worker sites: Mobile users tend to access the
company network using an asynchronous dialup connection through
the telephone company or access the corporate intranet using
broadband Internet service and the VPN client software on their
laptops. Teleworkers working from home can also use a VPN
tunnel gateway router for encrypted data and voice traffic to
and from the company intranet. These solutions provide simple
and safe access for branch offices or SOHOs to the corporate
network site according to the needs of the users at the
sites.
Content 1.1 Enterprise
Networking 1.1.4 Remote Connection
Considerations These are the typical considerations for
setting up a remote-site WAN connection as shown in Figure
: - Multiple access options: Remote users connect
to the branch site using various media. Branch site WANs must
allow for multiple media options and simultaneous access by
multiple users. The branch office must also have connectivity
to the central or small home/small office (SOHO) site. Although
a remote site may have a variety of equipment, the site does
not require the same level of complexity as the central site
requires. Examples of WAN technologies that are used to connect
a remote site to the central site include:
- Leased
line
- Broadband services (cable or DSL)
-
Frame Relay
- ISDN (still in use but becoming a legacy
technology)
- Cost: Depending on the
traffic types and connectivity requirements, designers
typically consider various connectivity options including
permanent or on-demand, public and private networks, and other
options as required.
- Access control: To
prevent unauthorized traffic, routers and firewalls use a set
of rules that permit or deny certain traffic. IT staff apply
access control to router interfaces and configure them to
control which data sessions pass and which sessions fail.
- Secure connectivity: Remote sites and mobile
workers can gain secure access to corporate intranets by using
VPN solutions, such as IPsec VPN or MPLS VPN.
-
Authentication: The remote site must be able to
authenticate itself to the central site.
-
Redundancy: In internetworking, duplicate devices,
services, or connections can perform the work of original
devices, services, or connections in the event of a failure.
Branch offices typically require more redundancy than SOHOs or
mobile teleworkers.
- Infrastructure
availability: Service providers may not offer certain WAN
services in some regions. This consideration generally becomes
more critical as sites are set up in more remote
locations.
Example: Integrated Services for
Secure Remote Access
Figure shows an example of a
converged network with integrated services. Many companies have
upgraded their remote connections using modems and dial up
access and now use digital subscriber line (DSL) and cable as
advanced physical layer technologies. They also use MPLS VPNs
and IPsec VPNs as two of the advanced secured connectivity
technologies. Broadband technology uses existing telephone and
cable television infrastructures to provide high-speed access
to the Internet. Generally, a speed of 128 kbps is adequate for
most users. However, while there is no universal definition of
broadband, Cisco uses the U.S. Federal Communications
Commission (FCC) definition of advanced telecom or high speed
to be 200 kbps or greater. Broadband allows remote office staff
and SOHO users to connect to the central site at higher data
rates than are available with traditional on-demand
technologies. High-speed broadband access to the Internet
through a broadband point of presence (PoP) and then to
corporate networks using secure VPNs is a reality for many
users in the networked world today. This broadband access has
the potential to improve employee productivity and to provide a
foundation for new voice and video business services over the
Internet. Many corporations and educational institutions have
instituted broadband solutions for access by suppliers,
customers, and staff. The use of the Internet for secure
site-to-site connectivity using VPNs is increasing, especially
for less critical traffic.
Content 1.1
Enterprise Networking 1.1.5 Intelligent
Information Network The Cisco Intelligent Information
Network (IIN) vision is a strategy that meets the evolving role
of the network within businesses and directly meets the need to
align information technology (IT) resources with business
priorities. The Cisco IIN vision has three key features:
- Integration of networked resources and information
assets: Modern networks with integrated voice, video, and
data allow IT departments to link the IT infrastructure more
closely with the information network.
- Intelligence
across multiple products and infrastructure layers: The
intelligence built into each network component extends network
wide and applies end-to-end.
- Active participation
of the network in the delivery of services and
applications: With added intelligence within network
devices, the IIN makes it possible for the network to actively
manage, monitor, and optimize service and application delivery
across the entire enterprise environment.
With these
features, the IIN offers much more than basic connectivity,
bandwidth for users, and access to applications. The IIN offers
end-to-end functionality and a centralized, unified control
that promotes true business transparency and agility. The IIN
vision offers an evolutionary approach. Functionality can be
added to existing network infrastructure as required in three
phases: - Integrate transport: IIN consolidates
data, voice, and video into an IP network for secure network
convergence. By integrating data, voice, and video transport
into a single, standards-based, modular network, organizations
can simplify network management, generate enterprise wide
efficiencies and reduce infrastructure costs. Network
convergence also lays the foundation for a new class of
IP-enabled applications delivered through Cisco IP
Communications solutions.
- Integrate services:
When convergence is complete, the network will pool and share,
or virtualize, resources to meet the changing needs of the
organization more flexibly. Integrated services unify common
elements including storage and data center server capacity. By
extending virtualization capabilities to encompass server,
storage, and network elements, an organization can use all of
its resources more efficiently. In addition, shared resources
across the IIN provide services in the event of a local systems
failure, which enhances business continuity.
-
Integrate applications: The third phase is
Application-Oriented Networking (AON). AON focuses on making
the network “application aware” so that the network can
optimize application performance and deliver networked
applications to users more efficiently. In addition to
capabilities such as content caching, load balancing, and
application-level security, Cisco AON makes it possible for the
network to simplify the application infrastructure by
integrating intelligent application message handling,
optimization, and security into the existing network.
Content 1.1 Enterprise Networking
1.1.6 Cisco SONA Framework IIN helps
organizations meet new IT challenges including deploying
service-oriented architectures, web services, and
virtualization. Cisco Service-Oriented Network Architecture
(SONA) is an architectural framework that details the set of
common services that are deployed in the network to close gaps
between the resources and applications. Cisco SONA describes
how to build an IIN. The Cisco SONA framework provides these
advantages to enterprises as shown in Figure :
- Outlines the path toward the IIN
- Illustrates how
to build integrated systems across a fully converged IIN
- Improves flexibility and increases efficiency resulting in