White Paper

Cloud Service Assurance: Deliver Reliable Cloud Service on a

Network

What You Will Learn

Cloud services offer potential cost and efficiency benefits, but organizations have been hesitant to move applications
to the cloud, especially those critical to the business, because of the lack of service assurance for application
performance and availability. The hesitance to adopt cloud services has in turn posed a dilemma for service providers
as they attempt to forecast demand and plan to develop data center assets. Now, a technology framework within the
Cisco® Unified Service Delivery environment allows service providers to take full advantage of their data center and
the Cisco IP Next-Generation Network (IP NGN) to deliver cloud service assurance for application performance and
availability.

This white paper provides an overview of the need for cloud service assurance and the evolution of application
performance management solutions. It then describes the Cisco technologies and platforms in the data center and
Cisco IP NGN that form the Cisco Cloud Service Assurance solution for application performance and workload
mobility and availability, helping organizations to adopt cloud services with longer-term contracts while rewarding
service providers with more predictable revenues.

Overview
Many businesses today, seeking to lower their costs while supporting applications that serve the business,
understand the capital and operational cost savings and benefits possible with the cloud services model. By using
cloud services, businesses can avoid the costs of expanding their data center capacity to meet peak loads, with much
capacity underutilized most of the time, and employing server farms that often sit idle for special projects. Instead,
businesses can use resources from service providers on demand and be environmentally responsible by not wasting
underutilized network and computing resources that must be available to handle unpredictable workload
requirements and seasonal demand fluctuations. To reduce risk as they try the cloud service delivery model,
businesses are now considering a mix of traditional data center application services and cloud-based application
services.

When organizations consider over-the-top (OTT) application providers (such as Amazon Elastic Compute Cloud
[EC2] and Google App Engine), which deliver cloud services over the public Internet, they learn that these vendors
cannot ensure the end-to-end security and performance of their applications. By operating their own private networks
and data centers, service providers can provide cloud service assurance if they implement an appropriate
architecture.

Service providers need to be able to offer SLAs for cloud services that give businesses the confidence necessary to
move mission-critical applications to the cloud. Service providers that implement the Cisco Unified Service Delivery
environment, which includes the many platforms and technologies in the data center and in the Cisco IP NGN, can
gain a competitive advantage by offering Cisco Cloud Service Assurance based on:

● Provisioning workloads efficiently and scaling workloads flexibly in a virtualized environment

● Managing application performance in the data center and over the WAN through application monitoring,
control, and reporting
● Moving workloads between servers and between data centers to ensure high performance and availability
● Ensuring application performance over the WAN with application acceleration and WAN optimization

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 7
 White Paper

The predictability of cloud resource utilization based on SLAs with the Cisco Cloud Service Assurance solution also
allows service providers to use their own resources more efficiently. This solution also opens up new business
partnership opportunities with OTT providers that offer software as a service (SaaS), with the capacity to host their
applications and offer their customers assurance for cloud-based services.

Cisco Cloud Service Assurance provides a competitive advantage that positions service providers to gain new
customers with the offer of application SLAs, which can lead to predictable longer-term service contracts, and to
partner with third-party SaaS providers. This capability enables service providers to better forecast and respond to
shifting demand and therefore offer more agile services and more competitive pricing.

The Evolution of Service Assurance

In 2010, IDC predicted that 40 percent of business customers will purchase information and communications
technology (ICT) from the network cloud between 2012 and 2015, despite a 2009 IDC finding that more than 75
percent of corporate enterprise respondents had major concerns about security, availability, performance, and other
issues when asked about cloud services.

This concern over cloud service assurance is not new. A 2008 Gartner report claimed that the availability of
application-level performance SLAs for cloud services, in response to customer demand, would be a major
competitive differentiator for service providers by 2010. The report described how SLAs have evolved from those
based only on general network performance in Layers 1 through 3 (measuring metrics such as jitter and availability)
to SLAs increasingly focused on network performance for specific applications (as managed by technologies such as
a WAN optimization controller), to SLAs based on specific application metrics and business process SLAs based on
key performance indicators (KPIs) such as cycle time or productivity rate. Examples of KPIs are the number of airline
passengers who check in per hour or the number of new customer accounts provisioned. Customers expect that the
cloud service assurance solution can recognize the difference between a sales order being processed and an
ordinary inquiry.

Customers expect that their critical business processes (such as payroll and order fulfillment) will always be available
and that sufficient resources are provided by the service provider to ensure application performance even in the event
that a server fails or a data center becomes unavailable. This requires cloud providers to be able to scale up data
center resources, ensure the mobility of virtual machines within the data center and across data centers, and provide
supplemental computer resources in another data center, if needed.

