CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION

Similar documents
Forum XWall and Oracle Application Server 10g

How Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners

Cisco UCS Central Software

Cisco Wide Area Application Services and Cisco Nexus Family Switches: Enable the Intelligent Data Center

White paper. Keys to Oracle application acceleration: advances in delivery systems.

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Overcoming Business Challenges in WAN infrastructure

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam: : VPN/Security. Ver :

Seven Criteria for a Sound Investment in WAN Optimization

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

Service Automation Made Easy

Overview SENTINET 3.1

Cisco Prime Cable Provisioning 5.1

Mobile TeleSystems (MTS) Converges Fixed and Mobile Telephony

Introduction. Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution

Dynamic Network Segmentation

FAQ. Frequently Asked Questions About Oracle Virtualization

Data Center 3.0: Transforming the Data Center via the Network

NFV and SDN what does it mean to enterprises?

Cisco ACE30 Application Control Engine Module

CyberP3i Course Module Series

IP Application Accelerator

Introduction to Cisco ASR 9000 Series Network Virtualization Technology

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

MPLS vs SDWAN.

Snort: The World s Most Widely Deployed IPS Technology

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Fibre Channel Advances Book

Cisco ISR G2 Management Overview

FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer

Secure VPNs for Enterprise Networks

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

The Oracle Trust Fabric Securing the Cloud Journey

HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Smarter Business Agility with WebSphere DataPower Appliances Introduction

One Platform Kit: The Power to Innovate

Application Oriented Networks: An SOA Perspective

is also based on Citrix NetScaler support for the Cisco Nexus 1110-S Virtual Services Appliance and related Cisco vpath traffic-steering technology.

A Technical Overview of the Lucent Managed Firewall

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Never Drop a Call With TecInfo SIP Proxy White Paper

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

New Features for ASA Version 9.0(2)

Web Services. Lecture I. Valdas Rapševičius. Vilnius University Faculty of Mathematics and Informatics

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Smart Data Center Solutions

NetPro. from Wireless Logic. Available on a per SIM license basis. No CAPEX. Retain your Airtime Contracts with your existing providers

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

Logical Network Design (Part II)

Solace JMS Broker Delivers Highest Throughput for Persistent and Non-Persistent Delivery

Oracle Exadata: Strategy and Roadmap

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Identity Firewall. About the Identity Firewall

Campus Network Design

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Microsoft Architecting Microsoft Azure Solutions.

SOA Infrastructure Reference Architecture: Defining the Key Elements of a Successful SOA Infrastructure Deployment

90 % of WAN decision makers cite their

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Cisco I/O Accelerator Deployment Guide

Cisco Data Center Network Manager 5.1

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

Cisco ASA Next-Generation Firewall Services

These patterns include: The use of proprietary software

ORACLE ENTERPRISE COMMUNICATIONS BROKER

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

WAN Optimization. Overview KNOW YOUR NETWORK

Cisco Network Admission Control (NAC) Solution

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

The Benefits of Wireless Infrastructure Management in the Cloud

E-Seminar. Storage Networking. Internet Technology Solution Seminar

Cisco Configuration Engine 2.0

Networking for a smarter data center: Getting it right

Delivering Business-Critical IP Multicast Applications Securely

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0

Convergence Everywhere

Delivering Windows-based Client-Server Applications Anywhere, On Demand with Presentation Server 4.5

Agile Data Center Solutions for the Enterprise

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Check Point 4800 with Gigamon Inline Deployment Guide

Securing CS-MARS C H A P T E R

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

Using IBM DataPower as the ESB appliance, this provides the following benefits:

Transcription:

