 Cisco Systems.Application Monitoring • End-user response time monitoring Actual users and transactions Business. Tivoli.and process-level aggregation Full drill-down to page and location • “Drop-in” deployment No changes to application or desktop Data center installation Application Delivery Engine End-to-End Monitoring • Delivery Dashboard and flexible reporting Wizard-based transaction builder Support for Enterprise Consoles (BMC. Cisco Confidential 14 . All rights reserved. Inc.

Cisco Confidential 15 . All rights reserved.Cisco Is Committed to Application Networking INTEGRATED APPLICATIONS Application Networking Network Intelligence INTEGRATED SERVICES PHASE 3 Virtualized Networking Resources Get More Value From Applications and Services Get More Value From Infrastructure and Resources Get More Access to Your People and Resources INTEGRATED TRANSPORT PHASE 2 The Intelligent Movement of Data/Voice/Video Across a System of Networks PHASE 1 Time Cisco’s Technology Vision: The Intelligent Information Network Session Number Presentation_ID © 2005 Cisco Systems. Inc.

All rights reserved. Inc. Session Number Presentation_ID Cisco Confidential 16 .NET application Note: Not all customers are externally reference-able © 2005 Cisco Systems.Global and Diverse Customer Base Manufacturi Financial ng Services & High Tech Portals and Collaborati on Back-Office Enterprise Application s Retail Government Other Industries Customer Care and CRM Custom J2EE & .

Challenge Could not measure or meet service levels on key applications to 36. Inc. Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 17 .5B CHF global lCisco AVS 3110er in compliance services.SGS Profile 2.000 employees in 120 countries. Switz. All rights reserved. Results Measure and Meet global service levels without data-center replication. HQ: Geneva.

Results Double performance without rewriting application. All rights reserved. Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Deployment: Custom Vignette application.Customer Profile: BMW UK Profile Global automaker known for performance Challenge Improve performance of used car application for consumers and retail dealers. Cisco Confidential 18 . Inc.

Cisco AVS 3110 S/W on IBM Linux Session Number Presentation_ID © 2005 Cisco Systems.TJX Companies Profile $14B apparel retailer.000 employees US. UK. Deployment WebSphere & Lotus. Cisco Confidential 19 . All rights reserved. Inc. Ireland. 105. MA. Results Meet service levels on VSAT WAN without application rewrites. Challenge Could not meet service levels for data-center consolidation of store management applications. HQ: Framingham.

150 destinations.000 employees. Challenge Difficulty measuring/meeting service levels at global user base for enterprise applications Results Measure and Meet service levels without additional data centers in Europe and Latin America. Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Cisco Confidential 20 . All rights reserved. Inc. Deployment Various applications.American Airlines Profile $18B airline 100.

Cisco Confidential 21 . All rights reserved. Results Measure service levels at end-user. Cisco AVS 3110 Appliance Session Number Presentation_ID © 2005 Cisco Systems. Deployment Plumtree & PeopleSoft.Quantum Profile Cisco AVS 3110ing disk-drives manufacturer Challenge Difficulty measuring and meeting service levels for employee portal & ERP worldwide. meet service levels without additional data centers. Inc.

Cisco Edge Cache Session Number Presentation_ID © 2005 Cisco Systems. HQ: Paris. All rights reserved. Deployment: Custom Websphere. France. Challenge Poor application service levels of Siebel and claims adjustment applications hindered business automation Results Meet service levels at branch offices without infrastructure upgrades or performance engineering.Customer Profile: AXA Financial Profile $96B commercial and personal insurer. Cisco Confidential 22 .000 employees worldwide. Cisco AVS 3110 Appliance. 80. Inc. Siebel.

Cisco Confidential 23 . Cisco Helps IT Extend its Reach to Support all Users and Applications Across the Enterprise Session Number Presentation_ID © 2005 Cisco Systems.Q and A Like a reliable messenger. Inc. All rights reserved.

