Vous êtes sur la page 1sur 24

A P P L I C A T I O N

N O T E

Overcoming Application Performance Challenges with Application-Assured Business VPN Services

Abstract
Operators face many challenges as they strive to keep pace with the demand from small, medium and large enterprises for business services. In this very dynamic market, operators must respond with solutions that meet many criteria, including high availability, security, cost effectiveness, quality, manageability, scalability and, most recently, the ability to assure the operation of business applications. This application note focuses specically on this last requirement and describes how the Alcatel-Lucent Application-Assured Business VPN Services solution offers operators the ability to move up the value chain by enhancing their existing virtual private network (VPN) service offerings for enterprises with application assurance. Most enterprises have little or no visibility of their business applications or how these applications are performing over the wide area network (WAN). Operators can address this shortfall and differentiate their services by offering application performance assurance for their business VPN services. One option for enabling application assurance is to rely on costly standalone WAN optimization appliances, which essentially provide a quick x. However, as this paper illustrates, operators would be well advised to implement an integrated network-based approach for the delivery of applicationassured VPN services. VPN-based application enablement reduces the cost for operators in comparison with standalone solutions, and is readily aligned with the enterprises application performance goals without signicant additional complexity. By offering this comprehensive, end-to-end assurance solution, an operator can more effectively address the enterprises application-centric requirements and differentiate its VPN services from the competition.

Table of contents
1 2 1. Enterprise challenges provide opportunities for operators 2. Transitioning from service-aware to application-assured VPNs

3 2.1  Comparing network-based application assurance solutions with CPE-based WAN optimization solutions 5 3. Alcatel-Lucent Application-Assured Business VPN Services solution

8 3.1 Application identication 9 3.2 Application monitoring and reporting 12 3.3 Application assurance 15 4. New revenue potential with the Alcatel-Lucent AA-BVS solution

16 4.1 Market opportunity 16 4.2 Service penetration and revenue 17 4.3 Associated service installation and operation costs 18 19 5. Conclusion 6. Abbreviations

1. Enterprise challenges provide opportunities for operators


While enterprises are increasingly reliant on their business applications for successful day-to-day operation, most enterprises have little or no visibility of how the applications are performing over the wide area network (WAN) services they purchase. Business applications continue to grow and place greater demands on the enterprise WAN. Applications are being centralized at data centers, and real-time voice, multimedia and business-critical data applications are converging on a unied communications infrastructure. Furthermore, the highly distributed and collaborative nature of business makes it critical that applications be optimized for availability and performance across multiple locations, via the WAN. These applications are the lifeblood of the enterprise and the impact of poor application performance can result in higher operating costs and often translates directly into lost business. Maintaining visibility of these business-critical applications to ensure optimized performance and to detect application issues can be a huge challenge for IT departments. Many enterprise IT departments have limited resources and cannot afford to proactively monitor the performance of their applications across the WAN. As a result, they have tended to only address an application issue when they encounter a problem that is impacting users and business processes. Operators have an opportunity to capitalize on this gap by enhancing their existing WAN service offerings with the ability to monitor and address application performance issues. According to a recent study by Ovum-RHK, enterprises are willing to pay for this kind of service from operators, as shown in Figure 1. By outsourcing this function to the operator, the enterprise can free up valuable resources and reassign its internal operational support teams. Enterprises will place considerable trust in operators that can assure application performance. The Ovum study interviewed 150 enterprises located in Europe and the United States of America, including a mix of small, medium and large enterprises. The study looked at the adoption of WAN optimization as a managed service overall, and specically what enhancements enterprises would be willing to pay for. A very signicant 30 percent of enterprises claim that they would pay extra for improved quality of service (QoS) to guarantee the performance of mission-critical applications and 27 percent would pay extra for improved ability to optimize bandwidth and justify bandwidth upgrades. Twenty percent would be prepared to pay extra for consultancy services to help them with application performance monitoring/reporting and for solutions that improve the performance of applications. This study shows not only a willingness to pay, but that the might be willing to pay segment is very large and will be sensitive to the value of the offering.
Figure 1. Enterprises are willing to pay for WAN optimization as a managed service (Ovum-RHK)

Source: Ovum: The adoption of WAN Optomization as a managedervice. July 2008 150 Enterprises in USA and Europe

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

As further proof that there is a market for application assurance solutions, IDCs U.S. WAN Manager Survey, 2008 found that 51 percent of 368 enterprises stated that they would use a managed WAN optimization service from an operator, and 37 percent would use a combination of a managed service from an operator and an in-house solution. The remaining percentage of enterprises would continue to use a solution managed by their in-house IT staff, for now. A recent study from In-Stat, WAN Management/Security Solutions Survey, Sep 2008, also identied that: The majority of IT managers are under pressure to maximize the value of existing resources and contain costs, while the lack of application visibility has led to unpredictable and failed projects, and cost overruns. The top issue for a majority of IT directors is achieving consistent end-to-end application performance. However, most IT directors did not know what applications were running on their WANs, making it difcult for them to address this issue. The majority of WAN optimization deployments to date have been implemented by enterprises themselves because the alternative options from operators have either been limited in capability and scale or very costly. (IDC currently tracks this market to be approximately one billion United States dollars.) Recent service models by some operators have relied on costly standalone solutions or poorly scalable WAN optimization appliances as a quick x way to get started. The Alcatel-Lucent network-based application enablement approach delivers application-assured virtual private network (VPN) services and aligns with the enterprises application performance goals. This more strategic approach gives operators a very cost-effective way to differentiate their business VPN service offering.

