Application Based Networking
Implementing Utility-Like, Application-Aware Network
Infrastructures
Abstract
Today's enterprise networks are vital to the business process. They're
no longer the arcane domain of a few computer techies; they're
the lifeblood of business information. Today, almost all
business processes rely on a network to link their
applications and users as a single system. Should that network
fail, the entire business may simply shut down. To meet their
tremendous responsibility, today's—and tomorrow's—
networks must deliver the absolute reliability, capacity, and
control needed to effectively act as the business process
transport.
Application-Based Networking
Applications are the driving force behind the business
computing infrastructure; all the computing and network
infrastructure components are there to serve an enterprise's
business applications—the software that is used to operate
and support its primary market activity. Yet most
organizations know very little about which applications are
consuming their network resources—even allowing Doom or
Quake to have the same network priority as their business
applications.
 |
| Figure 1 illustrates the complete enterprise
information technology model. The
model has three components, each with a significant and
vital role in enabling the business process: |
- The Application Infrastructure defines the software
services used by the business to enable its primary market
activity or business tasks. These include ERP, E-Commerce,
Data Warehousing and other software systems that deliver
service to such areas as sales, marketing, and
manufacturing.
- The Computing Infrastructure delivers the data
processing capacity for these applications. Main-frames,
application servers, web servers, database servers and
even end-user PCs and terminals fall into this category. The
computing infrastructure is driven by the development of
more CPU-intensive business applications, and the
increased number of personnel "on-line" within
the organization. The average desktop machine reflects
this trend—as the past decade has seen new operating
systems (Windows, 95, NT, etc.) and applications
(SAP/R3,WWW, etc.) drive its processing power from 286 to
Pentium II and beyond.
- The Network Infrastructure must provide reliable and
efficient data transport between the users of business
applications, since these applications are generally
centralized and used by many clients. The more personnel
or departments need to use business applications, the more
need for an extended network. In addition, as
client-server applications become more dispersed across
the business campus, users increasingly depend on their
network infrastructure to transport application data.
Finally as computing capacity increases so that more
complex data can be processed in greater quantities, the
network infrastructure must scale accordingly and be able
to prioritize application usage.
Clearly, the application depends on the computing capacity of
the enterprise, but due to the dispersed nature of its users
it also depends on a reliable network data transport system.
If the network fails or delivers inadequate service, the
application process of the business will ultimately suffer. It
is this relationship that has forced the network
infrastructure providers to develop technologies and services
that truly deliver "application-aware networking."
The Role of Networks in the Application Business Process
While the above model describes the three components of a
complete IT system, this section focuses on the role the
network infrastructure plays within that system. It discusses
the services expected from the network, and identifies the
forces that drive the network to scale and evolve. As you will
see, the network is the most complex element of the overall
system, yet is the most needed to enable its success.
Today's businesses operate as a complex system of
departments, responsibilities, and people that must be able to
access and share common data quickly and reliably in order to
meet the larger business goals. As a business grows and
expands into new markets and geographies, it is critical for
it to have a consistent business process and information
infrastructure—simply because to ensure success, a
business's co-dependent elements must be able to share
information rapidly to complete any but the most simple tasks.
The limited windows of opportunity in today's business
world demand rapid access to the needed data or business
process. A salesperson in the field must have ready access to
product availability and pricing data before closing a sale; a
manufacturing department must have access to the marketing
requirements for a product in order to plan its production
cycle. If salespeople can't provide concrete figures, they
can't commit to customers and may jeopardize sales; if
manufacturing is delayed for weeks before getting the data
needed to plan a production cycle, shipmentdatesare affected
and revenue slips.
The network is the enabling element that lets a widely
dispersed enterprise operate as an entity. It allows the
salesperson to access a database of product availability. It
lets marketing analyze data sources to make projections, which
in turn are used by manufacturing's computing systems to
develop production plans. It links the various interdependent
computing systems and the departments that use them.
Figure 2 shows two views of the network. From a
technology—or physical—perspective as shown on top, the
network is merely the infrastructure that connects computers
together. From a communications— or business—perspective
as shown below, the network infrastructure enables people
within the enterprise to communicate and share application data. As
you can see, the network is more than just technology, as it
links the people who make up the enterprise. It allows
dispersed personnel or departments to operate together and
share common information, without having to share a common
physical region.
