Today branch office infrastructure features two prominent service deployment models.The first model centralizes all applications into the Data Center and delivers them over the WAN. The branch is as lean as possible, containing primarily end-point client devices.In the second model the services are decentralized and hosted in the branch office. Only necessary traffic traverses the WAN, for example data backup and recovery.EXAMPLE:Unified Communication is one example where both of these deployment models feature prominently. Cisco Unified Call Manager Express with Cisco Unity Express meets the needs of Enterprises that require the decentralized deployment model. Cisco Unified Call Manager with Cisco Unity deployed in the data center and supported in the branch with Survivable Remote Site Telephony meets the needs of Enterprises that require the centralized deployment model.In practice, the centralized and decentralized service deployment models are just two opposites of a much larger continuum of service deployment models. When all relevant Branch Office services are taken into consideration some may be centralized, others deployed locally, leading to many different hybrid deployment models.What are the implications of today’s service deployment models?
While full application and infrastructure centralization would be the ideal scenario for all organizations, in practice it is often difficult to achieve. Typically a long geographic distance separates the end-user in the branch office from the application processing environment in the data center. Because of this geographic distance, the corporate WAN and the Internet have several inherent limitations that impact the quality of user experience with the application.The first user experience challenge is in the area of application performance. Following WAN speed limitations impact the performance of a centrally hosted application: Latency: physical distance and mechanics of the TCP protocol introduce a delay into the user-application interaction. Delay leads to a sluggish response time for the applicationBandwidth: cost dictates how much bandwidth is available at a remote location. Competition between users for bandwidth or data intensive applications leads to diminished responsiveness for the applicationIf business requirements dictate that an application has to have specific performance target, be it response time or number of transactions, that application may have to be hosted locally to achieve this service level.The second user experience challenge is in the area of application availability. Following WAN quality limitations impact the availability of a centrally hosted application:Reliability: WAN outages do occur and backup links may either be too expensive, too limited, or altogether unavailable in the area. WAN outages make the centrally hosted application unusableCongestion: Bandwidth is typically oversubscribed which often results in congestion, which in turn, leads to spotty availability of the applicationsIf business requirements dictate that an application has to have a specific availability target that application may need a local, lightweight proxy that makes the application survivable during a WAN outage or congestion event.The third user experience challenge is in the area of compliance. Storing application data off-site - across the WAN, or more worryingly the Internet, impacts centrally hosted applications in the following ways:Data privacy: certain regulatory policies (for example Health Insurance Portability and Accountability Act (HIPAA) in the US) dictate that data has to be “always-available” or have stringent security requirements. Compliance rules are often simplest to implement when the application generating the data is localApplication access: Remote applications, especially applications hosted in a public Cloud, require multiple sign-ons, which reduce user satisfaction with centrally hosted applicationsIf regulatory requirements dictate that an application has to be local, or if corporate security policies constrain how an application is accessed, that application may have to be hosted locally to comply.
What are the typical applications that would run in a “lean” branch office?Generally speaking they fall into 3 categories:Core Windows ServicesDHCP server – Layer 2 service that may be difficult or performance prohibitive to implement across the WANActive Directory Domain Services – Services needed to access resources on Microsoft networks needed locally in the branch for survivability reasonsDNS server – Name to IP address resolution service needed locally in the branch for survivability reasonsPrint services – Local hosting eliminates sending large files from client device to centralized print service and back to a local printerFile services – Local file system often used for performance and survivability reasonsMission Critical Business applicationsPoint of Sale (POS) server – Needed locally in case of WAN outageBank Teller control point – Needed locally in case of WAN outageElectronic Medical Records (EMR) – Needed locally because of HIPPA complianceInventory Management – Needed to manage local inventoryClient Management Services – Software to manage PCs in the branchSoftware Update and Patch Software – Prevents multiple PCs trying to download the same patch at the same timeClient Monitoring Services – Traffic and security monitoring that cannot be done real time over the WANBackup and Recovery – Local backup and recovery softwareTerminal Server Gateway – Terminal server for logging into client devicesAll of the above are examples of applications that defy centralization and in most cases are required to be hosted locally in the branch office.