2. Transitioning from service-aware to application-assured VPNs


To be in a position to offer cost-effective, managed WAN optimization services, operators must transition their services from service-aware VPNs to application-assured VPNs1. Moving to application-assured VPNs expands the reach and value of an operators business VPN service portfolio, and enables the operator to transition from a connectivity provider to a provider of both connectivity and business application intelligence to the enterprise. Table 1 summarizes the key attributes that are associated with service-aware VPNs and application-assured VPNs.
Table 1. Comparing attributes in service-aware and application-assured business VPNs
ServIce-aware BUsIness VPN AppLIcatIon-assUreD BUsIness VPN

 Network availability (either for the entire VPN or on an individual site basis) Service-level visibility Packet loss (per class of service) Roundtrip delay Jitter Mean time to repair Service operations, administration and maintenance (OAM) No, or limited, ability to diagnose on a per-application basis

A  ll of the service-aware VPN attributes, plus: Per-application identication/recognition  A pplication reporting, including application trafc mix and problem identication and localization  A pplication assurance, including per-application ne tuning to optimize performance A  pplication protection, encompassing the identication of unwanted trafc and controlling access to the VPN to those applications dened to run on the VPN

The primary responsibility of service-aware VPNs is to ensure the operators network and service performance objectives are met. There is limited focus on applications: it is assumed the application performance is acceptable if the service performance objectives are met. The VPN service assigns different classes of service (CoS). The CoS denes the service pipe into which applications will be classied by a trusted customer premises equipment (CPE) device, which in turn determines its prioritization (for example, Gold, Silver, and Bronze). This does not help address the enterprises top issue (as identied by In-Stat), which is to have per-application visibility and control, without some form of costly CPE-based application-aware classication.

1T  hese VPN services encompass IP VPNs, Carrier Ethernet VPNs (including Virtual Private LAN Services (VPLS) and Pseudowire Emulation Edge to Edge (PWE3)), and IPSec.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

An application-assured VPN ensures per-application performance objectives are met through application recognition and optimization. This is enabled through a network-based approach that provides per-application classication and end-to-end assurance from both trusted and untrusted CPE devices, that is, it ensures managed end-to-end application performance, in addition to the network assurance attributes identied for service-aware VPNs. An application-assured business VPN solution provides many benets, including: Tiered business VPN service plans, as shown in Figure 2, ranging from basic VPNs and ServiceAware VPNs to Application-Assured VPNs, offering protable customer contact with positive up-sell opportunities Service differentiation, enabling the operator to avoid VPN commoditization and price erosion against competitive offerings New service revenue through application reporting and assurance at significantly lower deployment costs, compared to standalone WAN optimization appliances, with faster time to market, enabling incremental revenue streams with lower overhead Greater upsell opportunities for VPN connectivity itself as ICT Directors can readily justify WAN services as they relate directly to application and business performance for the CIO. Enhanced customer loyalty, by becoming a strategic partner to the enterprise, with incremental value
Figure 2. Increased revenue and customer loyalty with application-assured VPNs
Meeting enterprise application-centric requirements Applicationassured VPNs Operator revenue
VP N se rv

s ice

Application signatures Flow-based Layer 4-7

Application assurance

Service-aware VPNs

r Tie

ed

+
Network assurance

VPLS, VPWS, IP VPN (Layers 2 and 3) MPLS-enabled carrier Ethernet Service attributes (HA, H-QoS, OAM, scale)

Basic VPNs

Connectivity IP VPN Commodity pricing

VPN services

2.1 Comparing network-based application assurance solutions with CPE-based WAN optimization solutions Network-based application assurance differs from the rst wave of application optimization/acceleration solutions available, which are based on standalone CPE appliances. These rst-generation deployments are WAN overlays with a specialized appliance, generically referred to as a WAN optimization controller (WOC), which require an up-front capital expenditure (CAPEX). The different approaches are summarized below and illustrated in Figure 3.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

CPE appliance approach An application optimization and acceleration solution where WOC appliances are deployed on premises usually at both the enterprises data center and branch ofce locations. Existing WAN optimization solutions, which are widely accepted for networking of large sites served by T1/E1, T3/E3 or STM-x/OC-x connections, have not proven cost effective for deployment in a multi-site, distributed network. For sites with low speed or broadband access, the hard cost payback period is long or uncertain due to the cost of the additional appliances. Also, managing hundreds or thousands of devices across the distributed network introduces complexity which can tax already overburdened support staff. Additional costs include truck rolls to each CPE location adding to the burden of deployment, conguration, ongoing monitoring, and maintenance of yet another network device at each site. As well, many CPE solutions employ proprietary end-to-end encapsulation and ow control techniques that prevent service interoperability with other CPE appliances. Network-based approach A VPN application identication, reporting and assurance solution where capabilities are embedded within the operators IP/MPLS network to support hundreds or thousands of enterprise VPNs. The combination of a VPN and WAN optimization intelligence at the network service edge can deliver a highly cost-effective, application-aware enterprise networking solution. It enables the operator to cost-effectively deliver application assurance SLAs for prospective customers who may be sensitive to the higher costs of a dedicated WAN optimization appliance. In addition, once deployed, it can easily be activated for new sites, or new customers through remote management, with visibility and control through a simple service portal. This eliminates the need for truck rolls and dramatically reduces the time to market. This approach is provided by integrating WAN application assurance technology within network provider edge (PE) nodes.
Figure 3. Comparing the delivery of network-based application assurance and CPE-based application optimization
Network-based HQ Dedicated CPE appliances HQ

