Optimisation is a constant worry of network executives who need to make unruly applications -- never designed to run over anything but a high-speed LAN -- perform smoothly on the WAN. These days, network executives need to boost application performance itself, as well as factor in how to optimise storage, encryption and server-to-server technologies, such as XML.
Cisco wants to help by putting everything related to optimisation into an intelligent network layer. Then, for example, network executives can deploy optimisation services as blades and software add-ons in their existing Cisco gear. The router giant's network-based application optimisation strategy splits along the lines of two product families: Application-delivery networks focus on user-to-application communications (including performance, security and so forth), while the Application Oriented Networking initiative centres on application-to-application communications. We asked George Kurian, general manager for Cisco's application delivery business unit, to explain how it all fits together.
When it comes to application optimisation, what makes Cisco different from a growing list of competitors?
We allow the customer to deploy WAN optimisation while not disrupting any of the operating policies, such as for QoS or security, implemented in the network. Some other vendors require customers to migrate QoS policies onto their boxes from the routers. They require a tunnel-based architecture on top of the router network, which means customers have to manage two different domains -- the routing domain and the application-acceleration domain.
Cisco's approach leads to a single device, often used at a remote site, which does routing, security, WAN optimisation and more. Are you recommending this "god box," otherwise known as the integrated services router, as the best possible architectural choice?
Cisco has shipped more than 2 million ISRs [Integrated Service Routers] since their introduction in September 2004. This clearly validates customers' interest in service integration, device consolidation and a single point of vendor accountability, especially for a branch environment.
Does the ISR really integrate services, or are the services simply running side by side on a single power supply?
The services are really integrated, rather than just sharing physical power and cooling elements. Services are clearly aware of each other's operations and are able to pace each other and ensure that one does not disrupt the other. We also leverage services, such as load balancing and fail-over, on Cisco routers and switches that allow you to deploy WAN optimisation out-of-path rather than inline with a single point of failure on a single appliance.
Cisco recently acquired Reactivity, which makes XML gateways. How will XML play in Cisco's network-optimisation strategy?
We certainly see Reactivity's XML gateway technology being integrated on products such as our Application Control Engine [ACE], which is a service module in our Catalyst 6500 product for the data centre.
How does the storage technology you recently acquired from NeoPath Networks fit into your overall network-optimisation plans?
NeoPath continues our strategy to provide network-accelerated storage services. In the block-storage world, we've demonstrated through APIs built on our MDS Director-class switches that partners' products -- such as EMC's Invista -- can provide block virtualisation of storage and network-accelerated storage services. NeoPath will offer equivalent API capabilities for partners, but in the file domain.
Where would encryption, which can be tricky to use with optimisation, fit into Cisco's scheme?
If one were to use SSL encryption from the desktop, we believe that the right way to do key management is co-resident with the servers in the enterprise's trusted data-centre environment.
Let's say you are on an SSL VPN connection coming into the data centre. The initial handshake for SSL will happen with a Cisco ACE, which is a server-load-balancing, SSL-termination and off-load device that sits in front of the data-centre server farm. Cisco ACE will verify that the user has the appropriate access to application. WAN-optimisation engines, such as the Cisco WAAS [Wide Area Application Services] solution, in the future will need to participate in that trusted discussion so that customers can keep the SSL certificates exclusively in their SSL termination devices.
When WAN-optimisation devices are recognised as supplicants by SSL termination devices, via trusted protocol conversations, customers will no longer have to distribute certificates to all of these devices in the network. Also, all of their WAN-optimised data transfers for SSL traffic can happen seamlessly.
Competing WAN-optimisation products -- I'm thinking of Packeteer appliances -- can be placed in various spots all over the network, including on the server itself. So why wouldn't an enterprise user want to do that?
Putting WAN-optimisation software in individual servers does not give you the advantage of doing it once and sharing it across multiple servers and applications. That's the unique benefit the network offers.