Today, the campus network needs to target not only availability and reliability, but services, too, as business-critical network applications become increasingly interactive and traffic patterns become less predictable. In adapting to these new demands and aligning the network with business priorities, IT managers must make sure the campus network delivers business value on two fronts: user experience and operational excellence. The Cisco® Campus Communications Fabric, a framework to enable the interactive campus and address the IT gaps that businesses experience, can help companies meet those objectives. Through six primary attributes-application intelligence, unified network services, integrated security, virtualization, non-stop communications, and operational manageability-the Cisco Campus Communications Fabric presents an architecture in which products and features work together to provide highly consistent services and policies, anywhere, anytime, and irrespective of connection type.
The Changing Face of Business: New Challenges in the Campus Network
Today's business requires a very different level of network sophistication than what was acceptable only a few years ago. Business networks in this new era must support constant and immediate interaction, which has become a priority for employee productivity. As applications evolve from centralized to interactive, these networks must support multidirectional traffic. This shift calls for a real-time network infrastructure and a reshaping of the network to become a strategic business platform.
New Business Challenge: From Transaction to Interaction
In the late 1990s, as the business world first moved to digital, same-day transactions using voicemail, e-mail, and the Web, networks relied on a centralized, server-based model of data applications in which delays were acceptable to exchange static documents posted in static repositories that were accessible by wired networked devices. A wave of changes to this transaction-oriented business landscape is now adding real-time interaction to the standard definition of "business as usual," with instant messaging, desktop videoconferencing, and presence-based collaboration applications. Communication vehicles that once used separate, dedicated networks, such as video surveillance, time-division multiplexing (TDM) private branch exchanges (PBXs), and meeting-room videoconferencing systems, are now converging onto single IP campus networks, all adding to the highly interactive nature of the new business network.
New Business Focus: The End User
In parallel with the shift from reactive business processes to interactive business flow comes a new business focus: the end user. Applications, information, and network security are all moving rapidly to address end-user needs and interests, fueling the demand for a network infrastructure to support these changing traffic patterns.
Network-enabled applications have become increasingly personal and continue to become more so. And while the end user might be an employee, partner, customer, or someone else, the user experience on the network has become the critical determinant of success or failure of technology systems.
Changes to Business Styles Demand Changes to Network Capabilities
As real-time applications increasingly become their business lifeline, corporate users need uninterrupted network access and fast response from applications. These users are also increasingly mobile and subject to catching viruses and other malware at home, hotspots, or third-party sites, and these viruses and malware present threats to the campus network. Furthermore, the new interactive applications generate a multidirectional traffic pattern that challenges older campus networks built for predictable and hierarchical client-server applications. Whereas business applications are primarily about people-to-machine transactions, collaboration applications are about people-to-people interactions and use the network's intelligence and pervasiveness to create a truly interactive environment. As corollaries to these new developments in the corporate landscape, several other changes are taking place:
• One global time zone: Interactive, collaborative workers are unimpeded by conventional time zones.
• Working moments: Work is being redefined as what an employee does, rather than where an employee is.
• Collective decision making: Businesses must use all available knowledge and information to make the best decisions; the process is decentralizing.
• Mobility and uniformity of experience: Mobile employees go between high and low bandwidth and from wired to wireless; still, they require uniform, rich interaction.
• Valuing quality of experience: Rich media delivers intimacy and subtlety that can only be communicated by the human voice, facial expressions, and body language, challenging businesses to justify the investment in rich media.
• Collaborative communities: Work is mostly organized around functional communities with varying life spans.
• Compliant, secure, and "green": Businesses must think and act globally in the 21st century, complying with new regulations, defending against threats, and adhering to emerging standards of social responsibility.
• Optimal resource use: All businesses face resource shortages: financial, information, staff, facilities, distribution, and natural resources-or all of the above-and optimizing these resources is a priority.
• Users and employees are changing: Companies must use new methods to recruit and retain top talent among the New Millennial generation.
Evolving and Aligning the Network with the Business
The network is central to all these different types of interactions. The network is the platform for the new interaction economy. Within the network itself, Cisco network systems-routers, switches, Cisco IOS® Software, integrated services, and management systems-play a lead role in helping ensure that these interactions are always positive and productive. In addition to having the right equipment in place, companies need to align their networks with their business objectives to help ensure that their campus networks will support business needs today and through years to come.