App servers

App servers WOC

CPE

CPE

AA-ISA Application assurance in PE AA-ISA 7450 ESS CPE 7750 SR WAN AA-ISA 7450 ESS CPE 7450 ESS CPE 7450 ESS CPE 7750 SR WAN Book-ended per site

WOC

WOC

Remote locations

Remote locations

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

A network-based application assurance solution can be extremely effective for deployment in a multi-site, distributed network enabling the operator to realize the following benets: Application visibility, which enables per-application traffic analysis and reporting on a per-VPN, per-site or per-customer basis Support for all business VPN services, regardless of the access type connecting the enterprise site, which can range from less than 2Mb/s to 10 Gb/s Matching of the VPN service to per-site specific application needs (such as volume of use by time and application) Scalable performance, dependent on the operators specific infrastructure; for example, an operator with Alcatel-Lucent 7750Service Routers (SR) and Alcatel-Lucent 7450 Ethernet Service Switches (ESS) can scale up to 70 Gb/s of application processing per node to support hundreds and thousands of enterprise VPN sites. Reduced time and investment to operationalize the solution. Integrating the application intelligence into the network nodes reduces complexity and eliminates the need for truck rolls to CPE locations. Also, an integrated service management capability minimizes the installation and provisioning times. The ability to offer service portals at an incremental charge to enterprise customers to enable them to monitor their application statistics, download customized application performance reports, and manage their VPNs themselves through application-based policy control. The network-based solution is deployed once by the operator and can be offered to all enterprise customer VPN sites at minimal cost. Also, the application assurance service can be activated in minutes remotely, without requiring onsite installation.

3. Alcatel-Lucent Application-Assured Business VPN Services solution


The existing Alcatel-Lucent Business VPN Services (BVS) solution enables operators to support the convergence of IP voice, data and video over Layer 2 and/or Layer 3 business VPNs. Enhancing the BVS solution with application assurance to deliver Application Assured Business VPN Services (AA-BVS) enables operators to leverage their existing IP/MPLS network and service management infrastructure and offer application-level visibility and policy control with minimal incremental investment. It also enables the operator to tailor VPN services to each enterprises unique application performance requirements. The Alcatel-Lucent AA-BVS solution provides the ability to recognize applications and application ows through the network. This in turn enables the operator to report on the applications and/or apply application-level QoS controls. The AA-BVS solution supports multiple small, medium and large enterprise customers and hence provides dramatic cost savings over a comparable WOC appliance approach.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Figure 4. Network-based application assurance provides greater VPN coverage at a fraction of the cost

High

CPE-based WAN optimization

Low Existing VPN services

Cost ($$)

Network-based AA-BVS

Reporting

Optimization

Acceleration

Application awareness function The network-based Alcatel-Lucent AA-BVS solution enables operators to cost-effectively address the majority of enterprise VPN sites

Figure 4 illustrates the potential costs faced by an operator when deploying dedicated CPE WAN optimization appliances at the enterprises premises in comparison to deploying the Alcatel-Lucent AA-BVS solution. Given that the majority of the reporting and control capabilities needed by most sites can be offered at a much lower price, operators deploying the Alcatel-Lucent 7750 SR and 7450 ESS are able to provide application assurance to the majority of enterprise VPN sites supported over their network. Additionally, the ongoing operational savings through deployment simplication (logistics, installation, provisioning, assurance and maintenance) of a network-based solution are very compelling. The use of network-wide AA-BVS reporting, which is operationally simple and cost-effective to congure, provides a level of insight into network use not available in todays VPN service networks. This enables the operator to target specic up-sell opportunities to other premium services, including a complementary portfolio of CPE devices that can be offered in specic cases. An example of this would be for data compression. If the objective for the enterprise is to send less data for the same amount of information over the WAN service, this can only be accomplished in the CPE. The Alcatel-Lucent AA-BVS solution relies on the Application Assurance feature set of the Alcatel-Lucent Service Router Operating System (SR-OS), including the purpose-built Alcatel-Lucent Application Assurance Integrated Services Adapter (AA-ISA). The AA-ISA is an integrated processing adapter for the Alcatel-Lucent 7x50 routing and switching portfolio. The AA-ISA is a hardware module that can be hot-inserted into the existing chassis of the Alcatel-Lucent 7450 ESS or Alcatel-Lucent 7750 SR to provide application assurance. It provides stateful, pattern- and stringbased identication of applications to enable dynamic per-service, per-site and per-application QoS policy control. Target application trafc ows are directed to the AA-ISA module via the routers backplane and fabric so no external connections are required. Trafc ows are identied and subjected to a set of Application QoS Policy (AQP) rules comprising match and action criteria that determine the QoS treatment applied. This enables any combination of passive monitoring and reporting, active bandwidth and/or ow policing, and ow-based QoS re-marking to enable per-application services all at line speed. Each AA-ISA module has a total trafc processing capacity of up to 10 Gb/s and is able to handle thousands of VPN sites. The AA-ISA can be congured in 1+1 redundant congurations to provide high availability, or N+1 conguration as well with up to seven active AA-ISA modules per chassis to scale the throughput up to 70 Gb/s, providing an industry rst for this level of scalability and performance.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