CUSTOMER TESTIMONIAL CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION EXECUTIVE SUMMARY Visionary Technology Provides New Model for Application Infrastructure Services CUSTOMER NAME Cisco IT INDUSTRY Networking BUSINESS CHALLENGE Consolidate disparate B2B and Web-hosted environments Reduce the significant infrastructure, maintenance, and development costs of hosting disparate environments Eliminate inconsistent implementation of application-level security policy NETWORK SOLUTION Cisco Application-Oriented Networking products provide intelligent networkbased infrastructure services. Embedding these services in the network fabric enables applications to communicate more effectively and to extend information resources transparently across the extended enterprise. BUSINESS VALUE Lowered capital and operating costs by unifying functions in the network Greater application-level security by using enforceable enterprise policy Dramatically increased visibility into business activities and infrastructure events BACKGROUND The mission of the Cisco Systems business-to-business (B2B) operation is to become the easiest company to do e-business with. To further this mission, Cisco is in the process of deploying Cisco Application-Oriented Networking (AON), the first and only network-embedded intelligent message routing system that enables applications and the network to work together as an integrated system. CHALLENGE The Cisco IT department manages a mix of dissimilar hosted environments that thousands of customers, partners, and suppliers use to interact with Cisco. Customers order products or search for information on these sites, and partners and suppliers purchase products, check order status, manage inventory, and track the fulfillment of orders. These environments evolved over the years and reflect the various technologies in use at the time and the particular needs of each Cisco business unit (Figure 1). Some also had to be designed for compatibility with the particular needs and technologies of various partners. As part of a new initiative to become a process-driven enterprise that would enable Cisco to deploy new business initiatives more quickly, Cisco committed itself a few years ago to building a Service-Oriented Architecture (SOA). An SOA is based on a technology model in which business functions are organized as a collection of services, each with a clear business identity and strict formal interfaces. This model differs from earlier methodologies that relied on custom development and proprietary interfaces and were, therefore, largely inflexible and difficult to change. To implement an SOA approach, Cisco deployed new integration technologies in each of its hosted environments including Enterprise Application Integration (EAI) tools and Web services based on Extensible Markup Language (XML) and the Standard Object Access Protocol (SOAP) standard. Although these technologies helped overcome earlier challenges by bridging incompatible application protocols in each environment, each was implemented in isolation using disparate tools to manage and secure these services. The result has been a patchwork of integration technologies that have been costly to maintain and difficult to manage without a consistent, standardized way to implement, manage, and secure services across all of the environments. The maze of patchwork technologies is especially difficult in a B2B situation when, for example, a Cisco executive wants to see a complete view of all transactions between Cisco and a particular customer. To gain this perspective, a Cisco analyst must access each environment using different tools and processes, download the necessary information, and then combine this into a meaningful report. This process could take days to accomplish and still might not capture all the relevant information. Page 1 of 6

These challenges not only affect Cisco internally; they also affect how Cisco and its external suppliers and partners transact business. In the B2B environment, for instance, customers must obtain multiple certifications for each Cisco environment in which they interoperate. They also require a range of technologies to maintain compatibility with each environment. APPLICATION-LEVEL SECURITY IS VULNERABLE Cisco, in turn, faces difficulty trying to integrate its suppliers and partners in the B2B environment into its enterprise systems. Security is a primary concern. Although Cisco maintains stringent connectivity security in its DMZ a specially secured area that is maintained outside the enterprise firewall, application-level security is provided by the individual applications. As a result, application-level transactions are a potential security hole because application security can only be applied deep within the enterprise at the application server layer. What s more, application-level security is currently the responsibility of each programmer, a significant vulnerability because different programmers might implement security incorrectly or not all. No universal mechanism exists to ensure that security features in the applications are applied consistently and accurately. Ultimately, you don t want security to be in the hands of each developer, said Brook Schoenfield, senior security architect with the Cisco Security Program Office (CSPO), because you can t enforce it consistently. If a programmer implements security incorrectly, it leaves a hole. Also, security at the application layer slows application performance. Security should be part of the infrastructure, which would make it easy for the developer to get the security he or she needs. Our goal is security for the developers, not by developers. CISCO AON SOLUTION Cisco plans to deploy AON devices throughout its various hosted environments in three phases as follows: Phase 1 (internal implementation) Provide Web services security and management, and AON will provide common security mechanisms within the internal hosted environments. Phase 2 (external implementation) Provide security and management for external-facing Web services. Also, additional Cisco AON management and security capabilities will be deployed. Phase 3 (external implementation) Install an intelligent message-level router that complements B2B gateways to provide visibility into customer transactions (Table 1). When it performs Web services security in Phase 1, Cisco AON will manage such functions as digital signature verification, Secure Sockets Layer (SSL) termination, content inspection, message-based routing, and transaction logging. During Phase 2, Cisco AON will be deployed externally to secure and manage external-facing Web services. Along with the features in Phase 1, Cisco AON will perform protocol translation, message-level encryption and decryption, and service versioning. Today, to perform all of these security functions requires different tools, languages, and capabilities in each hosted environment. Our implementation of Web services security and management today is very human-resource-intensive, said Hicham Tout, system architect in the Internet Technology Group at Cisco. The disparity of tools and technologies required to perform all of these features across various environments requires significant overhead and administration. Cisco AON will provide Cisco IT a central, network-based device that will provide a standards-based approach for performing all of the above functions consistently. Page 2 of 6