With their combined data center and Cisco IP NGN assets, service providers can attract relationships with
independent software vendor with SaaS offerings, where end customers purchase services from the SaaS provider
while the service provider delivers an assured end-to-end application experience.

In addition to SLAs for performance over the WAN and SLAs for application availability, customers expect that their
cloud-hosted applications will have security protection in the cloud hosting environment. In many cases they want the
cloud service provider to improve the performance of applications in the data center and over the WAN, minimizing
application response times and mitigating the effects of latency and congestion.

With their private Cisco IP/MPLS networks, service providers can enhance application performance and availability in
the cloud and to deliver the visibility, monitoring, and reporting that customers require for assurance. As cloud service
providers engineer their solutions, they should consider how they can continue to improve on their service offerings to
support not only network and application SLAs, but also SLAs for application transactions and business processes.

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 7
 White Paper

Use Cases for Cloud Service Assurance

Application Performance Management
One major category of use cases for cloud service assurance is application performance monitoring. Service
providers and businesses are looking for visibility, monitoring, and reporting services for the performance of business
applications over the WAN from the service provider or enterprise data center to multiple locations. Application
performance monitoring includes visibility into application response times, analysis of which applications and branch
offices use how much bandwidth, and the ability to prioritize mission-critical applications, such as those from Oracle
and SAP, as well as collaboration applications such as Microsoft SharePoint and Citrix. Customers are more likely to
adopt a service that provides these service assurance capabilities on a monthly basis, along with corresponding
consulting and application tuning services.

Workload Availability and Mobility

Another category of cloud service assurance use cases is promoting the availability and mobility of virtualized
workloads. To provide cloud services on a large scale and to provide services cost effectively to large enterprise
customers, service providers must be able to provision workloads efficiently and to scale up workloads flexibly in a
virtualized environment. They need to overcome the limitations of their current protocols and expand the number of
connections and virtual machines that they can support, beyond current limits.

● To ensure availability of virtual machine workloads in the event of a server failure in the data center, service
providers must be able to move a virtual machine from one server to another without service interruption.
● To ensure availability of virtual machine workloads if a data center service becomes unavailable, service
providers must be able to move a virtual machine workload from one data center to another without service
interruption.
● To accommodate customers who need to burst a virtual machine workload from an enterprise data center to a
service provider data center during peak workloads without service interruption, service providers need a way
to maintain network awareness of the connections to the virtual machine.
● To ensure that virtual machine workloads can be accommodated, service providers need a way to locate
available resources and determine the best path to connect, allowing a business VPN user to transparently
switch from one data center to another to find and use the most available resources.

Security and Application Acceleration

A third category of cloud service assurance use cases is providing security and application acceleration.

● To provide performance assurance for cloud-hosted applications traversing the WAN to remote users, service
providers need a way to optimize and accelerate application traffic over the WAN from the cloud-hosting data
center.
● To provide security for virtual machines, service providers need security services that are virtualization-aware
and work in a multitenant environment.
● To ensure application response-time performance and to distribute connection requests efficiently, service
providers need server load balancing and application control capabilities.

Cisco Cloud Service Assurance

The Cisco Cloud Service Assurance solution encompasses the intelligence, tools, and capabilities necessary to
provide Application Performance Management (APM) and workload mobility, as well as network services to provide
security and improve application performance.

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 7
 White Paper

Application Performance Management

Cisco APM provides the capability to natively understand the content and context of application traffic and to help
ensure availability and performance of workloads in the cloud. A range of intelligent Cisco products and technologies
perform operations on application traffic to provide greater visibility, prioritization, WAN optimization, application
control, and enhanced security, as determined by business policies and rules. Specific capabilities and the
corresponding products and technologies from Cisco and Cisco partners include the following.

● Performance monitoring: The Cisco Network Analysis Module (NAM) and Virtual Blade for the NAM collect
network performance data and make it available to reporting systems. Cisco NAM can help improve
application performance when paired with Cisco control and optimization solutions, such as quality of service
(QoS) and Cisco Wide Area Application Services (WAAS). Cisco NAM can also accelerate problem resolution
and increase operational efficiency through the ability to enhance troubleshooting, preempting performance
issues with threshold-based, proactive alerts.
● Reporting: Cisco works with various third-party management vendors whose products gather metrics and
report on application performance. Best-in-class Cisco reporting partners include NetQoS, InfoVista, and
Fluke Networks. Their products gather link statistics using Cisco NetFlow and measure application
performance using Cisco IP SLA.
● Application visibility and control: Application visibility solutions provide real-time performance monitoring to
discover applications running on the network, to understand how those applications utilize network resources,
and to measure the performance of critical applications. Application control gives service providers dynamic
and adaptive tools to monitor and assure application performance. Critical applications can be prioritized and
applications not related to the business can be treated with lower priority. Special policies may be provisioned
for customers dynamically and the security behind the firewall may be extended to protect information
resources. Application-aware path optimization matches critical applications to the best path, ensuring
application performance and availability that can be linked to SLA guarantees.
Available in Cisco IOS® Software, Cisco NetFlow efficiently provides crucial instrumentation to support services such
as traffic accounting, usage-based network billing, network planning, security, denial of service (DoS) monitoring
capabilities, and network monitoring. NetFlow provides valuable information about network users and applications,
peak usage times, and traffic routing.