Focusing on each component, lets’ start with the ISR G2.For UCS E-Series Servers, ISR G2 functions as the server blade enclosure. The advantage of this approach is that the ISR G2 is the most widely deployed branch office device and already has slots for various networking modules. Now you can re-use the same slots for x86 blade servers.The ISR G2 has a rich set of functionality. The features that are relevant when considering it in the context of a blade server chassis are the following:1,2,4 blade slot options depending on the ISR G2 model. 2911 and 2921 have 1, 2951 and 3925 have 2, and 3945 has 4The router provides comprehensive security measures to prevent un-authorized access, but also unlike stand-alone servers, blade servers reduce the physical attack surface by eliminating wires to tap into, ports to listen on, monitors to peek at.The 3900 ISRs have options for redundant power supplies to improve high availabilityMulti-Gigabit backplane switch allows direct access to the LAN either through EHWIC or SM EtherSwitch modules, without sending the traffic through the router CPU ISRs have typically 5-6 year service life, but have been designed to last much longer. The overall system MTBFs are in 250K-300K range compared to 100K-150K for a typical branch serverISR G2 with slots come in 2 or 3 RU form factorsUnlike any other device on the market ISR G2 can consolidate ALL branch office services into a single box. These include:Connectivity: LAN and WANMobility: Wireless LAN and WANApplication Performance: WAN optimizationSecurity: VPNs, Firewalls, IPS, AAACollaboration: voice gateways, video processing, call management, and voicemailApplication platforms: network integration for applications
The Cisco UCS E-Series Server Modules extend the Cisco UCS product portfolio to meet the needs of customers who want to deploy a virtualization-ready computing infrastructure in the branch-office environment while maintaining a lean branch-office architecture. The server modules are available in two form factors: a single-wide module and a double-wide module. The single-wide module includes a four-core Intel Xeon E3 processor and occupies a single service module slot in the Cisco ISR G2 device.It following are the features in detail Memory: 8 GB (default: one 8-GB DIMM) and up to 16 GB (two 8-GB DIMMs)Power efficiency: The highest-end SRE consumes only 50 Watts of power versus 300-400 Watts consumed by a comparable tower serverStorage access: The internal Gigabit Ethernet ports offer iSCSI initiator hardware offload functionalityCPU: Intel Xeon E3 family quad-core processor. Lights-out hardware management: Cisco Integrated Management Controller can manage one or multiple blades out-of bandDisk: Up to two: 7200-RPM SATA: 1 TB or 10,000-RPM SAS: 900 GB or 10,000-RPM SAS SED: 600 GB or SAS SSDSLC: 200 GBRAID: œ Hardware RAID 0 and 1 œ LSI MegaRAID controllerPhysical dimensions: wire-free, plug-and-play modularity, with low shipping weightFront-panel connectors: One KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)Power management: Manual and schedulable on/off times that can be configured remotely
The double-wide module occupies two Cisco ISR G2 service-module slots side by side and includes either a four-core or six-core Intel Xeon E5-2400 processor with more RAM and storage capacity than the single-wide module. The double-wide module also has a PCIe card option for expanding external network and storage I/O.It following are the features in detail Memory: 8 GB (default) and up to 48 GB (three 16-GB DIMMs)Power efficiency: The highest-end SRE consumes only 50 Watts of power versus 300-400 Watts consumed by a comparable tower serverStorage access: The internal Gigabit Ethernet ports offer iSCSI initiator hardware offload functionalityCPU: Intel Xeon E5-2400 quad core (Cisco UCSE140) or six-core (Cisco UCSE160) processor Lights-out hardware management: Cisco Integrated Management Controller can manage one or multiple blades out-of bandDisk: Up to two: 7200-RPM SATA: 1 TB or 10,000-RPM SAS: 900 GB or 10,000-RPM SAS SED: 600 GB or SAS SSDSLC: 200 GBRAID: Cisco UCSE140D and E160D: Hardware RAID 0, 1, and 5 ● Cisco UCSE140DP and E160DP: Hardware RAID 0 and 1 ● LSI MegaRAID controllerPhysical dimensions: wire-free, plug-and-play modularity, with low shipping weightFront-panel connectors: Front-panel VGA, 2 USB, and serial console connectorsPower management: Manual and schedulable on/off times that can be configured remotely
1. Jay ChokshiSr. Product ManagerAug 27th 2012© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
2. Continuum of Service Deployment Models Centralized Service Deployment Data Center Storage Security Deployment ContinuumMail Servers WAN Voice Systems Web Servers File Servers File Server Web Server Mail Server Decentralized Service Deployment © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3. Reliance on WAN Impacts User Experience Performance Availability Compliance WAN Speed Limitations WAN Quality Limitations Off-Site Data Limitations • Latency • Reliability • Privacy • Bandwidth • Congestion • Access Performance Targets May Require Local Availability Targets May Require Local Compliance Policies May Require Local Processing Survivability Presence© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