Requirements of Next Generation Networks
The conduct of business over a geographically dispersed
enterprise places a significant responsibility on your
network. Business processes that travel across a complex
communications network now depend on its efficiency and
reliability. For the network to meet this tremendous
responsibility, it must operate as a coherent system that is
designed to be aware of its role in transporting business
data. Figure 3 shows the three services that the network must
provide to achieve the level of service required in its
business-enabling role.
First, the network must provide application data transport. This
means that it must be able to identify the applications in use
and provide data delivery services tailored to their needs. At
a minimum, key network devices—such as core switch
routers—must be able to examine data for its application
content as it is forwarded through the network. Once key
devices determine the content of data, they should be able to
control the various application-based conversations, so that
throughput of business-critical traffic is expedited, while
non-critical traffic is offered non-preferential network
service. In essence, a network that can provide different
levels of service can follow business rules. A business-aware
network knows that SAP/R3 data is more important to the
company than co-workers obliterating alien invaders at lunch
break.
In addition to the network identifying application data in
use, it should also provide simple mechanisms to map business
rules to the behavior of the network infrastructure.
Policy-based management is the most effective way to enforce
logical rules throughout the system.
A policy-based manager understands the network as a system,
and can implement logical rules throughout the network without
an administrator needing to interact directly with each
element or network device within the system. For example, a
policy-based management system should be able to enforce the
rule "no web surfing between 8 and 11am" across the
entire network. This can be done in many ways including policy
protocols, or global access list management, among others. The
key, though, is that the rule is created via an intuitive
logical policy, and then enforced throughout the entire system
via an automated service.
Finally, there must be system-wide network and application
management. These vital services provide network
administrators and business managers with insight into their
network's operation—ideally both in real time, and through
trend analysis over a historical period. The ability to
view the network as a system and to monitor it proactively is
critical to keeping the complexity and cost of managing it to
a minimum. Obviously, complex and sophisticated network
technology is required to deliver an application-aware
infrastructure. If this technology is implemented without
excellent system-level management, its operational costs—in
terms of time and personnel expended while supporting
it—will be excessive; if this technology is implemented
within a framework of complementary network and system-level
management, its complexity can be controlled and its
operational costs can be dramatically reduced.
To summarize, since the network infrastructure transports
business processes for the enterprise, and since business
processes are built on applications, the network should
operate based upon application-awareness. It should deliver
application data with an understanding of its
business-critical nature; should provide logical controls to
map business policy to a network usage policy; and should
deliver these complex services with comprehensive, system-wide
management that controls the complexity and costs of operating
this network.
How Smart Networks Deliver Application-Based Networking
Today
Customers should ask themselves how their vendors deliver the
network infrastructure that meets the requirements described
above. Enterasys stands alone within the industry in its
position as a provider to the enterprise of complete
networking solutions with application-awareness. Only
Enterasys offers all three services required to fully
implement cost effective, application-aware networking
systems. Figure 4 illustrates the Enterasys Smart Network
components mapped to the services needed for application
support. Application Data Transport— Enterasys's
award-winning SmartSwitches
and SmartSwitch
Routers are the advanced, hardware- based switching and
routing platforms that deliver the data transport, while
fundamentally understanding the application identity of the
packets they forward. They provide tremendous performance, yet
can classify and control traffic based on multi-layer
services.
The SmartSwitch platforms' directory- based networking
architecture enables them to understand the physical,
protocol, and application- level identities of devices
connected to the network— allowing for much greater control
over the edge of the network.
The Xpedition platforms deliver application-based Quality
of Service, accounting and control without any loss of
performance. Their architecture was designed with a
fundamental understanding of application content of packets
built into their Application Specific Integrated Circuits (Asics). Application
awareness is an inherent feature of the entire product family,
rather than an add-on or future enhancement that would degrade
overall performance.
Because the SmartSwitches and Xpeditions are the building
blocks of a Smart Network—designed and delivered with a
fundamental understanding of applications—they provide a
solid foundation for a Smart Network's goal of delivering
application-based networking. System-Level Application Policy
Control—Enterasys's long history of system-level management
and directory-based networking means that Smart Networks can
deliver comprehensive policy control services throughout the system. To
assure that business rules are implemented throughout a system
with a SmartSwitch infrastructure, Enterasys's Enterprise
Policy Server can globally construct policies for
controlling access and prioritizing applications. The
Policy Server then enforces and schedules these rules at a
system level. Other policy services include enterprise
accounting, advanced VLAN-based policy, and user
authentication services. All SmartSwitch products offer
system-level control services that limit the protocols in use
on the entire network to ensure that it delivers only the
protocols that it was intended to (e.g., prevent NetBEUI and
Novell RAW packets while allowing IP-NetBIOS and Novell 802.2
packets over the entire network). If protocol usage was
unchecked, a significant portion of bandwidth could be used by
unnecessary protocols and services—effectively stealing
bandwidth needed by business critical applications.
System-Level Application and Network Management—Finally,
Enterasys is the only networking manufacturer with a proven
expertise in enterprise network management. With almost 10
years of development behind it, Aprisma
Enterprise Manager is the acknowledged best-of- breed
network management platform for large scale multi-vendor
enterprise networks. By leveraging the technologies developed
in and for Aprisma, Enterasys provides the industry's most
comprehensive management suite of services.
Examples of Smart Networks
Given the wide variety of network infrastructure, policy, and
management choices available from Enterasys, the process of
implementing application-aware network components can be
fairly detailed. The remainder of this document will provide
examples of Smart Networks in which differing degrees of
application services are deployed. Each example will show that
even a minimal addition of select application services can
significantly enhance existing networks. More comprehensive
designs using additional application-aware network
technologies would yield even more significant application
control, delivery and management. It is important to note that
the application-awareness of any network can be enhanced by
incrementally adding key technologies without requiring a
wholesale upgrade of the existing infrastructure.
Server Farm Application Services
The simplest change to enhance an enterprise network's
application-awareness is to add application-aware switch
routing at a server farm—or collection of computing
resources that have been centralized for ease of
administration and management. Server farms have increased
in popularity as more corporations rely on intranets (with a
corresponding centralization of IS functions). For more
details on the use of switch routers in server farms, please
refer to "The Roles of Switch Routing Technology in
Today's Enterprise Networks," a Enterasys White Paper
(1998), http://www.Enterasys.com. Figure 5 shows a possible
network configuration in which a Xpedition
8600 acts as the front-end to the server and database
farm, so that it controls all communication to and from the
critical applications housed on the servers.
Since the SSR 8600, like all SSR products, can identify
network traffic by application content, advanced services
can be introduced between the application servers (on the
farm) and their client community (on the rest of the
network). Among these services are:
- Enterprise Application Accounting—With the SSR
8600's Flow Accounting Server (FAS) and back-end billing
and capacity planning applications, the network/business
administrator can see traffic patterns of all data flowing
into and out of the server farm. This provides invaluable
insight into an application's usage and demand by its
users. For example, by monitoring the level of traffic
associated with SAP/R3, the network administrator can
detect that additional servers or higher capacity network
links are needed before the existing ones become saturated. This
proactive planning eliminates costly service interruption
associated with over-subscribed network links or over-used
servers.
- Application Quality of Service and Prioritization—By
mapping business priorities into network policies, the
network administrator can assure that in any conflict over
limited network resources, business critical applications
will be handled with preference. For example, by defining
a QoS rule that makes SAP/R3 more important than HTTP
traffic destined for the Internet firewall, a congested
network will forward SAP/R3 traffic, while buffering or
potentially discarding HTTP traffic.
- Application-Level Access Control—To better
secure the critical server resources, an application-aware
switch router can implement access control lists that
restrict traffic by application, user community,
Intranet/extranet/Internet membership, time of day,
service requested, and many other relevant criteria. This
level of access control provides significant firewalling
to protect services and applications from outside hacking.
For example, by implementing an access control that limits
communication with a server to only intranet users,
Internet-based denial of service attacks would be
prevented—as external (Internet-based) addresses would
be filtered from reaching the intranet server. If a hacker
can't reach the critical server, the risk of such an
attack is dramatically reduced. This level of control can
be gained with no impact in the overall performance of the
switch router, assuring that the network administrator
needn't make compromises while achieving business-defined
needs. High performance can be retained while
business-defined accounting, QoS and security features are
implemented.
This level of control can be gained with no impact in the
overall performance of the switch router, assuring that the
network administrator needn't make compromises while achieving
business-defined needs. High performance can be retained while
business-defined accounting, QoS and security features are
implemented. By introducing a Xpedition as a server farm front
end— with a minimal network change—major application
services are brought into the overall network. Now application
traffic patterns can be identified and accounted for,
different service levels can be defined for accessing the
server farm, and enhanced security policies can be implemented
between the user community and the application servers. These
service additions are a significant step in moving the overall
network infrastructure to be more business application-aware
and sensitive.
Core Switching Services
By incorporating an application-aware routed core and an
intelligent network edge into the SmartNetwork design we can
extend application-awareness beyond the server farm. By using
Xpeditions at the core of the network, business priorities can
govern data transport over a much greater portion of the
network infrastructure. Additionally, by using
SmartSwitch-based policy and management services at the
network edge, an "intelligent" boundary can be
created which can reduce usage of the network core. Figure 6
illustrates such a sample network.
In this design, the network core is built using SSR
8000 switch routers. These devices not only provide
hardware-based routing in the backbone router role, but also
can control how packets are routed and track the traffic
patterns based on the application content of the data. The
network core itself now delivers the critical application
services of Enterprise Application Accounting,
Application-Based Quality of Service, and Application-Based
Security Control. Now the network core directly benefits the
business by always making throughput decisions based on
business priorities, thus using the network capacity most
effectively. For instance, if a core network link becomes
saturated, the switch routers will ensure that SAP/R3 traffic
is delivered before other application traffic, such as
Internet web access. These benefits were discussed previously
in the context of the server farm; in this example, they are
extended to the entire network backbone.
The second area of interest in this design is the intelligent
network edge. By implementing SmartSwitch
2000, 6000,
9000
products, the network edge can begin to exert control and
track upper layer information associated with the end systems.
For instance, SmartSwitches in the wiring closets learn what
devices exist off each port, what their upper layer addresses
are, who they are speaking to, what protocols they utilize and
a host of other data. This information is aggregated into
system-level directories for use in managing and monitoring
the network infrastructure. This invaluable information allows
the network support staff to track down problem devices
instantaneously, and to proactively monitor the status of any
network element without having to periodically contact it. In
addition, SmartSwitches can identify the protocols in use, and
either suppress unwanted protocols (such as NetBEUI) or
prioritize protocols such as Internet Protocol over lesser
protocols, such as AppleTalk.
Coupling system-level policies and directory-based network
management with application-aware core routing, intelligent
edge switching services, and enterprise management creates a
system that understands application usage on the network and
delivers service accordingly. More importantly, such services
are not incorporated at the expense of performance, nor are
they complex to manage. This Smart Network delivers the goal
of application-aware, utility-like networking.
Total Application Networks
The following, final design presents a totally
application-aware Smart Network—from server farm to network
core to wiring closet. End-to-end forwarding decisions are
made in light of business priorities, and knowing the
application content of the data. While this design is
atypical, in that most of today's networks do not require this
degree of application control, the design is valid for the
early adopters of end-to-end application services, and it
previews the technology options available as networks evolve
to become more attuned with their role as the business process
and application transport. Figure 7 shows an
application-centric network design, with a traditional
collapsed backbone routed network. As with the previous
examples, a Xpedition 8600 is used as a server farm front end,
and Xpeditions at the core provide an application-specific
back-bone. However, the network access points—the wiring
closets—use a mix of SSR products to provide
application-aware switching (not routing) for end-users
needing application-level QoS and control to the desktop, in
addition to the SmartSwitch 2000, 6000, 9000 products to
provide network access to general users. These devices operate
under an umbrella of policy-based control and enterprise
network management consisting of Aprisma Enterprise Manager,
the Enterprise Policy Manager, and Advanced service
management— all linked via common directory services. By
having a common management and policy framework over this
network, the business/network administrator can monitor,
configure, and control advanced application services via a
unified interface that understands and relates to business
processes. This overall design extends application-awareness
throughout the network infrastructure. Since the entire
application-based system is controlled under a unified
management and policy umbrella, it realizes the promise of
next generation networks today.
Conclusion
Smart Networking is the only solution set to offer these
advanced offerings today; a fact that reaffirms Enterasys's
leadership in delivering complete networking solutions based
on the real customer demands and business issues driving the
IT infrastructure. Given the model of total IT infrastructure,
and the requirements of next generation networks to support
application-aware services, Enterasys has developed and
continues to enhance the three required areas of service:
- Application-Aware Data Transport
- System-Level Application Policy Control System-Level
Application and
- Network Management
This completeness of vision combined with proven deliverables
makes Enterasys Smart Networks the leader in the migration to
application-aware networking. With a Enterasys Smart Network,
you can be assured that your network will empower your total
IT infrastructure, rather than limit it, both now and in the
future.
|
E-Mail
Related