New Network Requirements
In the alignment of the network with business objectives, the campus network needs to target not only speed, but services, too. The network must deliver business value in two areas:
• User experience: By delivering the best possible experience to the end user
• Operational excellence: By delivering business improvements while limiting business risks
Typifying the new breed of collaborative applications that are changing the level of demands placed on networks is Microsoft Office Groove 2007, a user-to-user application that automates change management for shared workspaces. Office Groove is a truly networked application, with no central controlling server managing the change process. Office Groove has the following standard characteristics:
• Teams of functional communities come and go as necessary.
• Any changes must proliferate immediately.
• Changes may occur often and at any time.
• End users may participate on multiple teams.
• Working exchanges must be kept confidential to the team.
This kind of unpredictable, free-flowing, user-to-user application traffic could easily create problems in a campus network designed around limited bandwidth and security, and with resource and traffic control functions at the edge. For such an application to work successfully and enhance user productivity, all segments in the campus network must understand what applications need and deserve high priority. Furthermore, they must adapt to shifting traffic patterns and demands, secure all points of entry and traffic flows, and help ensure authorized network access at any time, from anywhere.
According to industry analyst Nick Lippis, "Applications such as Microsoft's Vista OS and Office Groove 2007 with their peer-to-peer developer links will wreak havoc on networks designed for client/server flows. Readers note, all campus networks were designed for client/server flows. Peer-to-peer networking allows Microsoft to short circuit Linux by minimizing data centers' client/server flows with new computer-to-computer traffic. But it's not just Microsoft who is leading the change away from client-server; Google is, too, as are services like BitTorrent, eDonkey/eMule, YouTube, Skype and many others."1
One immediate reality that IT managers must address as they work toward this business-network alignment is that traditional high availability is no longer sufficient for the global enterprise. With the continuingly increasing use of collaboration and real-time communications applications such as voice over IP (VoIP), the network must support an uncompromisingly high-quality user experience. Advanced network- and device-level resiliency must also be complemented with advanced quality-of-service (QoS) and integrated security systems to provide for the service-level agreements (SLAs) required by these new applications and business needs. Security demands are increasing as the new distributed and dynamic application environment is bypassing traditional security chokepoints. To protect investments and embrace new technologies as they come online, networks must be adaptable to change without requiring forklift upgrade. The network must meets users' expectations for access anytime and anywhere, over any device type (for example, wireless, cell phone, personal digital assistant [PDA], and so on). And the arrival of next-generation applications (such as high-definition video or embedded rich media in documents) is promoting requirements for ever-higher capacity.
CIO Magazine conducted an IT strategy survey in 2006 to determine the top priorities of CIOs. The 545 executives who responded identified the following 10 objectives as their top priorities:
1. Aligning IT and business goals
2. Helping ensure business continuity and risk management
3. Controlling IT costs
4. Using IT to enable process improvement
5. Improving internal user satisfaction
6. Improving staff and leadership development and developing business skills within IT
7. Improving project management discipline
8. Helping ensure privacy of customer and employee data
9. Enabling or enhancing knowledge management and using intellectual assets
10. Helping ensure regulatory compliance
The efficiency and effectiveness of a company's network can have a profound effect on the organization's ability to address these priorities. Ultimately, all these factors point toward the need for IT staff to align their networks with their businesses. Today's interactive campus applications require the Cisco® Campus Communications Fabric.
Cisco Campus Communications Fabric
Building on the Cisco Service-Oriented Network Architecture (SONA) to serve the real-time business environment, the Cisco Campus Communications Fabric is the network services framework to enable the interactive campus and address the IT gaps that businesses experience.
IT can be viewed as two distinct layers: an application layer and a networked infrastructure layer. When application developers treat the network as a virtually unlimited resource, this approach results in a misalignment between the two IT layers, a shortfall known as the application integration gap. This gap leads to improper operation of real-time interaction and collaboration, with effects on employee productivity as well as noticeable and unsatisfying results for users. And when IT departments build their network infrastructure in real-time responses to short-term priorities and immediate needs, inefficiencies in distributing IT infrastructure and staff create a resource allocation gap.
