Application Intelligence and Integrated Security Using Cisco Catalyst 6500 Supervisor Engine 32 PISA

Similar documents
Network-Based Application Recognition

Voice, Video and Data Convergence:

Deployment Scenarios

Enterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.

Seven Criteria for a Sound Investment in WAN Optimization

Elevate the Branch-Office Experience with an Application-Centric Platform

Cisco ISR G2 Management Overview

Cisco SCE 2020 Service Control Engine

Cisco ASA 5500 Series IPS Edition for the Enterprise

CASE STUDY GLOBAL CONSUMER GOODS MANUFACTURER ACHIEVES SIGNIFICANT SAVINGS AND FLEXIBILITY THE CUSTOMER THE CHALLENGE

Cisco 5921 Embedded Services Router

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

WAN Application Infrastructure Fueling Storage Networks

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

How can we gain the insights and control we need to optimize the performance of applications running on our network?

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

THE CUSTOMER SITUATION. The Customer Background

New Cisco 2800 And 3800 Series Integrated Services Router Wan Optimization Bundles

Technology Overview. Overview CHAPTER

Dynamic WAN Selection

Cisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions

Cisco Wide Area Application Services and Cisco Nexus Family Switches: Enable the Intelligent Data Center

Truffle Broadband Bonding Network Appliance

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Chapter 1: Enterprise Campus Architecture. Course v6 Chapter # , Cisco Systems, Inc. All rights reserved. Cisco Public

Provisioning: Working with Pre-Configuration

Firewalls for Secure Unified Communications

Features. HDX WAN optimization. QoS

Juniper Networks M-series and J-series Routers. M10i. Solution Brochure J4350. Internet. Regional Office/ Medium Central Site. Branch Office J2320

Campus Network Design

Provisioning: Configuring QoS for IP Telephony

Cisco ONS Port 10/100 Ethernet Module

PeerApp Case Study. November University of California, Santa Barbara, Boosts Internet Video Quality and Reduces Bandwidth Costs

Introducing CloudGenix Clarity

Cisco Start. IT solutions designed to propel your business

Network Capacity Expansion System

Cisco IOS Inline Intrusion Prevention System (IPS)

Optimize and Accelerate Your Mission- Critical Applications across the WAN

The Modern Manufacturer s Guide to. Industrial Wireless Cisco and/or its affiliates. All rights reserved.

NETWORK THREATS DEMAN

Cisco 5921 Embedded Services Router

Introduction. Trusted by Thousands of Customers Worldwide. Recognized for Innovation

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

CHAPTER. Introduction. Last revised on: February 13, 2008

Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

Juniper Networks M Series and J Series Routers

BUILDING A NEXT-GENERATION FIREWALL

Cisco Cisco Sales Expert. Practice Test. Version

Q&As. Advanced Borderless Network Architecture Sales Exam. Pass Cisco Exam with 100% Guarantee

Juniper Sky Enterprise

Cisco Intelligent WAN with Akamai Connect

Cisco APIC Enterprise Module Simplifies Network Operations

Citrix CloudBridge Product Overview

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Q. What technologies does Cisco WAAS Express use to optimize traffic? A. Cisco WAAS Express optimizes WAN bandwidth using these technologies:

MASERGY S MANAGED SD-WAN

Unified Access Network Design and Considerations

Cisco Self Defending Network

Lossless 10 Gigabit Ethernet: The Unifying Infrastructure for SAN and LAN Consolidation

NETLOGIC TRAINING CENTER

Security for SIP-based VoIP Communications Solutions

Selling the Total Converged Solution Module #1: Nortel Enterprise Networking Overview of the 4 Pillars and Why Nortel Tom Price Nortel HQ Sales

Activating Intrusion Prevention Service

CISCO EXAM QUESTIONS & ANSWERS

Implementing Cisco Quality of Service 2.5 (QOS)

Cloud Intelligent Network

Benefits of SD-WAN to the Distributed Enterprise

Exam: : VPN/Security. Ver :

Technical Document. What You Need to Know About Ethernet Audio

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Unified Communications from West

Cisco ASR 1000 Series Ethernet Line Cards

It s Time for WAN Optimization to Evolve to Meet the Needs of File Collaboration

Cisco Digital Media System: Simply Compelling Communications

Managing Network Bandwidth to Maximize Performance

CISCO EXAM QUESTIONS & ANSWERS

Cisco ASR 1000 Series Ethernet Line Cards

WHITE PAPER. Atlona OmniStream: Truly Converged, Networked AV

Configuring Application Visibility and Control

Not all SD-WANs are Created Equal: Performance Matters

Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances

NetVanta Business Networking Solutions

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Networking for a smarter data center: Getting it right

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

White paper. Keys to Oracle application acceleration: advances in delivery systems.

