1© 2005 Cisco Systems, Inc. All rights reserved.
SONA: ENTERPRISE ARCHITECTURE FOR A REAL-TIME WORLD
William Ruh, Senior Director
Cisco Systems
2© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Fast Faster Real-Time
PRODUCTION
TRANSACTIONS
INTERACTIONS
Today’s Business Imperative: Real-Time Interactions
3© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
The Real-Time Supply Chain
ProductionProduction TransactionsTransactions InteractionsInteractions
Monitoring local operations
Limited visibility, monthly planning cycle
Just-in-time inventory management
Real-time to sense, decide and respond
Web-based collaboration across value chain
Fast Faster Real-Time
4© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Business Need
• Reduce transportation costs, spoilage from changed orders
• Installed GPS-enabled logistics system to link delivery trucks and control center
Impact
• Re-route dynamically based on up-to-the-minute customer needs
• Improved customer satisfaction and increased revenue by 15%
• Projected $100 million reduction in operating expenses
Supply Chain InteractionsCemex Optimized Cement Delivery
5© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Industry Inflection Points Historically Drive New Architectures
NETWORK OFNETWORKS
NETWORK OFNETWORKS
Pervasive, open networks
enable client-server
to extend beyond corporate
boundaries (TCP/IP)
INTERNETINTERNET
SERVICE ORIENTEDSERVICE
ORIENTED
New Network Architecture
The network and
applications work
together as an integrated
system(messages)
INTELLIGENT INFORMATION
NETWORK
INTELLIGENT INFORMATION
NETWORK
Source: Gartner, Cisco
PACKETNETWORKS
PACKETNETWORKS
CLIENT-SERVERCLIENT-SERVER
Demand for networks to
connect multivendor
devices (packets)
Integrated system for terminal to
mainframe connectivity (VTAM)
PROPRIETARYNETWORK
PROPRIETARYNETWORK
MAINFRAMEMAINFRAME
We Are At A NewInflection
Point
6© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Addressing a Market in Transition
Message Traffic
Integration Costs
• Dramatic growth in number of applications in the enterprise (from 50 to 500)
• Transition from monolithic apps to SOA (not 500 apps, but 2,500 “application services”)
Exponential growth in application message traffic
• Growth in number, cost,and complexity of systemsto enable application integration and security
• “Conga line” of appliances, new 1RU, 2RU devices
• Management headache, high operations/ people costs
7© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Network = Most Scalable Platform Since the Microprocessor
Services
Services
EnterpriseEnterprise
CommercialCommercialService
ProvidersService
Providers
HomeHome
VoiceVoice
DataData VideoVideo MobilityMobility
8© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Time
Net
wo
rk I
nte
llig
ence
The Intelligent Movement of Data / Voice / Video Across a System of NetworksThe Intelligent Movement of Data / Voice / Video Across a System of Networks
INTEGRATED TRANSPORT
INTEGRATED SERVICES
Virtualized Resources and Services Virtualized Resources and Services
INTEGRATED APPLICATIONS
Network-Enabled ApplicationsNetwork-Enabled Applications
PHASE 1
PHASE 2
PHASE 3
Cisco’s 3–5 Year Technology Vision:The Intelligent Information Network
9© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco’s Technology StrategyThree Components – No Compromises
Intelligent Information
Network
Intelligent Information
Network
FASTERFASTER LASTINGLASTING
SMARTERSMARTER
Global SystemsApproach
Global SystemsApproach
Resilient designIntegrated security and managementAdaptive system functionality
Programmable ASICsDistributed architectureEndpoint-to-endpoint performance
Future-proof architectureInvestment protectionIntegrated technologies
10© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Faster
Custom silicon as advanced as recognized industry players
# Transistors (Million)
# Transistors (Million)
Feature Size/ # Metal Layers
Feature Size/ # Metal Layers
Chip Size(mm2)
Chip Size(mm2)ChipChip
42
25
37.5
29
50
91
56
97
42
25
37.5
29
50
91
56
97
0.18/6M
0.18/6M
0.18/6M
0.15/7M
0.18/6M
0.18/6M
0.13/7M
0.18/6M
0.18/6M
0.18/6M
0.18/6M
0.15/7M
0.18/6M
0.18/6M
0.13/7M
0.18/6M
217
300
128
210
243
180
334
350
217
300
128
210
243
180
334
350
Pentium4
Itanium
Athlon
Ultra-III
PPE
FFE
Metro
NT3
Pentium4
Itanium
Athlon
Ultra-III
PPE
FFE
Metro
NT3
11© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Networked Resources Come In Fixed Packages
Memory Processing Storage I/O
NetworkedInfrastructureComponent
12© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Duplicated, Isolated, Wasted Resources
Memory Processing Storage I/O
Multiple Components
Under-utilized Capacity
13© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Virtualization Allows You to Treat Your Networking Resources as Shared Pools
Memory Processing
Storage I/O
Memory Processing Storage I/O
14© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Resources Can Be Brought Together On Demand
Memory Processing
Storage I/O
15© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Virtualization Lets You Overcome Physical Boundaries and Eliminate Waste
Memory Processing
Storage I/O
Virtual Networked InfrastructureVirtual Networked Infrastructure
• Consolidated, policy-based management
• Simpler alignment of IT resources to business requirements
• Consolidated, policy-based management
• Simpler alignment of IT resources to business requirements
16© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Virtual “Backplane” Between All Resources
Virtual “Backplane” Between All Resources
Utility NetworkUtility
Network
Processor Pool
Processor Pool
Networking PoolNetworking Pool
Storage Pool
Storage Pool
INTELLIGENT SAN SWITCHINGINTELLIGENT SAN SWITCHING
ReplicationReplication
NASNAS
Volume Mgmt.Volume Mgmt.