As an integral part of SONA's networked infrastructure layer, the network services addressed by the Cisco Campus Communications Fabric help to minimize both the application integration and resource allocation gaps. Built on the proven Cisco hierarchical campus architecture, the framework of the Cisco Campus Communications Fabric enables all business applications and interactions by offering advanced services defined by six primary attributes.
Three of these attributes address the application integration gap:
• Application intelligence and performance
• Unified network services for convergence and mobility
• Integrated security for network access, resources, and content
The other three address the resource allocation gap:
• Nonstop communications with comprehensive resilience
• Operational manageability and cost control
• Virtualization for adaptive networking and optimal resource utilization
The Cisco Campus Communications Fabric demonstrates how products and features work together to form a fabric of consistent services and policies anywhere, anytime, no matter how a user connects to the campus network. The Cisco Campus Communications Fabric guides IT managers through complex considerations while expanding or planning networks; it emphasizes the characteristics of a resilient services network design to make the campus network hospitable for multimedia and real-time applications. (See Figure 1.)
Figure 1. Six Primary Cisco Campus Communications Fabric Attributes
Application Intelligence and Performance
Networked applications are converging around a few IP-based standards, such as the Session Initiation Protocol (SIP), HTML, and Extensible Markup Language (XML). To effectively prioritize business-critical applications over more casual ones, campus networks need to deliver the required performance and be fluent in the language of the applications. Meeting these standards gives networks increased proficiency for networked applications in general and, more specifically, enables new interactive multimedia applications.
Cisco has provided application intelligence on switches for several years. For example, the software on Cisco Catalyst® switches automatically places delay-sensitive VoIP traffic in a voice VLAN and assigns it an appropriate QoS to help ensure that voice calls come through clearly. Today, the broad choice of Cisco Catalyst switches with Gigabit Ethernet and 10 Gigabit Ethernet speeds offers the high performance and low latency that applications demand, and the new Cisco Catalyst 6500 Supervisor Engine 32 Programmable Intelligent Services Accelerator (PISA) for the Cisco Catalyst 6500 Series offers application intelligence in the campus. The Cisco Network Application Performance Analysis (NAPA) software solution provides valuable information about the performance of the network and the applications running on it. Cisco NAPA helps with predictive planning and optimization as businesses deploy new applications and network services.
A variety of other hardware and software features are supported on Cisco Catalyst 6500 Series Switches for application intelligence in campus networks. These features address application-level visibility and control and include:
• Stateful application intelligence
• Protocol discovery using application signatures
• Full packet, stateful inspection to identify traffic
• Intelligent QoS control provided to applications on the network
In these ways Cisco Campus Communications Fabric enables multimedia communications and human collaboration. (See Figure 2.)
Figure 2. Hardware-Based Stateful Application Intelligence Provides Application-Level Packet Inspection at the Campus Edge
Unified Network Services for Convergence and Mobility
In today's highly interactive business climate, network users must be able to access and use any application, regardless of the user's location (on or off campus) or the access device (PDA, laptop, mobile phone, and so on). The unified Cisco network services approach combines the best of wireless and wired networking to deliver secure, scalable campus access with a low total cost of ownership. With products such as the Wireless Services module into the Cisco Catalyst 6500 Series Switches, Cisco can provide all of its services transparently to any client and simplify the integration of wireless into the wired network.
Cisco Catalyst switches are prime contributors to unified network services. As new applications demand more performance and network capacity, Cisco Catalyst wiring closet switches offer a smooth migration from Gigabit Ethernet to 10 Gigabit Ethernet uplinks with various options that fit existing networks. An increasing number of devices now take advantage of Power over Ethernet (PoE), and Cisco Catalyst switches make provisioning PoE wiring closets easier than ever. Cisco provides a wide range of industry-leading, full PoE density for both modular and stackable form factors. And Cisco Catalyst compact switches offer a large enterprise feature set outside of the wiring closet, in the meeting room or classroom.