The Alcatel-Lucent AA-BVS solution is enabled and operated by the service and application management capabilities of the Alcatel-Lucent 5620 Service Aware Manager (SAM) management suite, which includes the Alcatel-Lucent 5670 Reporting and Analysis Manager (RAM). Together, these products provide a comprehensive management solution that enables the operator to extend its existing service network to encompass the AA-BVS. The extended functionality includes the ability to offer application-level reports to customers via self-service portals. The primary functions of the network-based Alcatel-Lucent AA-BVS solution, shown in Figure 5 and discussed in more detail in later sections, are: Application identication provides visibility of applications and their performance behavior over the WAN VPN Application monitoring and reporting provides both application trafc mix statistics, and application problem identification and isolation; generates reports to help enterprise CIOs make informed decisions regarding application performance over the WAN and the services they require. Application assurance enables per-application ne tuning to optimize the performance over the WAN or to prioritize one application above other applications within the same service class; enables true application-level QoS
Figure 5. Alcatel-Lucent Application-Assured Business VPN Services solution
Metro IP/MPLS service edge

IP V

PN

IP VPN application view AA-ISA SAP Netmeeting FTP E-mail HTTP IM

VPLS

VLL

(PW

7750 SR (PE)

VPLS

AA-ISA

VLL

(P

W)

7450 ESS (PE) AA-ISA 7750 SR 7750 SR IP/MPLS WAN backbone 7450 ESS (PE) 10 GigE Data center Self care portal

Metro IP/MPLS service edge

7750 SR
IP V PN

7750 SR AA-ISA AA-ISA 7750 SR (PE)

VPLS

IP VPN

VLL

(PW

7750 SR (PE)

HQ

Accounts dept Manufacturing dept Sales dept HR dept IT dept

VPLS

AA-ISA 7450 ESS (PE)

VLL

) (PW

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

The network example shown in Figure 5 illustrates: Integrated application recognition and assurance functions into the Alcatel-Lucent 7750 SR and 7450 ESS situated at the edge of the network. The number of managed network elements and overall power consumption can be dramatically reduced. The AA-ISA interoperates with all existing interfaces on the Alcatel-Lucent 7750 SR and 7450 ESS to enable stateful application trafc ow inspection and application assurance for small, medium or large enterprise Layer 2 or Layer 3 VPN services. Complete application management by the Alcatel-Lucent 5620 SAM and 5670 RAM management suite; operators do not need to maintain multiple management interfaces and configurations. The AA-BVS solution enables the operator to offer a service web (self care) portal to its enterprise customers who can then view application performance reports per site, per VPN or per application group. 3.1 Application identication To address the performance of an enterprise customers applications over the WAN, the operator must rst have visibility of the applications. Most enterprises do not know how their applications behave because they have poor visibility of them. With a CPE-based solution, even prior to dening the application SLA, the operator has to deploy expensive equipment to enable application visibility and analyze end-customer application behavior. The Alcatel-Lucent network-based AA-BVS solution enables visibility through its per-application identication. This is provided using: Real-time analysis on OSI Layers 3 to 7, to dynamically identify and intelligently meter traffic ows, applications and underlying protocols The ability to identify business applications or traffic flows using IP address prefixes and ports, HTTP strings, Differentiated Services Code Point values or trafc direction in addition to protocol signatures to detect end-to-end application and ow performance behavior Advanced application identification techniques based on flow pattern and packet behavioral analysis (for example, IPSec) and statistical or algorithmic analysis New application detection and distinctive verification of applications relying on the well-known TCP/UDP port application identication, as well as identication of rogue or unwanted trafc Enterprises are looking to the operator for better visibility of application performance over the WAN and are willing to pay for this service, as discussed earlier in this paper. The exible AlcatelLucent AA-BVS solution enables the operator to implement application assurance as a permanent feature of a purchased Layer 2 or Layer 3 VPN service or as a value-added feature for an additional monthly fee. With the Alcatel-Lucent AA-BVS solution, shown in Figure 6, the service-aware VPN (top) can be easily and cost-effectively transitioned to an application-aware VPN (bottom), providing the operator with full visibility of the enterprise applications running over the WAN VPN. This provides the following immediate benets: Identification of applications and their performance behavior (that is, real-time volume and performance statistics per customer, per VPN, per site) Better understanding of how the enterprise customers applications are traversing the WAN and deeper insight into how to base-line business-critical application trafc to improve performance Ability to identify business applications and prioritize them appropriately to ensure the enterprise experiences consistent end-to-end application performance

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Figure 6. Enabling visibility through per-application identification on the Alcatel-Lucent 7450 ESS and 7750 SR
Service-aware VPN

Voice (EF) 10 Mb/s CPE IP VPN CIR = 10 Mb/s PIR = 10 Mb/s Video (EF) Business data (AF 2) HSI (BE) Seamless integration 7450 ESS and 7750 SR

SME or large enterprise Application-aware VPN

7750 SR

Upgrade to AA-ISA

File transfer SAP E-mail Voice (EF) 10 Mb/s CPE IP VPN CIR = 10 Mb/s PIR = 10 Mb/s Video (EF) Business data (AF 2) HSI (BE) Videoconferencing CIFS Citrix Remote access Oracle HTTP VoIP SME or large enterprise 7750 SR Streaming video

