IT organizations are challenged with conflicting requirements: to consolidate costly remote-office infrastructure and to maintain adequate service levels for remote-office users. Cisco® Wide Area Application Services (WAAS) provides the technologies necessary to consolidate infrastructure in the data center while also providing application acceleration and WAN optimization capabilities that achieve application delivery performance similar to that of a LAN. Any broad-scale IT consolidation project should result in a simplified, lower-cost infrastructure that is easier to manage and maintain. Through Cisco WAAS, Cisco provides a secure, scalable, and simple central management framework that allows IT organizations to easily manage a consolidated infrastructure that uses Cisco WAAS for application acceleration and WAN optimization. This document describes the features and benefits of the management components of Cisco WAAS.
About Cisco WAAS Management
A Cisco WAAS deployment consists of a set of Cisco Wide Area Application Engine (WAE) Appliances that work together to optimize TCP traffic and accelerate applications over the WAN. When client and server applications attempt to communicate with one another, the network intercepts these flows and redirects them to the local Cisco WAE devices to transparently accelerate and optimize flows between the client and server. The Cisco WAE devices examine the traffic and use predefined and configurable application policies to determine whether the traffic should be optimized, and if so, how to optimize it, or whether it should be passed through unoptimized. Each Cisco WAE device can be managed using the embedded command-line interface (CLI) (similar to the Cisco IOS® Software CLI), the device Web GUI, or the Cisco WAAS Central Manager GUI. The following sections discuss these management mechanisms.
Cisco WAAS Central Manager
Cisco WAAS is centrally managed by a scalable, secure, and simple function called the Cisco WAAS Central Manager that runs on Cisco WAE Appliances. The Cisco WAAS Central Manager can be configured for high availability by deploying a pair of Cisco WAE devices as central managers; configuration and monitoring data is automatically shared by the two central manager Cisco WAE devices. The Cisco WAAS Central Manager provides a centralized mechanism for configuring features, reporting, and monitoring. It can manage a topology containing thousands of Cisco WAE nodes. The Cisco WAAS Central Manager can be accessed from a Web browser, allowing management from essentially anywhere in the world. Access to the Cisco WAAS Central Manager is secured and encrypted with Secure Sockets Layer (SSL), and users can be authenticated through a local database or a third-party authentication service such as RADIUS, TACACS, or Microsoft Active Directory.
Within a Cisco WAAS topology, each Cisco WAE runs a process called central management system (CMS). The CMS process provides SSL-encrypted bidirectional configuration synchronization of the Cisco WAAS Central Manager and the Cisco WAE devices. The CMS process is also used to exchange reporting information and statistics at a configurable interval. When the administrator applies configuration or policy changes to a Cisco WAE device or a group of Cisco WAE devices (a device group), the Cisco WAAS Central Manager automatically propagates the changes to each of the managed Cisco WAE devices. Cisco WAE devices that are not available to receive the update will receive the update the next time they become available.
Cisco WAAS Central Manager User Interface
The Cisco WAAS Central Manager is used to centrally configure, manage, and monitor a topology of Cisco WAE devices. The Cisco WAAS Central Manager device mode can be configured on a Cisco WAE to provide scalable, secure, robust, centralized Web management for all Cisco WAE devices in the deployment. The Cisco WAAS Central Manager provides device-specific and systemwide configuration, monitoring, and reporting capabilities, including policy configuration and distribution within the Cisco WAAS deployment.
The Cisco WAAS Central Manager GUI allows administrators to easily perform the following tasks:
• Configure system and network settings for an individual Cisco WAAS device or device group
• Create, edit, and delete application policies that determine the actions (optimizations) that a Cisco WAAS device performs when it intercepts specific types of traffic
• Set up and distribute print drivers from the central repository to Cisco WAAS print servers
• Configure file services acceleration, including read-only disconnected access for Common Internet File System (CIFS) servers, file prepositioning, and file blocking policies
• Create device groups to allow concurrent management and configuration of large groups of Cisco WAE devices
• Configure role-based access control (RBAC) for management separation
• Manage and acknowledge system and device alarms
• View reports detailing the effectiveness of acceleration and optimization within a Cisco WAAS network
• Examine per-connection statistics on an individual Cisco WAE device, including connection details, applied optimization policy, and detailed reduction statistics
A successfully authenticated management user will see the Cisco WAAS Central Manager homepage, which provides such information as performance statistics, application traffic mix, deployment health, system-level alarms, notifications, and installed software versions, as shown in Figure 1.