Cisco IP SLA is a feature included in Cisco IOS Software on Cisco routers that can give network administrators the
ability to analyze IP service levels for IP applications and services. Cisco IP SLA is widely used in networks to
generate time-based network and service performance data.

Cisco Network-Based Application Recognition (NBAR) is a classification engine in Cisco IOS Software that can
recognize a wide variety of applications, including Web-based applications and client/server applications that
dynamically assign TCP/IP or User Datagram Protocol (UDP) port numbers. After an application is recognized, the
network can invoke specific services, such as QoS or intelligent path selection, for that particular application. Cisco
NBAR works with QoS features to help ensure that network bandwidth is used efficiently based on defined business
policies.

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 7
 White Paper

Workload Availability and Mobility

Another facet of the Cisco Cloud Service Assurance solution, workload assurance and mobility services, allow
workloads to move within the physical and virtual data center and across different data centers to help ensure
application availability and to locate available data center resources in the cloud. Platforms and technologies that
provide workload assurance and mobility include the following.

● The Cisco Unified Computing System (UCS) unites network, compute, and virtualization resources into a
transparent system that simplifies server setup, improves business metrics, and supports lower-cost, just-in-
time resource provisioning. The system integrates a low-latency unified network fabric with enterprise-class
servers with x86 architectures. Cisco UCS components form an integrated, scalable, multichassis platform in
which all resources participate in a unified management domain. A single system scales to up to a 40 blade
server chassis, 320 compute nodes, and up to thousands of virtual machines.
● Cisco FabricPath is a feature in Cisco NX-OS Software that combines the plug-and-play simplicity of Ethernet
with the reliability and scalability of Layer 3 routing, enabling highly-scalable Layer 2 networks without the use
of a spanning tree. FabricPath allows cloud providers to build resilient, scalable, and simplified Layer 2
switching fabrics that can span the entire data center, providing virtualization deployment flexibility and low-
latency, high-performance computing.
● Cisco Nexus® 1000V Series Switch incorporates the Cisco Virtual Security Gateway (VSG), using
virtualization-aware switching capabilities to provide network awareness for virtual machines. The Cisco
Nexus 1000V Series Switch is integrated with the VMWare hypervisor and sits in the kernel to provide fast
path performance. The switch connects physical workloads with virtualized workloads using Cisco VN-Link,
providing mobility for workloads without network reconfiguration.
● Cisco Overlay Transport Virtualization (OTV) allows service providers to move virtual machines from one data
center to another while retaining their network attributes. With Cisco OTV, service providers can deploy data
center interconnect (DCI) between data centers, with virtual computing resources and clusters spread across
different points of delivery (PoDs) separated by the Layer 3 network in the same data center or in
geographically distributed data centers.
● Cisco Network Positioning System (NPS) on the Cisco CRS-3 Carrier Routing System (CRS) helps to locate
applications, services, and content in cloud service delivery environments. The feature searches the network
from one data center to another, using recommendations for application layers based on accurate information
such as routing protocols, management statistics, and policy databases.

Unified Network Services

● Cisco Application Control Engine (ACE) is a load-balancing and application delivery solution designed for both
physical and virtual data center environments. Cisco ACE (available as a module, appliance, or virtual
module) provides server load balancing, content switching, server offloading, and application optimization.
Server load balancing, the primary capability of the Cisco ACE, is a mechanism for distributing traffic across
multiple servers, offering high application availability and server resource utilization. All Cisco ACE features
reduce the time required to deploy and upgrade applications and the costs and resource requirements
associated with data center application infrastructure.
● Cisco Virtual WAAS (VWAAS) is a virtual appliance that accelerates business applications delivered from
private and virtual private cloud infrastructures to provide an optimal user experience. The appliance runs on
VMWare ESXi hypervisor and the Cisco UCS x86 servers, providing an agile, elastic, and multitenant
deployment. VWAAS is the prime WAN optimization solution that can be deployed in an application-specific,
virtualization-aware, and on-demand configuration.