Corporate Private

E-Learning YouTube IM Web browse

Scavenger apps

3.2 Application monitoring and reporting The Alcatel-Lucent AA-BVS solution relies on application identication to provide a network-based application monitoring and reporting capability. This information is critical for enterprises as they are faced with operational challenges alongside increasing cost constraints. Without an application reporting capability, they are running blind. The Alcatel-Lucent AA-BVS solution provides extensive ow accounting and statistics reporting capabilities for both overall application performance and bandwidth usage, including: Per-protocol, per-application, and per-application-group volume and performance statistics; these are generated using the Alcatel-Lucent SR OS accounting for Layer 2 and Layer 3 VPNs (every byte, packet and ow for every application is counted, not sampled) End-to-end application volume statistics between VPN sites and servers Individual IP flows or an aggregated snapshot of IP flows for each VPN site The AA-ISA modules in the Alcatel-Lucent 7750 SR or Alcatel-Lucent 7450 ESS aggregate the application ow information. A comprehensive set of application statistics are then sent to the Alcatel-Lucent 5620 SAM at predetermined reporting intervals, which can be as frequent as every ve minutes. This allows for maximizing aggregation benets when mapping extremely large volumes of per-ow trafc counters. This information is passed to the Alcatel-Lucent 5670 RAM, for network-wide correlation and aggregation into graphical usage reports, trending information, and so on, as shown in Figure 7. The wealth of application usage and performance information that can be collected through the AlcatelLucent AA-BVS solution is very valuable for SLA reporting and helps enterprises determine how their applications are performing over their WAN VPN.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Figure 7. Alcatel-Lucent AA-BVS solution provides fine-grain application monitoring and reporting

Enterprise self service portal Run reports via Web browser Aggregated application assurance stats 5670 RAM report/ Web server

Application assurance stats 5620 SAM redundant servers 5670 RAM aggregator and data warehouse

Multi-format le reports

Threshold crossing triggered reports and e-mail notication

AA-ISA 7450 ESS Multiple policy touch points HQ IP VPN Metro aggregation AA-ISA 7750 SR AA-ISA 7450 ESS IP/MPLS backbone AA-ISA 7750 SR

Branch

Web apps

Figure 8 provides just a small sample of application reports that the operator can create and access via the web with the Alcatel-Lucent AA-BVS solution. The reports help the operator to ensure enterprise application performance metrics are met, to optimize WAN performance, and to identify and correct application-level faults quickly. The operator can offer an extensive array of detailed reports, through consultancy for example, to help the enterprise plan its WAN VPN service needs, based on the usage and growth of its business-critical applications.
Figure 8. Detailed application reports the operator can view

Per-VPN reporting

Per-site analysis reporting

Application analysis reporting

10

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Table 2 highlights the type of information available in each sample report shown in Figure 8.
Table 2. Type of information collected by reports shown in Figure 8
Per-VPN reportInG Per-sIte anaLYsIs reportInG AppLIcatIon anaLYsIs reportInG

This type of report provides information on: This type of report provides information on: This type of report provides information on: Top applications per VPN Trend and usage within a specified time span Application trend and usage within a specified All applications and protocols Top applications per site time span Top source and destinations sites per application Multimedia application distribution Instant messaging application distribution

With the application report management engine delivered by the Alcatel-Lucent AA-BVS solution, operators have the option, via a web-based interface, to create, run, schedule, view, and organize pre-dened or customized reports to help differentiate their VPN service and meet the exacting application reporting requirements of their enterprise customers. The Alcatel-Lucent 5670 RAM, in conjunction with the Alcatel-Lucent 5620 SAM, has the capacity to raise an alarm (or threshold) when specic data rate limits for a VPN service or application are reached. This enables the operator, through the Alcatel-Lucent 5620 SAM, to apply a policy to react to real-time conditions and optimize network VPN behaviors related to the CoS. The Alcatel-Lucent AA-BVS solution enables the operator to add further value with a web-based service portal providing the enterprise with access to regularly distributed reports, as shown in Figure 9. The service portal enables the enterprise to: Monitor applications on a per-VPN or per-site basis View near-real-time reports and archived reports Request or change application treatment as well as request application diagnostics
Figure 9. Enterprise web (self care) portal

