Unified Network Services (UNS) is one of the three architectural pillars of Cisco’s Data Center Fabric, along with Unified Fabric and Unified Computing Services (UCS). UNS represents our portfolio of Layer 4-7 application services, including security, WAN optimization, application controllers, network monitoring and orchestration. This TechWise TV episode is a great overview to the vision behind UNS and the benefits of pulling this all together, especially for virualized and cloud environments.
This week’s focus on Cisco’s Unified Network Services (UNS) portfolio looks at cloud orchestration and the concept of a Network Hypervisor. What is a “Network Hypervisor”?
In the same way that a traditional hypervisor can offer up a modular, replicable set of virtual server resources (including OS, CPU slice, network interfaces), a network hypervisor is a modular abstraction of reusable network services to assemble a flexible data center or cloud infrastructure. Sounds interesting so far, but what does the network hypervisor actually do?
The first function is to allow organizations to pre-define and replicate the modular network containers that abstract a rigid underlying network infrastructure from the needs of individual applications and services. An example of a network container might be defined to include individual components such as logical VM ports, load balancer and firewall. This logical network environment can be assigned and isolated to a particular tenant to provide the network services a particular application needs and where the application VMs can be placed. The figure below shows how some modular, pre-defined containers can be nested and plugged together to offer customized services for a particular tenant. A small number of defined containers can be replicated and plugged together in a large number of permutations to address a wide range of application requirements.
These flexible, pre-defined containers can be device agnostic, just like their server counterparts, and help provide security and quality of service through tenant isolation, as well as application resiliency. During the application and VM provisioning process, the defined network containers advertise their capabilities and are deployed along with the VM in the proper locations. Just like the VMs they are aligned with, the network containers are location-independent and handle all the changes required during VM-mobility, ensuring that the application has the same network services in the new location. Obviously this goes well beyond just the layer 2 and 3 networking services, through to the layer 4-7 application services like load balancing, WAN optimization, and security as mentioned earlier.
As reported in InformationWeek (click here for full article):
Cisco today announced that United Bank of India, one of India’s leading nationalized banks, has chosen to deploy Cisco’s Wide Area Network (WAN) optimization solution across all of its 1,600 plus branches. The solution, to be deployed by Wipro, is amongst the largest globally, for any Public Sector Bank. The network will help enable UBI’s vision of providing the benefits of banking to rural and agricultural economies, and to India’s burgeoning small and medium-sized enterprise sector.The solution will include 1,600 plus Cisco Wide Area Application Services (WAAS) devices, Cisco’s WAN optimization solution, in addition to application accelerators for the data centre and disaster recovery sites.
The Unified Network Services (UNS) portfolio of Layer 4-7 services (such as ACE and WAAS) also includes Cisco’s data center security solutions. A critical part of that security portfolio is our virtualization-aware firewall solution, Virtual Security Gateway (VSG). In a series of upcoming blog posts, I’ll be sharing a few use case scenarios that our customers are implementing with VSG.
For those of you new to VSG, I’ll point out that VSG’s role is to act as a virtual firewall between zones of virtual machines. Isolating traffic between VM zones has been very challenging prior to VSG because: 1) security policies have to be enforced between VMs running on the same server or same virtual switch (where there’s no place to put a firewall), 2) VMs move all around the network and the security policies (as enforced in the firewall) must follow the VM, and 3) the need to maintain segregation of duties for compliance purposes between the security and application server teams, where security is potentially enforced inside the virtual server.
Unified Network Services (UNS) is the portfolio of L4-7 network services and data center security products within the Data Center Business Advantage architecture. This week’s UNS spotlight is on Cisco’s Network Analysis Module (NAM), which provides network administrators deep visibility into network traffic and applications to help ensure consistent and cost-effective delivery of service to end users.
NAM is the foundation for establishing and verifying quality of service (QoS) policies, undertaking WAN optimization projects, and rolling out voice over IP (VoIP). It can also detect when configuration changes inadvertently degrade application performance, and provides clear insight towards rapid remediation. Consistent with many other UNS portfolio products, the NAM product family includes integrated service modules, virtual service blades and stand-alone appliances offering deployment flexibility and consistent performance visibility from the branch to the data center.
As a proof point of Cisco’s unified L4-7 service offerings, NAM offers end-to-end application performance visibility for Cisco Wide-Area Application Services (WAAS) deployments to help maximize your WAN acceleration efforts. NAM can help identify candidate sites and applications that will benefit the most with WAN optimization while quantifying and validating the impact of WAAS on application and network performance. The real-time visibility can also be used for ongoing optimization and troubleshooting performance degradation. The following graph shows the immediate impact of WAAS on transaction time for a particular application.
We are now offering a series of NAM Webinars to learn about Catalyst 6500 10G NAM-3 blade and new innovations in the latest Cisco Prime NAM software release 5.1. Register here. (Also, here is a short video on what’s new in the recent release of NAM software 5.1)
In addition, learn about the next-generation Catalyst 6500 NAM-3 blade to simplify operational manageability in Multi-Gigabit Ethernet deployments. Register Now – May 24 and May 25 We look forward to having you join us.