Figure 1. Cisco WAAS Central Manager Homepage
The administrator can also configure, manage, and monitor single Cisco WAE devices within the topology from the device homepage, as shown in Figure 2. Administrators can view up to four different monitoring graphs on an hourly, daily, weekly, or monthly basis, choosing from the following list:
• Application Traffic Mix: Shows the breakdown of TCP application traffic handled by the Cisco WAE
• Request Hit Rate: Shows the percentage of CIFS requests served locally
• Cache Utilization: Shows utilization of the object cache capacity
• Connected CIFS Core Count: Shows the number of CIFS core devices connected to the CIFS edge device
• Connected CIFS Edge Count: Shows the number of CIFS edge devices connected to the CIFS core device
• Requests Count: Shows the throughput (requests per second) that the CIFS edge device handles locally in comparison to those handled remotely
• Cache Disk Capability: Shows the amount of disk capacity used by the object cache
• TCP Reduction: Shows the overall TCP traffic reduction performed by the Cisco WAE
• Cache Object Count: Shows the number of objects in the cache
• Optimized CIFS Session Count: Shows the number of CIFS accelerated sessions
• Open Files Count: Shows the number of open files
This capability provides an administrative high-level summary of the most important statistics.
Figure 2. Cisco WAAS Central Manager Device-Specific Statistics
Administrators can also obtain detailed information about real-time application traffic patterns, traffic reduction, compression ratios, bandwidth savings, and other statistics for a given time period (the last hour, day, week, or month or a custom date range).
Device-specific or systemwide statistics can be easily exported to the comma-separated value (CSV) file format for offline use. The Cisco WAAS Central Manager can also present real-time connection details that were previously available only from the device CLI, including optimization characteristics (type of optimization applied), reduction statistics, and traffic statistics.
Figure 3 shows a snapshot of real-time connections monitoring; for each active connection, the administrator can see details such as connection source and destination, applied optimization policy, and compression ratio.
Figure 4 shows the details for a specific connection; real-time compression, connection traffic detailed graphs, and detailed statistics are available for real-time analysis.
Figure 4. Cisco WAAS View of Selected Optimized Connection Details
The Cisco WAAS Central Manager also presents CIFS acceleration statistics and graphs, including information about CIFS message statistics, locally compared to remotely handled requests, file cache status, and open files.
Figure 5 shows four sample graphs that provide the administrator with CIFS acceleration statistics to help the administrator quantify the effectiveness of optimizations and the load on the system.
Simplified Topology Management Using Device Groups
The Cisco WAAS Central Manager allows the administrator to create device groups to simplify configuration of the Cisco WAE devices in a Cisco WAAS topology of any size. Policy and settings can be applied to an entire device group just as to an individual device, improving administrative efficiency. Although application policy can be managed by device, application accelerators should be assigned to one or more device groups. Configuration settings applied to a device group automatically propagate to all Cisco WAE devices assigned to the device group. After a device group is configured, the administrator can use the Cisco WAAS Central Manager to configure almost every aspect of the Cisco WAE devices that are members of that device group, including the following:
• Software version: Control the version of the software that is installed on a Cisco WAE or group of Cisco WAE devices.
• CIFS acceleration configuration: Configure CIFS acceleration parameters such as the device role (edge or core services).
• WAN optimization policy configuration: Define applications, classifiers, and policy maps.
• Print services configuration: Configure centrally managed local print services, including print driver distribution and management.
• Network interception configuration: Configure network interception mechanisms such as Web Cache Communication Protocol Version 2 (WCCPv2) and policy-based routing (PBR) and inline mode for the devices.
• Login authentication: Define and configure the user login authentication method (local database, Active Directory, etc.).
• Cisco WAE CLI users: Create accounts that can be used to access the Cisco WAAS CLI, Cisco WAAS Central Manager, and Cisco WAE Device Manager.
• Alerts and notifications: Configure e-mail and logging servers for remote notification.
Automatic Discovery
Cisco WAAS provides an automatic discovery feature for transparent integration, simplified deployment, and ease of management. Cisco WAAS automatic discovery allows automatic discovery of accelerators, mitigating the need for complex overlay networks and helping network infrastructure teams maximize their investment in network design. Without automatic discovery, an administrator would have to manually define optimization tunnels, defining a peer-to-peer relationship, which is not scalable in large scale environments.
With automatic discovery, as shown in Figure 6, accelerators first check whether a peer accelerator exists in the path of packet flow between the source and destination. If a pair of accelerators exists, an optimization policy is transparently negotiated and then applied to the application flow. If a peer accelerator does not exist, the application flow remains unoptimized and passes through without modification. By using automatic discovery, network infrastructure teams can deploy services to improve application performance over the WAN without having to implement complex overlay networks that require as much, or more, administration than the routed network.
Figure 6. Cisco WAAS Automatic Discovery
Role-Based Access Control
The Cisco WAAS Central Manager allows the central management system to be provisioned so that administrative groups have control over only the portions of the Cisco WAAS topology that they need. By using RBAC, a Cisco WAAS administrator can define administrative users, roles, and domains to specify the areas of the Cisco WAAS Central Manager that users can view and control. User accounts and credentials can be either stored locally on each Cisco WAE or authenticated using a third-party authentication service such as TACACS, RADIUS, or Microsoft Active Directory.