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

11

Providing these monitoring and reporting tools through a self serve portal on an operators existing VPN service greatly enhances the operators value to the enterprise, because it gives the enterprise clear and factual information regarding its applications. Without having to incur truck roll-outs, and the CAPEX associated with a full CPE-based solution, enterprises are willing to pay for these monitoring and reporting tools as they provide an immediate benet to them. With this information, the enterprise can optimize business operations through enhanced application monitoring and performance. For the operators, the ability to report and monitor applications within the VPN provides numerous benets, including: New revenue potential providing performance and capacity planning reports to enterprise customers, helping IT directors to understand how their applications are performing, so they can make informed decisions for bandwidth optimization. Decisions within the enterprise become more fact-based and focused on the business relevance of a given application for the core business. Value-added service through the enterprise web portal Incremental pull-through revenue on the base VPN services being offered as enterprises can understand where and when incremental bandwidth will have the desired effect on application performance, and more readily justify VPN services costs to their CIO. VPN service differentiation to avoid price erosion and solidify customer loyalty 3.3 Application assurance The third capability delivered by the Alcatel-Lucent AA-BVS solution is the ability to control the applications within the customers Layer 2 and Layer 3 VPN service. This assurance capability enables the operator to apply specic AQP rules to achieve the desired performance result for an application. The Alcatel-Lucent AA-BVS solution enables operators to deliver: Extensive per-application policy enforcement with granular bandwidth shaping, policing and prioritization dened on a per-VPN basis, to intelligently control and categorize application trafc based on policy. The operator now has the ability to align the enterprises application services with its business needs, and to treat application trafc accordingly without introducing costly CAPEX, and with a quick time to market for an immediate benet. Deterministic end-to-end application behavior through application performance optimization, application-based network path selection, application admission control and application-level mirroring The Alcatel-Lucent AA-BVS solution enables the operator to dene per-application SLA guarantees to ensure consistent end-to-end performance of business-critical applications. In the following example the enterprise customer has bought Application Assurance Reporting and Control as a service from the operator. Figure 10 illustrates how one of the enterprises VPN service forwarding classes is selected and directed to the AA-ISA module. The application ows within the forwarding class are identied and then subjected to a set of AQP rules comprising match and action criteria that determine the QoS treatment applied to each application all at line rate.

12

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Figure 10. AA-BVS solution provides application assurance for business and Internet traffic
Divert P2, P0 AA-ISA E-Learning AQP SAP Netmeeting FTP Email P4 P2 P2 P2 AA-ISA E-Learning IM Web browsing YouTube P2 P0 P0 Rate limit HQ

Voice (P5) Tenant #1 IP VPN CIR = 6 Mb/s PIR = 6 Mb/s Service #1 10 Mb/s CPE Service #2 VPLS CIR = 4 Mb/s PIR = 4 Mb/s Service #2 IP/MPLS service aggregation and edge (7450 ESS or 7750 SR) Business data HSI Video (P4) Business data (P2) HSI (P0)

Internet (YouTube)

Branch ofce

The branch ofce CPE, on the left, provides limited classication for the IP VPN service and has no visibility of the individual applications. The IP VPN service is aggregated on the operators Alcatel-Lucent Ethernet Service Switch or Service Router at the metro or service edge. The SAP business application needs to be assigned a higher priority to meet the enterprise performance SLA. The SAP application is currently assigned to Priority 2 (P2) forwarding class. The operator has already diverted the P2 Business traffic to the AA-ISA and can quickly identify any performance issue with the SAP application using the Alcatel-Lucent 5670 RAM. The AA-ISA identifies the SAP application based on its unique signature and the operator denes a policy to re-mark the SAP application trafc from P2 to the higher priority P4 forwarding class, while leaving other P2 Business trafc alone. The trafc ow is then forwarded as normal all at line rate performance. The SAP application traffic now receives a prioritized treatment over the WAN IP VPN service in line with the enterprise SLA. The Alcatel-Lucent 5620 SAM ensures the application QoS policy is maintained until the operator is ready to change it. The IT director of this enterprise has also identied to the operator that it relies on an e-learning service provided over the Internet to train its staff. The current performance of the e-learning application is unacceptable and the staff is reluctant to take the training, which is affecting the competitiveness of the enterprise. The operator, after investigating the situation, takes the following action: High-speed Internet (HSI) traffic, which includes e-learning, is currently classified as best-effort and assigned to priority class P0. The operator diverts the P0 HSI traffic to the AA-ISA and can quickly identify any performance issue with the e-learning application using the Alcatel-Lucent 5670 RAM. Using the monitoring and reporting capability, the operator also identies that YouTube activity is very high and uses up valuable bandwidth. The AA-ISA can distinguish the e-learning application from all other Internet traffic by stateful monitoring of IP ows and matching the specic HTTP string for the e-learning Internet application. The operator denes a policy to re-mark the e-learning application trafc from P0 to the higher priority P2 forwarding class while leaving other P0 HSI trafc alone. The operator also defines a policy to police YouTube traffic, which helps optimize overall bandwidth usage. The e-learning traffic now receives a prioritized treatment over the WAN VPN service in line with the enterprise SLA. The Alcatel-Lucent 5620 SAM ensures the application QoS policies are maintained until the operator is ready to change them.

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

13

Another challenge facing this enterprise is the effect on bandwidth availability and performance of its site VPN connection once they deploy teleconferencing. The enterprise needs to be assured that it can control the number of teleconferencing sessions so they dont overwhelm the 10 Mb/s bandwidth, which could cause unnecessary congestion and impact other business-critical applications. The enterprise wants to add teleconferencing without paying for additional bandwidth. The AA-BVS solution enables the operator to address this issue by applying application session admission control and classication specic to the site VPN interface. The example shown in Figure 11 illustrates how the AA-BVS solution can control the number of video application sessions, for example, to a maximum of two 5 Mb/s video sessions on the 10 Mb/s VPN service. The AA-BVS monitoring and reporting capability will provide full visibility of the video application ows and the performance impact on the other applications to that site. This capacity planning capability is provided without resorting to CPE marking or deploying an expensive CPE application-aware appliance.
Figure 11. Application session admission control on the enterprise site VPN connection
Operator view