Traffic Engineering 2: Layer 2 Prioritisation - CoS (Class of Service)

The Cisco WebEx Node for the Cisco ASR 1000 Series Delivers the Best Aspects of On-Premises and On-Demand Web Conferencing

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

The Economic Benefits of a Cooperative Control Wireless LAN Architecture

Making Enterprise Branches Agile and Efficient with Software-defined WAN (SD-WAN)

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

What is SD-WAN? Presented by:

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Cisco ASA 5500 Series IPS Solution

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

Intelligent Networking: Deliver an Optimal Experience at Lower Costs

Transcription:

Application Intelligence and Integrated Security Using Cisco Catalyst 6500 Supervisor Engine 32 PISA Overview The Cisco Catalyst 6500 Series Supervisor Engine 32 Programmable Intelligent Services Accelerator (PISA) is the next generation supervisor engine for the Cisco Catalyst 6500 Series of modular switches, delivering industry-leading deep packet inspection, application awareness, security, availability, and manageability services for the networks of small and medium-sized businesses, enterprises, and service providers. This whitepaper outlines the benefits of implementing Application Intelligence and Integrated Security using Supervisor Engine 32 PISA and highlights the steps required to implement this solution. Over the past five years, the proliferation of peer-to-peer (P2P) and instant messaging traffic has had a profound effect on networks and is continuously increasing bandwidth requirements. The resulting effect on operations is significant. This traffic not only compromises the experience of the majority of the users, but affects the quality of new services as well, especially services that are sensitive to the effects of latency, congestion, and jitter voice and video. This traffic, along with other noncritical applications, can overwhelm the network and jeopardize delivery of critical application traffic. Clearly, an innovative solution for controlling traffic is required one that is capable of deep packet inspection to identify such applications and take appropriate action to help ensure application fluency. Additionally, malicious attacks against networking environments are increasing in frequency and sophistication. To counter these attacks, functionality is needed that is flexible in terms of both classification and mitigation capabilities. Many of the tools available today were not designed with deep packet inspection as a requirement; instead, they were designed to provide matching for predefined fields in well-known protocol headers. If an attack uses a field outside the limited range of inspection of these features, one is left without a defense against the attack. By integrating Supervisor Engine 32 PISA into the network infrastructure, enterprises and service providers can unobtrusively control P2P and instant messaging traffic and protect their network against increasingly sophisticated malicious attacks. Secure Application Intelligence and Integrated Security: PISA Advantage Application Intelligence and Integrated Security is delivered using the Cisco Catalyst 6500 Supervisor Engine 32 PISA platform, which provides deep packet inspection and services acceleration at multigigabit speeds. This platform enables enterprises and service providers to identify and control application traffic, apply quality-of-service (QoS) parameters to differing application traffic streams, and provide protection against malicious attacks. The platform is based on an adaptable, programmable architecture that allows the solution to grow with the dynamic needs of the enterprise or service provider. As new techniques for network intrusion or application compromise are created, the programmable nature of the Cisco Catalyst 6500 Supervisor Engine 32 platform helps ensure that the network administrator has the ability to quickly react to the changing environment. The enterprise s or service provider s investment is always protected. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6

Solution Components Application Intelligence and Integrated Security solution on the Cisco Catalyst 6500 Supervisor Engine 32 PISA could include some or all of the following components: The Cisco Catalyst 6500 Supervisor Engine 32 PISA, available in eight Gigabit Ethernet uplink or two 10 Gigabit Ethernet uplink options along with the associated set of Cisco Catalyst 6500 Ethernet and WAN interfaces Cisco IOS Software Release 12.2(18)ZY based Internet operating system for Cisco Catalyst 6500 Supervisor Engine 32 PISA supporting Network-Based Application Recognition (NBAR) and Flexible Packet Matching (FPM) services Firewall Services Module (FWSM), Intrusion Detection Services Module (IDMS2), IPsec shared port adapter SPA for comprehensive security QoS Policy Manager (QPM) for provisioning and monitoring NBAR Flexible configuration option in the Cisco Security Manager (CSM) to push configuration files containing FPM policies to Supervisor Engine 32 PISA based switches Integration services, performed by either the Cisco Advanced Services team or a systems integration partner Solution Deployment Scenarios The solution can be deployed at the campus access, allowing customers to move security and classification to the edge of the network (Figure 1). Figure 1. Supervisor Engine 32 PISA Deployment Example in LAN Access Alternatively, the solution can be deployed at the Enterprise WAN aggregation utilizing the comprehensive support of services modules and WAN interfaces on the Cisco Catalyst 6500 platform (Figure 2). Figure 2. Supervisor Engine 32 PISA Deployment Example in WAN Aggregation All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 6

Solution Management The solution comes with support for graphical user interface (GUI) based QoS Policy Manager (QPM), which centralizes and automates NBAR policy management. Moreover, QPM dramatically increases the speed and accuracy of defining, validating, configuring, and deploying NBAR policies. In addition, flexible Configuration option in the Cisco Security Manager (CSM) allows network administrators to push down configuration files containing FPM policies to multiples switches. (See Figure 3.) Figure 3. Supervisor Engine 32 PISA Management Model Benefits and Applications Help Ensure Performance for Mission-Critical Applications All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 6