4. Extending enterprise-class features to ensure maximum uptime and uninterrupted access for end users. Centralized VDI Distributed VDI© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5. WAN Edge Applications That Defy Centralization Mission-Critical Business Core Windows Services Client Management Services Applications • DNS and DHCP servers • Point of sale server • Software update service • Microsoft active directory • Bank teller control point • Client monitoring service • Windows print services • Electronic medical records • Backup and recovery • Windows file services • Inventory management • Terminal server gateway • Others • Others • Others© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
6. Examples of Virtualized Desktop Scenarios and Use Cases© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
7. Store Back OfficeReduce Store IT needs and operational costs Business Scenarios • Store management desktop • Staff self-service kiosk • Device consolidation – PC, phone, video • Cloud applications Business Benefits Traditional Desktop Virtual Desktop (Every user has own PC) • Rapid deployment • Uniform desktop across stores Server • Secure business data and intellectual property • Local computer – Desktop, Applications, data, hardware • Reduced energy costs • Power for every device • Phone not integrated with computer application • Application specific to computer • User data only available at computer • Slower application experience© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Confidential 7 7
8. Mobile Store OperationsMobile enable desktop applications Business Scenarios • Store business intelligence • Management Visibility • Mobile enable legacy applications • Staff collaboration • BYOD Business Benefits • Employee applications follow employee across devices • Applications not local to mobile device • Any device can run mission critical apps with superior and reliable experience • Staff retention© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Confidential 8 8
9. Virtualize the Point of Sale Thin POS Business Scenarios • Mobile Point of Sale • Self-Service Check-out • Cash Wrap device consolidation Business Benefits • Rapid deployment • Rich media experience • Easy to scale • Data stored locally which can be backed up centrally • Store infrastructure cost reduction • Energy costs savings© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Confidential 9 9
10. Hardware Lock-in Is a Barrier to Borderless Services Complex and Hardwired Architecture With Overlay Appliances Branch Office Infrastructure Footprint Must Be Minimized to Overcome Cost, Staff, Administration, and Complexity Issues© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
11. Use Slots on Most Widely Deployed Branch Device Highly Secure Platform with Direct UCS E -Series Redundant Power Long Service Life 2x Typical Small Attack Surface Blade-to-LAN Connectivity Supply Options Blade System One, Two, and Four Blade Slots Two and Three Options RU Options All-in-One Device for WAN Optimization Branch Services Application Hosting Wireless LAN/WAN Unified Communications Routing/Switching Security© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
12. Compact, Multipurpose Blade Housed in ISR G2 Maximum 65 W Power Draw Intel Xeon E3 Family Quad- 80 Percent Less than Server Core Processor iSCSI Initiator 8, 12, and 16 GB Hardware Offload DRAM Options Configuration and Management Through CIMC Remote and Schedulable Power Management Two SD cards: One for the CIMC and Temporary Storage One External and Two of OS and One for a Blank Internal GE Ports Virtual Drive 10/100 Ethernet Up to 2 SATA, SAS or SSD Hard Drives Management Port KVM Console Connector USB 2.0 Port for External Device Connectivity Wire-Free, Plug-and-Play Modularity, On-Board Hardware RAID 0/1 with Low Shipping Weight (2.5 lb/1.1 kg) Hot-Swap Capability© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
13. Compact, Multipurpose Blade Housed in ISR G2 Maximum 130 W Power Draw, 8 GB - 48 GB 80 Percent Less than Server Intel Xeon E5-2400 Quad Core iSCSI Initiator DRAM Options or Six-Core Processor Hardware Offload Remote and Schedulable Power Out-of-Band Management Configuration and Management Through CIMC Front-Panel VGA, 2 USB, and Serial Console Connectors Up to 3 SATA, SAS, SSD Hard Drives Two SD Cards: One for the CIMC or 2 HDD and a PCIe Card and Temporary Storage of OS and One for a Blank Virtual Drive On-Board Hardware RAID 0, 1, and 5 •Configuration Options with Hot-Swap Capability Two External and Two Internal GE Ports with TCP/IP Acceleration Wire-Free, Plug-and-Play Modularity, Low Shipping Weight (7 lb / 3.2 kg)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
14. TCO View for Remote Office Branch Office Solution 70% Savings Wireless LAN Controller WAN Opt. Security Voicemail Appliance - Overlay Appliances Cisco ISR G2 Truck Roll Facilities CapEx Productivity Loss Power Consumption Maintenance Support