Branch 5620 SAM 5670 RAM

Divert video (P4) AA-ISA

Video Voice (P5) 10 Mb/s Voice CPE Video ows IP VPN Video (P4) Business data (P2) HSI (P0)

Teleconference, video (5 Mb/s)

AA-ISA

SAP server

7450 ESS or 7750 SR aggregation

Teleconference, video (5 Mb/s) Branch

Overbooked resources need application-based session control beyond what DiffServ QoS provides. With the AA-BVS solution, the operator can now enable intelligent application ow control based on: Application-level admission control in line with available site VPN bandwidth and the agreed overbooking metric Admission control on the maximum number of session flows allowed, such as limiting to two video ows, as shown in Figure 11. The third video ow is policed and identied in the AlcatelLucent 5670 RAM reports Admission control on the rate of session flows set up within a given timeframe for example, the operator can limit the network to admitting ten video session ows every 10 minutes to ensure consistent performance

14

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Enterprises will appreciate this improved level of responsiveness from the operator and the ability to optimize the performance of their business-critical applications over the WAN VPN service. Enterprises can experience the value rst hand and will be willing to pay the additional fee for application reporting and control, which the operator is able to provide more cost effectively than the enterprise would be able to do in-house.

4. New revenue potential with the Alcatel-Lucent AA-BVS solution


The Alcatel-Lucent AA-BVS solution enables the operator to realize additional VPN revenue quickly and at a lower cost while addressing the enterprises application performance requirements. As identied earlier in this paper, enterprises are willing to pay for application visibility and optimization over their WAN VPN service. The nancial business case described below examines the commercial value to operators of offering new application assurance service options that augment their current Layer 2 and Layer 3 business VPN services. The business case looks at the following two new billable service options, enabled by the AA-BVS solution: Application reporting service the reporting service provides detailed application monitoring, reporting and analysis of data traversing the enterprises VPN. Enterprise customers are able to view detailed application-centric reports via a web portal provided by the operator. Application reporting and control service In addition to full reporting capabilities, the enterprise can control the use of its VPN resources in alignment with its business application priorities, via the same web portal. Operators can up-sell these new application service options for an existing or new VPN service and garner additional service revenue with a small investment. The new application service options can be structured as an incremental monthly recurring charge applied as a percentage of the base VPN monthly recurring charge for each site that uses these service options. In this business case, a ve percent incremental charge is incurred for customers purchasing the application reporting service, and a ten percent incremental charge is incurred for the application reporting and control service. For example, if a customer currently pays a 500 United States dollars per month fee for connecting one of its branch ofces to its business VPN at an access speed of 2 Mb/s, the customer would now have the option to purchase a reporting service for an additional 25 United States dollars per month, or a reporting and control service for 50 United States dollars per month for that branch ofce. For reference, typical monthly recurring charges for VPN connectivity and for new application assurance services used in this business case are shown in Table 3.
Table 3. Baseline monthly recurring charges for a VPN site
Access speeD for VPN sIte MonthLY recUrrInG charGe for VPN connectIvItY (IN UNITED STATES DOLLARS) MonthLY recUrrInG charGe MonthLY recUrrInG charGe foR FOR reportInG servIce reportInG anD controL servIce (IN UNITED STATES DOLLARS) (IN UNITED STATES DOLLARS)

2 Mb/s 5 Mb/s 10 Mb/s 100 Mb/s 1000 Mb/s

500 750 1100 2200 4500

25 37.5 55 110 225

50 75 110 220 450

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

15

4.1 Market opportunity The nancial business case data is based on a European operator with a revenue base of approximately 250 million United States dollars and 35,000 customer sites for its VPN service in 2008. The VPN service sites are expected to gradually grow over the forecast period to reach about 45,000 sites. In spite of reasonable site growth, revenue is forecasted to grow only marginally to account for a two percent year-over-year price erosion on VPN services (see Figure 12).
Figure 12. Operator VPN revenue and site forecasts
Service provider VPN revenue forecast 300 Revenue in millions of United States dollars Service provider VPN site number forecast 50,000

250

40,000 Number of sites

200 30,000 150 20,000 100 10,000

50

0 2008 2009 2010 2011 2012 2013 2014 2015 2016

In this business case, application reporting and application reporting and control services are targeted at medium and large businesses. As per IDCs Western European IP-VPN Forecast 2008-2012 report, medium and large enterprises constitute over 92 percent of total VPN sites (see Figure 13). Therefore 92 percent of customer VPN Figure 13. VPN customer distribution by size of business sites are assumed to be addressable, for this operator, by the AA-BVS solution. 4.2 Service penetration and Small <50 7.2% revenue Medium 50 249 36.7% Addressable Based on market requirements and segments the attractiveness of the application Large 250+ 56.1% reporting or application reporting and control services to VPN customers, they are forecasted to achieve a penetration of 30 percent of the addressable VPN sites by Year 3, with penetration hitting a peak of 50 percent by Year 8. Of those enterprises who do purchase the incremental services, it is assumed that 75 percent will purchase the application reporting service, while the remaining 25 percent are expected to purchase the application reporting and control service. The application reporting and application reporting and control services show very healthy revenues, reaching 3.5 million United States dollars in Year 3 and 7.8 million United States dollars in Year 8 (see Figure 14). Cumulative revenues for the eight-year period exceed 41 million United States dollars.
Business category Number of employees Percentage of total VPN sites