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 7
 White Paper

● Cisco VSG supplies security to the network and the virtualized infrastructure. It goes beyond IP address, port
numbers, and VLANs, recognizing virtual machines and applying security policies to virtual ports while
following the virtual machine from one data center to another in the cloud. Cisco VSG utilizes an extensible
rule engine to interpret virtual machine context and apply rules accordingly. Cisco VSG can also apply policies
to security zones beyond a VLAN and within a VLAN, so that a service provider can designate one VLAN per
customer and provide a security zone within that VLAN, much like a workload. As a multitenant component,
the Cisco VSG can be deployed in the virtualized data center environment and it can be centrally managed
through APIs so that other portals and orchestration tools can use it as part of an automated provisioning
process. This process is managed by the Cisco Virtual Network Management Center, a centralized console
for configuring policies across a virtualized cloud infrastructure.

Summary of Cisco Cloud Service Assurance Use Cases

Table 1 includes customer use cases and the corresponding Cisco Cloud Service Assurance solution components.

Table 1. Cisco Cloud Service Assurance Customer Use Cases

Function Cisco Cloud Service Assurance Solution Components

Offer an SLA from the service
provider data center to the customer
location
Cisco virtual NAM and Cisco NAM to collect network performance data and make it available to reporting
systems (such as those from Cisco partners NetQoS, InfoVista, and Fluke Networks)
Cisco NetFlow to gather network traffic statistics
Cisco IP SLA to analyze network traffic policies
Cisco NBAR to invoke specific services in coordination with QoS for control of application traffic

Host enterprise customer virtual Cisco UCS as the server platform

machines in the service provider data Cisco FabricPath on the data center switch to provide scaling of Ethernet connections
center with service assurance

Move a virtual machine from one Cisco VN-Link on the Cisco Nexus 1000V Series Switch
server to another without service
interruption

Move a virtual machine from one data Cisco OTV on the Cisco Nexus 7000 Series Switch on both ends
center to another without service
interruption

Burst a virtual machine from an Cisco VN-Link on the Cisco Nexus 1000V Series Switch and OTV on the Cisco Nexus 7000 Series
enterprise data center to a service Switch in both data centers
provider data center

Provide network resources from any Cisco CRS-3 NPS to provide Layers 3 to 7 with application information for best path to content, enabling
data center a business VPN user to switch from one data center to another to find and use the most available
resources

Provide performance assurance for Cisco VWAAS to provide performance acceleration for applications traversing the WAN to remote users
hosted applications and to provide WAN optimization for VMWare vMotion™ events between data centers - technology that
allows for virtual machine mobility between two VMware vSphere™ servers instantaneously with no
application downtime

Provide security for hosted virtual Cisco VSG to provide security for virtual machines in a virtualized environment, operating in a multitenant
machines in a multitenant environment such as a hosting data center
environment

Provide availability and control for Cisco ACE and virtual ACE to provide server load balancing and application control
hosted applications

Why Cisco
The Cisco Cloud Assurance Solution is based on a product and technology portfolio that spans the entire scope of
service delivery infrastructure, from technologies and platforms used for service delivery in the data center through
transport and intelligence in the Cisco IP NGN, and out to endpoints for business and residential subscribers. Other
solutions on the market tend to focus on a few narrow areas, resulting in an environment that perpetuates
disconnected and localized improvements while sacrificing the greater gains obtained from a full optimization across
the entire service delivery environment. As a result, Cisco is in a leading position to assist service providers as they
position cloud offerings.

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 7
 White Paper

Conclusion
With the Cisco Cloud Assurance Solution, service providers can promote cloud offerings that include stringent
application assurance SLAs. This is a powerful new motivator to give customers confidence in cloud-based services
as cost-effective options for mission-critical as well as standard business applications. Service providers can also
take full advantage of their APM-ready infrastructure for SaaS providers, where the service is hosted by the service
provider on behalf of the SaaS vendor.

APM and workload assurance and mobility differentiate service providers from third-party OTT providers, with
application assurance over Cisco Unified Service Delivery environments becoming a significant competitive
advantage.

For More Information

For more information about the Cisco Cloud Service Assurance solution, contact your Cisco account representative
today.

● For information about Cisco Application Performance Management, visit http://www.cisco.com/go/apm

● For information about Cisco Virtual Wide Area Application Services, visit http://www.cisco.com/go/waas
● For information about the Cisco Virtual Security Gateway for Nexus 1000v Switch, visit
http://www.cisco.com/go/vsg
● For information about the Cisco Application Control Engine, visit http://www.cisco.com/go/ace
● For information about the Cisco Network Analysis Module, visit http://www.cisco.com/go/nam
● For information about the Cisco Nexus Data Center Switches, visit http://www.cisco.com/go/nexus

Printed in USA C11-643105-00 01/11

© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 7