Roadmap: Next Version of AVS • Supports AVS 3110 and 3120 • Supports All FineGround AppScreen Features • Improve inbound attack feature sets Quantity of attack rules Ease of configuration Customization attack rules Match criteria. All rights reserved. disposition and actions are expanded Policy and Precedent – Cisco C3PL-like Security Model Attacks Blocked SQL Injection Cross-Site Scripting Command Injection Cookie/Session Poisoning Application Reconnaissance LDAP Injection Buffer Overflows Directory Traversals Attack Obfuscation Application Platform Exploits Zero Day Attacks Cookie Poisoning Parameter Tampering Cisco Confidential 24 • Application Cloaking • Customizable Error Return Codes • Encrypted & Tamperproof Cookies • Learning Mode – Parameter Tampering • Click_To_Rule Recommendation Wizard • Granular URL Request and Header Limits • Data Theft Prevention • Add Transparent Inline & Out of Band Monitoring • Increased performance Session Number Presentation_ID © 2005 Cisco Systems. . Inc.

Inc.Focus of Attacks Moves the Application Layer 75% of Attacks Focused Here Custom Web Applications Customized Packaged Apps Internal and 3rd Party Code Business Logic & Code Web Servers Operating Systems Network Firewall IDS IPS o a N n ig S r s o he s tc a P Application Servers Operating Systems Network re tu Database Servers Operating Systems Comprehensive Application Security is the Answer! Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. Cisco Confidential 25 .

Cisco Confidential 26 .Bi-Directional Deep Inspection Enables Application Inspection and Control INSPECTS FOR: User Access and Feature usage Malicious Software Illegal URLs & Key Words Malevolent XML & Web Services Parameter Tampering Application Abuse Instant Messenger Spyware IP IP UDP TCP HTTP FTP H. Inc. All rights reserved.323 SIP SCCP IM P2P SMTP DNS MS RPC CIFS NetBIOS • Deep packet inspection • Enforce policy for application feature usage and user controls • Transaction logging and report for Application Security forensics • Protocol compliance and anomaly detection Session Number Presentation_ID © 2005 Cisco Systems.

Cisco Confidential 27 . All rights reserved.com Servers: COULD NOT DETERMINE Server returned no data Vulnerable URL : None found Session Number Presentation_ID © 2005 Cisco Systems.xyz. Inc.Application Cloaking Hard to attack what you can’t see Invisible to Outside Web Server type Error Codes App Server type Operating System Version Numbers Patch Levels Known Vulnerabilities IP Addresses Nighthawk Whisker scanning http://www.

Nighthawk Foundation – Full visibility Normalization of all traffic to a canonical form before applying policies d5opx.html ³7JMµ4[ø´Èò¾ø má¼ %2Fhomepage%2Findex%2 Terminate and decrypt SSL Normalize Apply Security Policy Stops attacks disguised by encrypting and encoding Session Number Presentation_ID © 2005 Cisco Systems. Inc. All rights reserved..u /homepage/index/pictures/thumbs.ÐÓGE]Ì€³óâ= %2E%2E%2Fhome%2Fuser . Cisco Confidential 28 ./home/user [Zܾç­Ù‰Vð„'‰<½ #Ôm]ëæoª5Zòˆ!0^Ý£kê %2F%7Eroot%2Fetc%2Fpas /~root/etc/p ØmtÈ‘œín‘k»A H?>'5@Ì¿êÜ°Ýë.

All rights reserved. PROBLEM Web Applications Cisco Confidential 29 . Inc.Protection Method: Data Theft Protection Credit Card 1234-5678-9012-3456 Social Security 123-45-6789 Driver’s License A123456 Employee ID S-924600 Patient ID 134-AR-627 Users Session Number Presentation_ID Any web app that links to critical data may expose that data to hackers © 2005 Cisco Systems.

Inc.Data Theft Protection MASK MASK BLOCK MASK BLOCK Credit Card XXXX-XXXX-XXXX-3456 Social Security XXX-XX-XXXX Driver’s License A123456 Employee ID XXXX Patient ID 134-AR-627 Users Night hawk Appliance Web Applications Cisco Confidential 30 Session Number Presentation_ID © 2005 Cisco Systems. All rights reserved. .