Mission-critical applications, such as Oracle, Citrix, Microsoft Exchange, or the new breed of Webbased applications, must perform well to help ensure your success in today s fast-paced e- business environment. Bottlenecks can occur in many places, including the network. These bottlenecks often occur even though you have budgeted what you thought was more than adequate bandwidth for each application. What often happens is that employees use new Internet applications, such as streaming audio and video or downloading of new programs. These applications can quickly consume your WAN bandwidth. Unfortunately, these are not typically the mission-critical applications to which you want to give network priority. By intelligently classifying applications, Cisco Catalyst 6500 Supervisor Engine 32 PISA allows the network to provide differentiated services to each application. You can provide absolute priority and a guaranteed amount of bandwidth to your mission-critical applications, such as Citrix or an application that runs on a particular Webpage. At the same time, you can limit the bandwidth consumed by less critical applications. The end result is that users can access their missioncritical applications with minimal delay without the need to upgrade costly WAN links or cut off access to commonly used, but not mission-critical, applications. Provide Rapid Protection against Malicious Attacks Malicious attacks against networks are increasing in frequency and sophistication. To counter these attacks, tools are needed that are as flexible as possible and that can provide packet inspection capabilities at different levels. Many of the tools available today do not allow deep packet inspection. These tools are constrained to specific fields in well-known protocol headers. If an attack uses a field outside the limited range of inspection provided by these tools, it is difficult to classify and defend against the attack. Cisco Catalyst 6500 Supervisor Engine 32 PISA provides network and security administrators with powerful tools to filter traffic as it enters the network and to immediately drop questionable items and/or keep a log for auditing purposes. Cisco Catalyst 6500 Supervisor Engine 32 PISA allows network and security administrators to specify custom patterns on which to match, deep within the packet header or payload. The functionality introduces the concept of protocol header definition files (PHDFs), which give names to offset locations within a packet, thereby enhancing usability and flexibility. Ready-made definitions for standard protocols are included using PHDF, making it easy to deploy immediately at run time. High-level custom scripting for PHDFs is supported by standard Extensible Markup Language (XML) editors. Improve Web Response The Web is now a critical business resource in many enterprises, for both internal and external communications. Employees, partners, and customers must have access to the Webpages they need without such problems as slow downloads or Web-based application failure. Cisco Catalyst 6500 Supervisor Engine 32 PISA allows you to identify the Webpages and type of Web content that you deem critical. For example: Customers accessing the sales ordering page would be given priority. This prevents the customer from getting frustrated at the point of sale. Sales tools can be given absolute priority and guaranteed bandwidth, helping ensure that your sales force is never forced to wait for a price quote because another employee is browsing the latest version of the firm s new television commercial on streaming video. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 6

Web-based applications often load slowly. With Cisco Catalyst 6500 Supervisor Engine 32 PISA, applications can be identified by MIME type and be given priority in the network. Some classes of content, such as JPEG pictures, consume large amounts of bandwidth, but might not be considered critical Web-based information. In such cases, you can control the amount of bandwidth consumed by such types of content. Improve Multiservice Performance Multiservice networks allow you to combine your data, voice, and video requirements into one unified network. Unfortunately, each of these services requires different network characteristics. Supervisor Engine 32 PISA is able to intelligently identify the type of each packet and provide the proper network characteristics. For example, if you deploy a training system that utilizes streaming video, such as the Cisco IP/TV solution, you will want to try to ensure that employees see a clean picture, not one that is choppy and hard to understand. With Cisco Catalyst 6500 Supervisor Engine 32 PISA, the network can easily recognize the streaming video traffic and assign it to a higher priority class of traffic that receives a minimum guaranteed bandwidth. Other traffic, such as e-mail, can be assigned to a lower priority class, because e-mail must be delivered, but it does not have the latency and bandwidth constraints of the streaming video. The end results are that trainees receive their video training on demand with high quality while the network concurrently serves other applications. Reduce WAN Expenses The cost of WAN bandwidth has decreased significantly over the last decade, especially in deregulated markets. However, in many parts of the world, and especially between countries, telecommunications links can still be prohibitively expensive. This leads to a dilemma for the network manager: you need to provide access to new client-server and Internet-enabled applications, while also controlling WAN service costs. Cisco Catalyst 6500 Supervisor Engine 32 PISA provides a solution to this problem by enabling you to intelligently utilize WAN bandwidth so that you can provide acceptable service levels with the minimum possible bandwidth. Cisco Catalyst 6500 Supervisor Engine 32 PISA will identify your mission-critical applications so that you can assign them higher priority or guaranteed bandwidth on the link. This helps ensure that the noncritical applications do not overwhelm these slower international links and bring your mission-critical traffic to a halt. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6

Printed in USA C22-384941-00 04/07 All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback