Introduction xix Part I Building Blocks for Offering Network Services in the Cloud Chapter 1 Virtualization 1 Virtualization Basics 1 One to Many 2 Many to One 2 Virtualization: A Brief History 3 Server Virtualization 3 Drivers for Server Virtualization 4 Approaches to Server Virtualization 5 Components of Server Virtualization 6 CPU Virtualization 6 Memory Virtualization 7 I/O Virtualization 8 Benefits and Risks of Server Virtualization 11 Network Virtualization 12 Drivers for Network Virtualization 12 Logical Segmentation: One to Many 14 Path Isolation 14 Access Control 17 Sharing Network Services 17 Network Consolidation: Many to One 18 Software Defined Networking 19 Virtualization-Aware Networks 20 Benefits and Risks of Network Virtualization 21 Storage Virtualization 22 Drivers for Storage Virtualization 22 How Storage Virtualization Works 22 Common Implementations of Storage Virtualization 23 Array-Based Storage Virtualization 23 Network-Based Storage Virtualization 23 Benefits and Risks of Storage Virtualization 24 Summary 25 Review Questions 25 References 26 Chapter 2 Arrival of the Cloud 29 Phases of Virtualization 29 Virtualization Enables the Cloud 31 What Exactly Is Cloud Computing? 32 A Little History 34 Trends Driving the Growth of Cloud Computing 35 Impact of the Cloud 37 Spur Innovation and Entrepreneurship Globally 38 Collect and Analyze Big Data 39 Cloud Challenges 41 Security 41 Compliance 42 SLA: Reliability and Performance 42 Interoperability 43 Summary 44 Review Questions 45 References 45 Chapter 3 Cloud Taxonomy and Service Management 47 Cloud Service Models 47 Software-as-a-Service 48 SaaS Stack 49 PaaS 50 PaaS Components 52 IaaS 53 IaaS Components 54 Comparing IaaS, PaaS, and SaaS 55 Scope and Control 55 Evolution 56 Deployment Models for the Cloud 56 Public Cloud 57 Private Cloud 57 Hybrid Cloud 57 Community Clouds 59 Open Clouds: Toward the True Intercloud 59 Cloud Actors 60 Cloud Service Management and Orchestration 62 Service Orchestration 63 Summary 64 Review Questions 64 References 65 Chapter 4 Networks and Services in the Cloud 67 The CIO's Dilemma 67 Increasing Relevance of the Network 69 World of Many Clouds 70 An Even Larger Cloud 70 Growth of Cloud Data Traffic 71 Monetization 73 Service Catalog 73 Network Services a la Carte 74 OpenStack Quantum 75 Network Containers 77 Cisco Network Services Manager 78 Evolution of Network Services for the Cloud 80 Automation 80 Virtualization Awareness and Multitenancy 80 Location Independence 81 Quick Guide to the Rest of This Book 82 Part II: Inside the Data Center Networks 82 Part III: Inside the SP Next Generation Network (WAN) 82 Part IV: Putting It All Together-Cloud Services Delivered 83 Summary 83 Review Questions 84 References 84 Part II Inside the Data Center Networks Chapter 5 Role of the Network Infrastructure in a Virtualized Environment 85 Trends Influencing the Data Center 86 Case 1: Acquisition of a Community Bank 86 Virtualization 87 Cloud Enablement 88 Power and Cooling Considerations 88 Return on Investment 89 Economy of Scale 90 Case 2: Service Provider Enabling New Services and Content to Its Customers 91 Virtualization 92 Cloud Enablement 92 Power and Cooling Considerations 93 Return on Investment 93 Economy of Scale 94 Case 3: Public Utility Companies Offering Smart Technologies to Address Power and Energy Requirements in a More Reliable, Economic, and Sustainable Manner 97 Virtualization 97 Cloud Enablement 98 Return on Investment 98 Economy of Scale 99 Case 4: High-Performance Computing and Low-Latency Applications 99 Virtualization 100 Cloud Enablement 101 Power and Cooling Considerations 101 Economy of Scale 101 Summary of the Use Cases 102 Network Segmentation in the Data Center 102 Multitenancy 106 Network Containers 107 Virtualization-Aware Network 108 Virtual Switching 108 Network Policy 110 VM Mobility 110 Virtual Network Services 111 Fabric Intelligence for Virtual Services 111 Service Overlay 112 Summary 113 Review Questions 113 Reference 114 Chapter 6 Securing and Optimizing Cloud Services 115 Motivations to Design Secure Multitenant Networks 118 HTTP Tunneling 119 Web Proxy/Caching 121 Design Considerations for Securing Multitenant Data Centers 124 Threat: Identity Theft 124 Solution: PCI DSS Compliance 125 Operational Challenges 128 Penalties 129 How the Cloud Model Can Help 129 Information Confidentiality 129 Operational Challenges 132 Penalties 132 How the Cloud Model Can Help 132 How Virtual Security Is Enabled: Solutions and Architectures-Based Approach 134 Traditional Security Approaches as Applied in Virtual Environment 134 Security Containers: Contexts and Zones 134 Segmentation and Access Control Lists 134 Secured Access 135 Application Security 135 Virtual Appliance Approach 135 Cisco ASA1000v Tenant Edge Security Solution 136 Cisco Virtual Secure Gateway 138 Deployment Considerations 138 Summary 141 Review Questions 141 References 142 Chapter 7 Application Performance Optimization 143 Application Architectures in the Cloud 144 Three-Tier App Architecture in the Virtualized World 146 Provisioning and Management 148 Application Performance in the Cloud 148 Drivers for the Transition from Physical to Virtual Network Services 153 Virtualization Awareness 153 Agility, Elasticity 153 Multitenancy 154 Virtualized Application Delivery Solutions 154 WAN Acceleration 154 Server Load Balancing 157 Summary 157 Review Questions 158 Part III Inside the SP Next Generation Network (WAN) Chapter 8 IP NGN Infrastructure That Supports Cloud Services 159 IP NGNs Evolve in Line with the Cloud 160 Role of DCI Technologies in Delivering Cloud Services 162 Key Use Cases Enabled by DCI in the Cloud 162 Workload Mobility in the Cloud 165 Data Center Interconnect Requirements for the Cloud 166 DCI Solutions to Build Virtualized and Distributed Cloud Data Centers 167 Transport Option 1: Layer 2 over Dark Fiber 168 Transport Option 2: Layer 2 over MPLS 173 Transport Option 3: Layer 2 over IP 176 Ingress and Egress Route Path Optimization 178 Summary 182 Review Questions 183 References 184 Chapter 9 Securing Cloud Transport and Edge Using NGN Technologies 187 Security Challenges in the Cloud 187 Key Requirements to Secure the Cloud 188 NGN Solutions to Secure the Cloud 189 Providing Secure Access to the Cloud 190 Internet Protocol Security 192 Transport Layer Security Protocol 200 Datagram Transport Layer Security Protocol 201 Clientless Versus Full Tunnel 201 Securing the Cloud Edge 202 Multitenant Traffic Separation 206 Summary 209 Review Questions 210 References 210 Chapter 10 Optimizing and Accelerating Cloud Services 213 Enhancing Performance of Cloud Applications and Services 213 Role of IP NGN in Optimizing Cloud Applications and Services 213 How Cloud Services Are Placed Today 215 Network Positioning System 215 Cloud Service Placement at an Optimal Location 216 NPS Solution Components 219 NPS Operation 221 Serving Cloud-Based Applications from an Optimal Location 222 Application Layer Traffic Optimization 223 Dynamic Extension of Customer VPNs 224 Accelerating Cloud Services 224 Key Benefits of the Cisco WAAS Solution 225 Summary 228 Review Questions 229 References 229 Part IV Putting It All Together: Cloud Services Delivered Chapter 11 Connecting Enterprises to the Cloud 231 Cloud Aware Enterprise Networks 233 How Enterprises Connect to the Cloud 235 Enterprise Managed Cloud Connector Deployment 235 Cloud Provider-Managed Cloud Connector Deployment 235 Examples of Cloud Connectors 236 Cloud Web Security Connector 236 Webex Cloud Connected Audio 237 Ctera Cloud Storage Connector 238 Cisco Asigra Cloud Connector 240 Future Cloud Connector Concepts 241 Cloud Broker Connector 241 Federated Identity Connector 243 SAML 244 OAuth 245 Cisco Ping Identity Connector 246 Cisco Extensible Cloud Connector Solutions 247 Summary 247 Review Questions 248 References 249 Chapter 12 End-to-End Cloud SLAs 251 Defining and Monitoring SLAs 252 Network Service Provider 253 Colocation Service 255 Application Hosting Service Provider 256 SLA Targets and Penalties 257 SLA Assurance and Methodology 258 SLA Management Framework 260 SLA in a Cloud Environment 262 Complexity of Cloud SLA 262 Service Level Metrics 263 Cloud Service Level Metrics 263 Network Container Level Metrics 264 Component Level Metrics 266 Location/Scope for the End-to-End Measurements 266 Guaranteed SLA 267 End-to-End SLAs 270 Summary 271 Review Questions 272 References 272 Chapter 13 Peeking into the Future 273 Future Clouds 274 The Intercloud 274 Internet Analogy 275 Intercloud Use Case 276 Deeper Dive into the Intercloud Vision 277 Intercloud Challenges and the Role of Networks 278 Internet of Things 280 A Bigger Cloud 281 IoT Use Cases 281 Sensor Networks and IP 285 IoT Challenges: Networks to the Rescue 286 Network Evolution Continues 288 Software-Defined Networking 288 Hybrid Approach 289 Challenges 289 Application-Network Interactions 290 Summary 293 Review Questions 293 References 294 Appendix A Answers to Review Questions 295 9781587142949 TOC 4/23/2013
Huseni Saboowala is engaged at Cisco as a senior technical leader in the areas of Software Defined Networking, Cloud, and Unified Communications. He currently focuses on evangelizing the role of the network and network services in accelerating the adoption of cloud services by enterprises. His proposals have won Cisco-wide recognition and awards, and he continues to cultivate business-driven innovations that further enrich application-network interactions. Within Cisco SRG, he leads the architecture and deployment of a custom private cloud, driving his concept to reality across several groups. He has filed patents and spoken on Cloud and UC to large audiences on several occasions. Before joining Cisco, Huseni held several positions, including at Nortel, TTI (acquired by Sonus Networks), and dynamicsoft (acquired by Cisco). Over the past 18 years, his activities have ranged from solution architecture, design, validation, and deployment to leadership of global teams, innovation coaching, and developing technology strategies. He holds a Bachelor's degree in Electronics Engineering from the University of Bombay, and a Master's degree in Software Engineering from Kansas State University. Muhammad Abid is an innovator who is currently working as a senior product manager in the Services and Routing Group at Cisco. He is engaged in developing the next generation of platforms and innovative technologies that will support data center interconnect and software defined network (SDN) frameworks and play a key role in enabling cloud-based services and applications. Prior to this, he was focused on architecting solutions and driving technology roadmaps across multiple business units for unified communications, collaboration, and threat defense. Before joining Cisco, Muhammad held several positions, including at T-Systems, Padcom, Telcordia, and Latham & Watkins. Over the past 18 years, he has been involved in building innovative products and designing and architecting networks for service providers and enterprises. He has also validated mobility solutions for enterprises and performed technical audits on service provider equipment and networks. He holds a Bachelor's degree in Electrical Engineering from the City University of New York and an Executive Master in Technology Management degree from the Stevens Institute of Technology in New Jersey. Sudhir Modali is a thinker and innovator currently putting his creative mind to work as a product manager at Cisco, working on products that fuel data center and cloud architectures. He currently focuses on the evolving application requirements and the corresponding network architectures that enable some of the biggest cloud services in the world. His expertise comes from multiple positions he has held at Cisco over the past 13 years, including customer support (TAC); QA lead; technical marketing in areas such as service provider, enterprise, and data center networks; and technologies such as data, voice, and video. He has developed and is a major contributor to several certification courses for data center and cloud fields within Cisco. He holds a Bachelor's degree in Industrial Electronics from Shivaji University (Solapur, India).