WEB SERVICES MANAGEMENT: MESSAGE INSPECTION AND ROUTING Much as it is standardizing Web services security, Cisco IT also plans to use Cisco AON to standardize Web services management tasks that include content inspection and content-based routing. Today, the applications perform these tasks. If an order status request comes in, for example, the application checks the header of the request, determines that it is an order status request, and then routes it to the back-end Oracle application server, if that is the indicated destination. To provide this intelligence, however, requires a programmer to code the logic manually into the application. Unfortunately, each application handles this content routing differently, requiring specialty programmers who understand how to program in each application environment. The goal with Cisco AON is that it will act as a smart router that sits ahead of all application environments and receives these requests based on specific rules: both business and security or infrastructure rules. It will then extract the message, perform validations and transformations, and then route the message to the proper destination. If we can make this a standard flow, and have Cisco AON enforce certain templates, we could ensure that before the message even reaches the endpoint the application we have performed all of these functions without the application even knowing that they were done, said Tout. From a security perspective, it provides an additional layer of protection. We d be enforcing security much earlier in the network, in the DMZ before the firewall, way before the messages entered the enterprise and reached the applications. The other benefit of this approach, as mentioned previously, is that security is taken out of the hands of programmers. With Cisco AON, it becomes a security device in the network that cannot be circumvented. PHASE 3: B2B FOR VISIBILITY In the third phase, Cisco IT plans to create a B2B virtual gateway through which outside traffic will pass. Cisco AON devices will sit in front of B2B gateways and perform all Web services security and management functions safely in the DMZ: authenticating, encrypting, and decrypting messages and routing them to the proper back-end system for processing. In addition to much more stringent application-level security, this virtual gateway will provide Cisco management with full visibility into B2B transactions with customers. SERVICES OF CISCO AON Cisco intends to move the following application features into Cisco AON: Authentication Monitoring Versioning Transport and message-level encryption and digital signatures Failover Load balancing and distribution Logging Message and content-based routing Protocol translation Virtual gateway SLAs Contracts Billing BUSINESS VALUE Cisco AON s unique capabilities are bringing a range of business benefits to Cisco. By ensuring that certain application functions are handled in a consistent, standardized way across all hosted environments, Cisco will reduce the redundancies of programming effort in each environment. Instead, Cisco will use standard, uniform approaches. Also, as functions once handled on hardware appliances or within third-party software are integrated into Cisco AON, capital and operating costs will decrease because of lower integration costs. As discussed earlier, Cisco AON will enhance security because it cannot be circumvented; it operates within the network devices, which look at all packets crossing the wire. The final Page 3 of 6

advantage of Cisco AON is that it will provide management with greater visibility into transactions with customers and will also make it simpler and less costly for Cisco partners and suppliers to do business with Cisco. Figure 1. Cisco IT Today Cisco IT now maintains disparate hosted environments CCX (Cisco Connection external), Cisco.com, and B2B, and each requires dissimilar tools and processes to perform application message processing. Page 4 of 6

Figure 2. Cisco AON Unifies Message Processing Once Cisco AON is deployed, it provides a common set of utilities across all Cisco hosted environments. Cisco AON also provides more stringent security as all authentications and validations are done in the network in the DMZ. Cisco AON is an intelligent message routing system that makes customers existing infrastructures more: Safe Application-level security embedded in the network that is policy enforced and takes full advantage of network security Visible Automatic event capture everywhere, in real time Responsive Streamlined communication, autonomic sense and respond, and hardware acceleration Flexible Policy-oriented control, transparent to applications, highly scalable, open software development kit FOR MORE INFORMATION To find out more about the Cisco AON and Cisco networking solutions go to http://www.cisco.com/en/us/products/ps6692/products_sub_category_home.html, http://www.cisco.com/en/us/products/ps6438/prod_module_series_home.html and http://www.cisco.com/en/us/netsol/index.html. Page 5 of 6

Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback