A Cisco executive addresses optimization worries in a pitch for network-based application optimization and promises of QoS and security integration
Cisco wants to help by putting everything related to optimization into an intelligent network layer. Then, for example, network executives can deploy optimization services as blades and software add-ons in their existing Cisco gear. The router giant's network-based application-optimization strategy splits along the lines of two product families: Application-delivery networks focus on user-to-application communications (including performance, security and so forth), while the Application Oriented Networking initiative centers on application-to-application communications. George Kurian, general manager for Cisco's application delivery business unit, explains how it all fits together in an interview with Julie Bort, a Network World editor.
When it comes to application optimization, what makes Cisco different from a growing list of competitors?
We allow the customer to deploy WAN optimization while not disrupting any of the operating policies, such as for QoS or security, implemented in the network. Some other vendors require customers to migrate QoS policies onto their boxes from the routers. They require a tunnel-based architecture on top of the router network, which means customers have to manage two different domains -- the routing domain and the application-acceleration domain.
Cisco's approach leads to a single device, often used at a remote site, which does routing, security, WAN optimization and more. Are you recommending this "god box," otherwise known as the integrated services router, as the best possible architectural choice?
Cisco has shipped more than 2 million ISRs [Integrated Service Router] since their introduction in September 2004. This clearly validates customers' interest in service integration, device consolidation and a single point of vendor accountability, especially for a branch environment.
Does the ISR really integrate services, or are the services simply running side by side on a single power supply?
The services are really integrated, rather than just sharing physical power and cooling elements. Services are clearly aware of each other's operations and are able to pace each other and ensure that one does not disrupt the other. We also leverage services, such as load balancing and failover, on Cisco routers and switches that allow you to deploy WAN optimization out-of-path rather than inline with a single point of failure on a single appliance.
Cisco recently acquired Reactivity, which makes XML gateways. How will XML play in Cisco's network-optimization strategy?
We certainly see Reactivity's XML gateway technology being integrated on products such as our Application Control Engine [ACE], which is a service module in our Catalyst 6500 product for the data center.
How does the storage technology you recently acquired from NeoPath Networks fit into your overall network-optimization plans?
NeoPath continues our strategy to provide network-accelerated storage services. In the block-storage world, we've demonstrated through APIs built on our MDS Director-class switches that partners' products -- such as EMC's Invista -- can provide block virtualization of storage and network-accelerated storage services. NeoPath will offer equivalent API capabilities for partners, but in the file domain.
Where would encryption, which can be tricky to use with optimization, fit into Cisco's scheme?
If one were to use SSL encryption from the desktop, we believe that the right way to do key management is coresident with the servers in the enterprise's trusted data-center environment. Let's say you are on an SSL VPN connection coming into the data center. The initial handshake for SSL will happen with a Cisco ACE, which is a server-load-balancing, SSL-termination and offload device that sits in front of the data-center server farm. Cisco ACE will verify that the user has the appropriate access to [the] application. WAN-optimization engines, such as the Cisco WAAS [Wide Area Application Services] solution, in the future will need to participate in that trusted discussion so that customers can keep the SSL certificates exclusively in their SSL termination devices. When WAN-optimization devices are recognized as supplicants by SSL termination devices, via trusted protocol conversations, customers will no longer have to distribute certificates to all of these devices in the network. Also, all of their WAN-optimized data transfers for SSL traffic can happen seamlessly.
Competing WAN-optimization products -- I'm thinking of Packeteer appliances -- can be placed in various spots all over the network, including on the server itself. So why wouldn't an enterprise user want to do that?
Putting WAN-optimization software in individual servers does not give you the advantage of doing it once and sharing it across multiple servers and applications. That's the unique benefit the network offers.
Tell us your thoughts on WAN optimization.