Backup AssistBackup Assist
INTELLIGENT ETHERNET SWITCHINGINTELLIGENT ETHERNET SWITCHING
FWFW
IDSIDS
SSLSSL
VPNVPN
SLBSLB
Blade ServersBlade Servers
DB ServersDB Servers
Web,E-mailServersWeb,E-mailServers
INTELLIGENT SERVER SWITCHINGINTELLIGENT SERVER SWITCHING
Virtualizing the Data Center
ProcessorVirtualization
ProcessorVirtualization
StorageVirtualization
StorageVirtualization
FileVirtualization
FileVirtualization
NetworkVirtualization
NetworkVirtualization
ServiceVirtualization
ServiceVirtualizationVirtualizationVirtualization
17© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
APPLICATIONS
PACKETNETWORKING
BusinessApplicationsBusiness
Applications
ApplicationInfrastructureApplication
Infrastructure
APPLICATION-ORIENTED NETWORKAPPLICATION-ORIENTED NETWORK
INTELLIGENT NETWORKING
PacketNetwork
ERP WEB
MFG
FIN
CRM SCM
AON: Network Speaking the Language of Applications
18© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CustomerCustomerOrderOrder
OrderOrderEntryEntry FinanceFinance
NormalNormalApprovalApproval
ExceptionExceptionApprovalApproval
ShipmentShipment BillingBilling
Network operations on application messages:
Log
Route
Transform
Validate
Notify
POLICY-BASED
APPLICATION ORIENTED NETWORKINGApplication messaging read by the network
PURCHASE ORDER
ABC Co$25,000Urgent 2 days
Enabling Real-Time Application MonitoringThrough the Network
19© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco AON Core Capabilities
Business EventVisibility
Application-levelSecurity
Application-levelSecurity
Intelligent MessagingIntelligent Messaging
• Reliable messaging• Content based routing• Transformation• Protocol switching• Message distribution• Message load balance
• Reliable messaging• Content based routing• Transformation• Protocol switching• Message distribution• Message load balance
• Authentication• Authorization• Encryption/Decryption• Data integrity/
non-repudiation• Digital signatures• Centralized PKI mgt.
• Authentication• Authorization• Encryption/Decryption• Data integrity/
non-repudiation• Digital signatures• Centralized PKI mgt.
• Event capture, filtering• Logging for audit• Automatic notification• Policy controlled• Feed to dashboards• Link to Network events
• Event capture, filtering• Logging for audit• Automatic notification• Policy controlled• Feed to dashboards• Link to Network events
• Hardware Acceleration (SSL, Crypto, XML)• Message level Caching and Compression• High Availability, Failover, Load Balancing
• Hardware Acceleration (SSL, Crypto, XML)• Message level Caching and Compression• High Availability, Failover, Load Balancing
Application Optimization Extensibility• ADK (for custom adapters)• SDK (for custom bladelets)• AON Technology Partners
• ADK (for custom adapters)• SDK (for custom bladelets)• AON Technology Partners
20© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Application Security Gateway Use Case:Cisco IT (cisco.com)
• Secure, integrated entry pointfor all Cisco online B2B orders
• Lower cost: one box• Multiple application-level
security functionsLogValidate messagesAuthenticate/AuthorizeManage digital certificates/ keysVerify digital signaturesSSL sessions based onapplication ID
AONAON
21© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CPG Supplier
#1
TATAGG
TATAGG
TATAGG
TATAGG
TATAGG
TATAGG
RFID Tag Read
CPG Supplier
#2
TATAGG
TATAGG
TATAGG
TATAGG
TATAGG
TATAGG
RFID Tag Read
WMS
• Event aggregation
• Message logging
• Content-based routing
• Message copy
Filtering and Aggregating RFID Messages at the Edge for Retail Co., Medical Products Co.