16

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

Figure 14. Application assurance service revenue forecasts


Total AA-BVS revenue forecast Reporting and control service revenue Revenue in millions of United States dollars 10

Reporting service only revenue

2008

2010

2012

2014

2016

4.3 Associated service installation and operation costs The operator has deployed the base VPN service over a network based on Alcatel-Lucent 7750 SRs or 7450 ESSs. To enable the application assurance services at all sites, the AA-ISA module is installed in each Alcatel-Lucent 7x50 system deployed at the edge (PE). Also, the Alcatel-Lucent 5670 RAM is installed to provide application reporting and management. All capital costs associated with the incremental Alcatel-Lucent 7x50 hardware, 5620 SAM licensing and 5670 RAM software and SUN hardware (for the Alcatel-Lucent 5670 RAM) have been taken into account. The total capital costs add up to 930,000 United States dollars over eight years. The operation costs, which include initial project costs (IT integration, network integration) and ongoing maintenance, service activation, marketing and customer care, add up to 2.4 million United States dollars over eight years (see Figure 15). Also, the weighted average cost of capital is set at a conservative rate of 12 percent.
Figure 15. Application services cumulative discounted cash flow
Cumulative discounted cash ows 9 Revenue in millions of United States dollars Year Revenues Expenses Investments CDCF 8 7 6 5 4 3 2 1 0 -1 1 0.22 -0.31 -0.32 -0.33 2 1.28 -0.17 -0.15 0.15 3 3.50 -0.29 -0.28 1.45 4 5.90 -0.34 -0.12 3.69 5 7.20 -0.34 -0.02 6.22 6 7.65 -0.34 -0.01 8.62 7 7.78 -0.34 0.00 10.80 8 7.81 -0.35 -0.03 12.74

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

17

The overall business case is highly protable for the operator. With cumulative revenues in excess of 41 million United States dollars on a capital investment of just 930,000 United States dollars and operating costs of 2.4 million United States dollars, operators get a very healthy net present value of 12.75 million United States dollars over the duration of the project. Return on investment is achieved in a relatively short period of only 20 months. Consequently, providing the new application reporting or application reporting and control services to VPN customers presents an excellent opportunity for operators to grow their revenue. In addition, by strengthening their VPN service offering, operators increase customer satisfaction, which in turn contributes to customer retention. Signicant service differentiation also provides protection from VPN service price erosion. Enterprises benet as they now have the necessary tools to identify and manage their application trafc over their WAN VPN service effectively, leading to improved application performance and cost-optimized usage of VPN resources.

5. Conclusion
Application enablement with the Alcatel-Lucent Application-Assured Business VPN Services solution delivers real benets to help operators align their service offerings with enterprises business objectives and application performance goals. By enabling network-based application performance assurance for business VPN services, operators can clearly differentiate their VPN service offerings from competitors. Operators can do this while cost effectively reaching the majority of their customers sites and dramatically shortening the time to market in comparison with comparable CPE-based approaches. The Alcatel-Lucent AA-BVS solution meets head-on one of the key business challenges for enterprises today: ensuring that their business applications are operating as efciently and cost-effectively as possible. With the solution in place, operators can tell enterprises exactly what applications are running on their VPNs and how they are running, and they can deliver detailed reports on the efciency of their business services. They can also provide enterprises direct access to this information through self-serve web portals. The Alcatel-Lucent AA-BVS enables operators to introduce a variety of tiered business VPN service plans, aligning application services with stringent SLA requirements. This enables the operator to support enterprises business objectives more directly, and helps the operator to strengthen its relationship with its customers. This enhanced relationship provides increased opportunities for up-selling services to the enterprise. The new service capabilities also translate directly to increased revenue opportunities, at minimal cost, and with a faster time to market. By entrenching a competitive differentiator in its service offerings, the operator is safeguarding future revenue streams from price erosion, and reinforcing customer stickiness something that is extremely valuable in todays highly competitive market.

18

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

6. Abbreviations
AA-BVS AA-ISA AQP CDCF CIO CIR CoS CPE ESS FTP HA H-QoS HSI ICT IM OAM PE PIR PW PWE3 QoS RAM SAM SME SR SR-OS TCP UDP VLL VoIP VPLS VPN VPWS WAN WOC (Alcatel-Lucent) Application-Assured Business VPN Services (Alcatel-Lucent) Application Assurance Integrated Service Adapter application quality of service policy cumulative discounted cash ow Chief information officer committed information rate class of service customer premises equipment (Alcatel-Lucent 7450) Ethernet Service Switch le transfer protocol high availability hierarchical quality of service high-speed Internet information and communication technology instant messaging operations, administration and maintenance provider edge peak information rate pseudowire Pseudowire Emulation Edge-to-Edge quality of service (Alcatel-Lucent 5670) Reporting and Analysis Manager (Alcatel-Lucent 5620) Service Aware Manager small to medium enterprises (Alcatel-Lucent 7750) Service Router (Alcatel-Lucent) Service Router Operating System Transmission Control Protocoal User Datagram Protocol Virtual Leased Lines voice over Internet Protocol Virtual Private LAN Service virtual private network virtual private wire service wide area network WAN optimization controller

Overcoming Application Performance Challenges with Application-Assured Business VPN Services | Application Note

19

www.alcatel-lucent.com

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright 2009 Alcatel-Lucent. All rights reserved. CAR4688090107 (03)

Vous aimerez peut-être aussi