Today's wired and wireless unification occurs in the campus with the integration of wireless LAN control capabilities into Cisco Catalyst switches. With the emergence of new wireless and unified communications services, such as voice over wireless data network, or ID and location services, unified network services become increasingly important. Unifying wired and wireless provides high security, mobility, redundancy, and ease of use for business-critical wireless LANs. Through unified network services, the Cisco Campus Communications Fabric improves productivity and accelerates innovation.
Integrated Security for Network Access, Resources, and Content
Many new interactive applications run in a serverless or server-assisted model in which the application traffic does not transit through the data center. The network is the first line of defense; it must provide scalable, distributed security tools and features required to protect and secure new traffic flow patterns. Enforcing security at the first point of network entry helps prevent malware from spreading internally behind firewalls and intrusion detection systems. For this reason, Cisco Catalyst switches provide integrated security capabilities and participate in the Cisco Network Admission Control (NAC) framework. Likewise, Cisco PISA for the Cisco Catalyst 6500 Series offers unique and flexible packet-matching capabilities to identify day-zero worm attacks and help ensure application security in the campus.
Cisco Catalyst switches include features that stop "man-in-the-middle" attacks, which typically involve several steps, such as accessing the port, sending out bogus Dynamic Host Configuration Protocol (DHCP) information and gratuitous Address Resolution Protocol (ARP) requests, or hijacking another DHCP-served IP address. To thwart these attacks, Cisco Catalyst switches use a combination of DHCP snooping and port security, dynamic ARP inspection, and IP source guard features. Used in combination, these features create a safe and private environment within the network and shelter it from data theft.
The Cisco Campus Communications Fabric architecture encompasses other important security features, too, such as integrated intrusion prevention systems (IPSs), firewalls, and Cisco NAC services. Security features in the Cisco Campus Communications Fabric also help ensure compliance by protecting corporate and customer assets.
Nonstop Communications with Comprehensive Resilience
Business demands maximum uptime for campus network services. At any moment, campus networks must provide uninterrupted access to applications, data, and content from anywhere. Major sources of downtime range from human error, such as incorrect design or misconfigurations; planned software and hardware upgrades; and unplanned hardware or software faults. Beyond hardware redundancy and basic failover mechanisms, addressing downtime requires comprehensive resilience solutions at both the network and systems levels. These solutions must address the following points:
• Prevent faults from occurring
• Provide transparent recovery if a fault does occur
• Help ensure minimal time to resolution if the fault cannot be resolved transparently
Cisco provides a suite of resilience measures that includes Nonstop Forwarding (NSF) for fast Layer 3 failover, Stateful Switchover (SSO) for subsecond redundant processor failover, In-Service Software Upgrade (ISSU) to reduce planned maintenance downtime, Generic Online Diagnostics (GOLD) for proactive, nondisruptive troubleshooting, and Cisco IOS Software Modularity to enable Cisco IOS Software subsystems to run in independent, self-healing processes. Complementing its networking features and technologies, Cisco offers a catalog of network management solutions, tested and proven Solutions Reference Network Design (SRND) guides, and Cisco services granting access to its Technical Assistance Center (TAC). In these ways, Cisco Campus Communications Fabric keeps business moving in real time, all the time.
Operational Manageability and Cost Control
Acquisition and deployment are only the first steps in the life of the campus network. The majority of the cost is in operating this network. Integrated functions and management tools in Cisco Catalyst switches help automate, simplify, and integrate the network to reduce operational expenditures (OpEx) and improve IT productivity.
One of the automation features in Cisco Catalyst switches is Embedded Event Manager (EEM), a scriptable manager that allows automated response to events detected within the system. Other features on these switches address diagnostic and data collection functions and include GOLD for troubleshooting, Encapsulated Remote Switched Port Analyzer (ERSPAN) for remote traffic mirroring, Time Domain Reflectometry (TDR) for cable fault location, and NetFlow for traffic monitoring.
For network management, the Cisco NAPA solution uses the intelligence inherent in the Cisco network to provide a broad view of both network and application performance. The integrated toolset converts raw network data into information that network administrators can act on.
Another powerful network management tool is CiscoWorks LAN Management Solution (LMS), a suite that simplifies the configuration, administration, monitoring, and troubleshooting of Cisco networks. Its capabilities can improve the accuracy and efficiency of operations staff, increase the availability of networks through proactive planning, and increase network security. Its rich data environment allows the automation of device manageability tasks, visibility into the network's health and capability, and identification and localization of network trouble.
Cisco Network Assistant, available free of charge, offers centralized network management and configuration capabilities for campuses of up to 40 network nodes. Cisco Network Assistant provides an interface in seven languages and uses Cisco Smartports technology to simplify deployment and maintenance. In all these ways, the Cisco Campus Communications Fabric contributes to operational excellence.
Virtualization for Adaptive Networking and Optimal Resource Utilization
As demands on campus networks grow in complexity, so does the need to separate groups of network users and resources into logical partitions. Network virtualization enables resource pooling and operational alignment; it provides multiple solutions for centralizing services and security policies while preserving the high availability, manageability, security, and scalability benefits of the existing campus design. Complete solutions must address three primary aspects of network virtualization: access control, path isolation, and services edge.
With Cisco network virtualization solutions for the campus, enterprises can deploy multiple closed user groups on a single physical infrastructure while maintaining high standards of security, scalability, manageability, and availability throughout the campus LAN. A wide range of Cisco Catalyst switches enables enterprises to adopt this framework to use more of their network assets with greater efficiency, allowing them to realize cost savings even as requirements for devices, systems, services, and applications grow. With its virtualization tools, the Cisco Campus Communications Fabric provides the platform for business responsiveness.
Case Study: Reuters
UK-based Reuters is a global information company with a worldwide reputation for reporting speed, accuracy, and independence that promotes decision making around the world. In 2005, Reuters moved its headquarters to a new 10-story office building, and roughly 5000 employees who were previously scattered in disparate office locations were brought under one roof, enabling staff in different organizations to interact more effectively.
For Reuters's IT staff, the move presented several challenges, predominant among which was reducing technology and operation costs. The move was an opportunity to refresh technology and
install a converged infrastructure that would support advanced data, voice, and video services, and improve employee interaction. Prioritized capabilities for the converged network included:
• "Five nines" availability
• High performance
• Tough security
• Compatibility with Reuters's existing Cisco IP infrastructure
Reuters' new showcase network is built on Cisco Catalyst 6500 Series Switches, chosen for their converged network capabilities and high performance. Power over Ethernet and Cisco Intelligent Power Management capabilities in the switches manage the power consumption of IP phones, Cisco Aironet® access points, and IP video cameras. Using power more efficiently lowers hardware and electricity costs. System resiliency built into the core Cisco Catalyst 6500 Series Switches helps to meet the 99.999 percent network uptime requirement. Cisco Catalyst 6500 Series Supervisor Engine 720 switch engines create a 720-Gbps backplane to support 10 Gigabit Ethernet bandwidth down to the wiring closets.
Network Analysis Modules (NAM) in the Cisco Catalyst 6500 Series Switches help ensure high availability for voice and video regardless of network traffic volumes. Employees can connect to the network from their desktops through Cisco IP Phones or wirelessly from anywhere in the building using Cisco Aironet access points. Proactive security is built into all aspects of the network through the Cisco Self-Defending Network architecture.
The company has already experienced significant cost-saving and productivity benefits because Reuters employees work faster and smarter. Among these benefits are significantly lower telephone, mobile, and cellular costs; reduced expenses for adds, moves and changes; and ease of deployment.
Business results for the project included:
• Reuters's IT group received the highest satisfaction ratings for the entire move, compared to other operational groups.
• The project eliminated 3500 annual help-desk requests for phone adds, moves, and changes.
• New voice, video, and mobility applications increased productivity.
Case Study: Zurich Airport
Zurich Airport in Switzerland was faced with the challenge of needing flexible connectivity options and the ability to keep closed user groups isolated. Like many other enterprises, Unique, the operator of Zurich Airport, faces the diverging business requirements of providing the highest applications availability while offering maximum flexibility to accommodate the ever-changing needs of their business environment.
Airport applications such as air control and tower communication demand the highest uptime and must be separated from operations such as baggage distribution, business administration, video surveillance, and public WLAN traffic. Unique offers a broad service portfolio to about 180 other companies that reside within the airport. The airport also hosts a variety of events that require a very flexible architecture in which communities can easily be connected or removed without affecting other groups.
Zurich Airport's business challenge was fourfold:
• Offer reliable network service to all tenants
• Meet clients' wired and wireless demands
• Provide video transmission across the network
• Keep pace with data center and applications growth
The need for flexible connectivity options while keeping closed user groups separated from each other led Zurich Airport to select a Cisco solution using Multiprotocol Label Switching (MPLS) VPN deployed on Cisco Catalyst 6500 Series Switches with the Cisco Catalyst 6500 Series Supervisor Engine 720. The solution afforded the airport a smooth migration, flexibility, and reliability in operations, as well as a great degree of scalability to accommodate future growth. The solution consolidates multiple networks into one highly available network and provides security by keeping customer networks logically separated.
Conclusion: Business Benefits of the Cisco Campus Communications Fabric
In the diverse world of heterogeneous communications media, business requirements favor some means of interactive communications over others. At the same time, business circumstances may dictate what to use: for instance, videoconferencing is unsuitable for someone who may be in transit. Businesses must therefore build their networks to support all kinds of interactive and collaborative applications that serve human interactions, and the Cisco Campus Communications Fabric enables these human interactions by delivering:
• Human collaboration
• Productivity and innovation
• Corporate compliance
• Business continuity
• Operational excellence
• Responsive business
Here is how the Cisco Campus Communications Fabric helps CIOs address the priorities from the earlier list of the top 10 CIO IT concerns:
1. Provides the platform for business responsiveness to rapidly align IT goals with business goals
2. Contributes to reducing OpEx and improving IT productivity, thereby delivering operational excellence
3. Enables multimedia communications and human collaboration, improving the value the network delivers to the business and showing IT-enabled business process improvement
4. Helps ensure compliance by protecting corporate and customer assets for secure, always-on access
5. Helps ensure that the right resources have access to the right data
6. Improves productivity and accelerates innovation, not just through new enabled applications running on a robust network, but for the IT staff though a reduction in firedrill frequency
Zeus Kerravala, an analyst with the Yankee Group, writes, "We're moving into an era where the success or failure of organizations will largely be determined by their ability to collaborate in real time and make critical business decisions in as short a period of time as possible.2 Just as businesses are changing everything to rise to the demands of this new era and better serve the end user, so too is Cisco changing everything about the network to better serve the business. With the Cisco Campus Communications Fabric, Cisco moves campus networks and businesses forward. And Cisco IOS Software, routers, switches, and integrated services are enabling this progress.
Why Cisco?
Cisco has provided consistent vision and investment protection in delivering innovative and reliable network services that constitute the platform for business acceleration. In support of a new framework such as the Cisco Campus Communications Fabric, Cisco has introduced architectural expertise in Cisco SONA and campus networking, exhaustively testing, documenting, and adapting Cisco validated designs, helping make sure that the customer's network properly supports its business now and in the future.
Cisco Catalyst switches are a lasting investment; their flexibility keeps pace with innovations in technologies and products, extending the life of existing switching investments. Thus Cisco Catalyst switching enables a business to provide the right level of service to primary business applications.
Cisco takes a systems approach to bind together all aspects of the network, processes, and applications. For enterprises looking to protect, optimize, and grow their businesses, a network systems approach for infrastructure deployments enables better business resiliency, lower total cost of ownership, greater productivity, and accelerated innovation.
Cisco and its specialized partners also have the breadth of services to help ensure smooth deployment and ongoing operational management. Properly evaluating the capabilities of the campus network can save time in the long term when deploying interactive communications. Cisco and its certified partners can help by performing a discovery audit of the network and making design recommendations.
For More Information
To learn more about the Cisco Campus Communications Fabric, visit http://www.cisco.com/go/ccf.
To learn more about Cisco Catalyst switching products, visit http://www.cisco.com/go/6500.
1From Lippis Report Issue 77, "The New Campus Networking Architecture," February 19, 2007 by Nick Lippis.
2Zeus Kerravala, analyst with The Yankee Group, http://blogs.cisco.com/ituworld/2006/12/telepresence_needs_to_be_exper.html, December 2006.