• Digital Signature
• Logging
• Partner Integration
• Application LevelEvent (ALE) Filtering
• Message-level Security
• Reliable Messaging
• Reader Virtualizationand Management
AON inISR
AON inCat6K, 7600
22© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
PACKET NETWORK
APPLICATION-ORIENTEDNETWORK
SERVICE PROVIDERS SERVICE CONSUMERS
BusinessProcesses
MobileApps
Portals DashboardsAPPLICATIONS
Operational BenefitsHardware Acceleration,
Pervasive Location, Availability, Manageability
BEA
SAPIBM MS
OracleSun
Shared SOA Infrastructure Services
(Messaging, Logging Transformation, Security,
Protocol Bridging,Reliable Delivery,
Rules-based Routing,Monitoring SLAs, Events)
Policy ControlsFlexible, Real-time,
Distributed Enforcement
Mainframe.NET
JavaPackaged
Apps
AON: Shared SOA Infrastructure Services addressing Deployment Challenges
Pervasive, Universally Shared, Reusable Utilities in the Network
23© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
• Logging, Auditing
• Translation/Protocol Switching
• Message Transformation
• WSDL Filtering
• Rules-based,Content-based Routing
• Reliable Delivery
• Monitoring
• Caching
• Load-balancingand Failover
AON as Web Services IntermediaryBrowser-based
Apps (J2EE)Trading
ApplicationsHR
Applications
BusinessProcessEngine
Branch OfficeSOAP-CompliantClient Apps (VB)
External WebServices
Customer Apps
Back OfficeSOAP-Compliant
Client Apps (VB, J2EE)
Web Service Interfaces
24© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
AON as XML/ Web Services Security Gateway
2. Service Provider JAVA/ApacheAXIS 1.1 Client
Service Provider SOAP .NET Endpoint
AON Certificate Generation/ Import
2. Decrypt SOAP Request Message data field, Log and
Sign message body
Encrypt SOAP Response
message data field
SOAP/HTTP SOAP/HTTP
1. Validate part of SOAP Request Message against
its XSD schema
1. Service Provider SOAP Client
• Schema Validation
XSD schema validation (partial document) on incoming SOAP request message identified by XPath expression
Forward valid SOAP request message to endpoint, discard invalid messages
• Encryption/ Decryption
WSS standard field-level encryption/ decryption
Interoperates with SOAP/ Apache AXIS 1.1 client implementation of WSS
• Digital Signatures of SOAP request message body
• Logging of meta-data about the SOAP request message
3. Encrypt SOAP Response Message
data field
25© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
BusinessBusinessApplicationsApplications
Collaboration Collaboration ApplicationsApplications
PLMPLM
HCMHCM ProcurementProcurement SCMSCM
ERPERPCRMCRM Instant Instant MessagingMessaging
IPCCIPCC IP PhoneIP Phone Video Video DeliveryDelivery
MeetingMeetingPlacePlace
UnifiedUnifiedMessagingMessaging
ServerServer StorageStorage ClientsClients
Application ServicesApplication ServicesApplication ServicesApplication Services
Infrastructure ServicesInfrastructure ServicesInfrastructure ServicesInfrastructure Services
DevicesDevices
ApplicationLayer
InteractiveServices Layer
NetworkedInfrastructureLayer
Places In the NetworkPlaces In the NetworkPlaces In the NetworkPlaces In the NetworkCampusCampus BranchBranch Data Centre
Data Centre
Enterprise Edge
Enterprise Edge
WAN/MAN
WAN/MAN
Tele-worker
Tele-worker
SecuritySecuritySecuritySecurity
MobilityMobilityMobilityMobilityStorageStorageStorageStorage Voice & CollaborationVoice & Collaboration Voice & CollaborationVoice & Collaboration
ComputeComputeComputeCompute IdentityIdentityIdentityIdentity
Middleware and Application PlatformsMiddleware and Application Platforms
Cisco Offerings
Implementing IIN….EnterpriseCisco Service-Oriented Network Architecture
26© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SECURITYSERVICESSECURITYSERVICES
• App security• VPN / SSL• Virtual firewalls• Anti-X• DDoS• NAC• HTTP inspection
• App security• VPN / SSL• Virtual firewalls• Anti-X• DDoS• NAC• HTTP inspection
MOBILITY SERVICESMOBILITY SERVICES
• Indoor• Outdoor• Metro area• Location
based roaming
• Voice
• Indoor• Outdoor• Metro area• Location
based roaming
• Voice
STORAGESERVICESSTORAGESERVICES
• VSAN & IVR• Data replication• Remote backup• Tape acceleration• Point in time copy
continuous data protection
• VSAN & IVR• Data replication• Remote backup• Tape acceleration• Point in time copy
continuous data protection
IDENTITY SERVICESIDENTITY SERVICES
• 802.1X• RADIUS• ACLs
• 802.1X• RADIUS• ACLs
COMPUTESERVICESCOMPUTESERVICES
• RDMA• Server
virtualization• I/O
virtualization
• RDMA• Server
virtualization• I/O
virtualization
VOICESERVICES
VOICESERVICES
• IPT• E911• Presence
Services
• IPT• E911• Presence
Services