Figure 7 shows that roles can be defined to provide very granular control over the pages of the Cisco WAAS Central Manager for which a user assigned to the role has read and write privileges.
Figure 7. Cisco WAAS Central Manager Role Definition Allows Granular Control of Administrative Access
Domains can be configured to specify the devices or device groups for which a user assigned to the domain has privileges to perform operations. For example, a Cisco WAAS Central Manager administrator can assign a user to a role and a domain that allow the user to create and modify application policies on a specific group of devices but do not allow the user to make any other changes to the system.
Figure 8 shows the assignment of a user to a management domain; here, the specific user is assigned to manage a group of devices based on geographical location of the devices.
Figure 8. Cisco WAAS Central Manager Management: Assigning a User to a Management Domain
Cisco WAAS Central Manager and High-Avalability Configurations
The Cisco WAAS Central Manager is designed for enterprise scalability, and it can be deployed in highly available and redundant configurations. It can be configured in high-availability mode, with one Cisco WAE acting as the primary Cisco WAAS Central Manager and the other acting as a backup Cisco WAAS Central Manager. In this mode, the Cisco WAE serving as the backup Cisco WAAS Central Manager automatically receives configuration changes and monitoring data from the primary Cisco WAAS Central Manager, just like any other Cisco WAE in the Cisco WAAS topology. If the primary Cisco WAAS Central Manager fails, the Cisco WAE devices in the topology automatically redirect themselves to the secondary Cisco WAAS Central Manager. The monitoring data collected on the primary Cisco WAAS Central Manager will be available on the secondary Cisco WAAS Central Manager device.
Centralized Software Upgrades Using Cisco WAAS Central Manager
Every Cisco WAE within the Cisco WAAS topology should be configured to use the same version of software. Many functions are available to control the installed software version on a Cisco WAE, including the software installation and management system included
in the Cisco WAAS Central Manager. The Cisco WAAS Central Manager enables centralized software management across an entire network of Cisco WAE devices. Using the Cisco WAAS Central Manager, an administrator can define up to 10 individual software versions, which can be selectively and individually assigned to a Cisco WAE or to a device group containing multiple Cisco WAE devices, as shown in Figure 9. After a software version has been defined, it can be distributed to a group of Cisco WAE devices and either installed automatically or installed manually at a later reboot.
Figure 9. Cisco WAAS Central Manager Provides Centralized Software Update Services for Cisco WAE
Cisco WAAS CLI
The Cisco WAAS CLI, which is similar to the Cisco IOS Software CLI, allows administrators to configure, manage, and monitor
Cisco WAE devices, by device, through a console connection or a terminal emulation program. However, the Cisco WAAS GUI is the primary tool for configuring, managing, and monitoring Cisco WAE devices. Wherever possible, the Cisco WAAS Central Manager GUI should be used instead of the CLI.
Figure 10 shows the CLI, which gives the administrator a fine-grained view into optimization flows and statistics, including bandwidth savings on a single-flow basis.
Figure 10. Cisco WAAS CLI
System Logging and Notification
Cisco WAE devices support remote notification capabilities, including Simple Network Management Protocol (SNMP), SMTP notifications, and system logging (syslog) notifications. Cisco WAE devices can be configured to use up to four syslog servers.
SNMP Management
Cisco WAAS supports SNMP Versions 1, 2c, and 3. Cisco WAAS can send informational alerts or alarms to any SNMP-compliant manager, including the most commonly used managers such as HP OpenView and IBM Tivoli NetView. Cisco WAAS supports several MIBs that allow administrators to monitor and troubleshoot nearly every aspect of the Cisco WAAS topology.
Cisco WAAS exports parameters for monitoring the state and performance of the deployment to both private and standard MIBs. The private MIBs (ACTONA-ACTASTOR-MIB and CISCO-CONTENT-ENGINE-MIB) provide information specific to Cisco WAAS, such as CIFS application acceleration liveliness and statistics, as well as platform-level statistics and information about events.
The standard MIBs are used to obtain general liveliness and platform information and include the following:
• MIB-2 General Network Statistics (RFCs 1213 and 1157): Contains essential parameters for the basic management of TCP/IP-based networks
• Host Resources (RFC 1514): Contains a uniform set of objects useful for managing host computers
• EVENT-MIB (RFC 2981): Provides the capability to monitor MIB objects on the local system or on a remote system and take simple action when a trigger condition is met ENTITY-MIB (RFC 2037)
• SNMPv3 MIBs (RFCs 2571 through 2576)
Summary
IT organizations considering infrastructure consolidation and application acceleration solutions should explore solutions that provide secure, scalable, and simplified central management. The goal of such solutions should not be solely cost reduction and performance improvement, but also simplification of the overall application delivery management process. Cisco WAAS provides such a framework through a secure, scalable, and simplified central management system that allows IT organizations to easily manage a consolidated infrastructure.