Interactive Services LayerCustomer Value and Cisco Differentiation
INT
ER
AC
TIV
ES
ER
VIC
ES
L
AY
ER
INT
ER
AC
TIV
ES
ER
VIC
ES
L
AY
ER
INFRASTRUCTURE SERVICES
INFRASTRUCTURE SERVICES
Identity ServicesIdentity ServicesIdentity ServicesIdentity Services
Compute ServicesCompute ServicesCompute ServicesCompute Services
Voice &Voice &Collaboration ServicesCollaboration Services
Voice &Voice &Collaboration ServicesCollaboration Services
Storage ServicesStorage ServicesStorage ServicesStorage Services
Mobility ServicesMobility ServicesMobility ServicesMobility ServicesSecurity ServicesSecurity Services
Security ServicesSecurity Services
Ad
ap
tive
Mn
gm
nt
Ad
ap
tive
Mn
gm
nt
Se
rvic
es
Se
rvic
es
Ad
ap
tive
Mn
gm
nt
Ad
ap
tive
Mn
gm
nt
Se
rvic
es
Se
rvic
es
APPLICATION SERVICESAPPLICATION SERVICESAPPLICATION SERVICESAPPLICATION SERVICES
Application Delivery & OptimizationApplication Delivery & Optimization Application-Oriented NetworkingApplication-Oriented Networking• Intelligent message routing (translation,
transformation, reliable delivery) , SOA support• Application-to-application security• Application message/ business event visibility
and responsiveness
• Intelligent message routing (translation, transformation, reliable delivery) , SOA support
• Application-to-application security• Application message/ business event visibility
and responsiveness
• Application Velocity System• Wide Area Application Services• Content Services Switch/ Content Services Module• Application Control Engine
• Application Velocity System• Wide Area Application Services• Content Services Switch/ Content Services Module• Application Control Engine
27© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
The Challenge…
Main office
Branch office
mySAP Business
Suite
28© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco and SAP Join Forces
ERP WEB
MFG
FIN
CRM SCM
Intelligent Packet Network
ApplicationOrientedNetwork
EnterpriseServicesArchitecture
Business Processes Accessible Through Enterprise Services
AONAONESAESA
SSL
29© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Management of Subsidiaries/Branches
mySAP
AON Management Console
AON
Start-up/Shut down
Checking status
Master data update
Intercompany process
NetworkAON
Subsidiary: NairobiHeadquarters
30© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Management of Subsidiaries/Branches
Subsidiary: NairobiHeadquarters
mySAP Cluster
AON Management
Console
AON
NetworkAON
Send Invoice
Application programs and messaging
The IBM MQSeries range of products provides application
programming services that enable application programs to
Application programs and messaging
The IBM MQSeries range of products provides application
programming services that enable application programs to
Application programsThe IBM MQSeriesprogramming services that
Application programs andThe IBM MQSeriesrange of products provide programcation programs to
Application programsThe IBM MQSeriesprogramming services that
Application programs andThe IBM MQSeriesrange of products provide programcation programs to
Transformation, Protocol translation, digital signing, encryption
Decrypt, & AuthenticateContent Based Route to Fastest Server
Process Order
31© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco SONA Accelerates the Network's Role in Transforming Business Processes
On Demand, Adaptive Enterprise, etc.
Disruptive Technologies (e.g. RFID, Infiniband)
Virtualization, GRID Computing
SOA
BusinessApplications
Ap
pli
cati
on
La
yer
Collaboration Applications
Netw
ork
ed
In
fra
str
uc
ture
L
ayer Server Storage Clients Network
Inte
racti
ve
Serv
ices
La
ye
r
Application Services
Infrastructure Services
Ad
ap
tive
M
an
ag
em
en
t S
erv
ices
BusinessApplications
Ap
pli
cati
on
La
yer
Collaboration Applications
Netw
ork
ed
In
fra
str
uc
ture
L
ayer Server Storage Clients Network
Inte
racti
ve
Serv
ices
La
ye
r
Application Services
Infrastructure Services
Ad
ap
tive
M
an
ag
em
en
t S
erv
ices
SONA
32© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Key Takeaways
• The network is the only common, single element that connects and enables all components of the IT infrastructure
Only Cisco offers a comprehensive network infrastructure and intelligent networking services
• Cisco SONA enables businesses to benefit from the “network multiplier” effectOptimizing business processes and applications
• Cisco lifecycle services, proven enterprise architectures and experience across industries can help you meet your business imperatives in real-time
Convergence and Integration Virtualization Automation
33© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential