|
|
Volume 8 Number 4, Fourth Quarter 1996
When network managers assess how they can meet the rapidly escalating demands on their networks, the first reaction often is to consider how many more boxes or circuits they need to add. But the solution to today's internetworking challenges increasingly lies in software. Critical issues such as reliability, scalability, security, and flexibility can best be addressed through a complete, integrated set of software services deployed across the network--this is the range of functions offered by Cisco Internetwork Operating System (Cisco IOSTM) technology.
Consider what we have learned from the recent past. Problems of connectivity, interoperability, and usability were pervasive throughout the early years of the client/server era. Many of these problems were resolved through the adoption of data communication standards, common development toolkits, and the emergence of a dominant client operating system. These same lessons can be applied to today's client/network era. Once again, it's a question of end-to-end standards and pervasive enabling technologies. When deployed from the client stack clear through the corporate backbone and out into the public Internet, Cisco IOS technologies provide the essential building blocks for the next generation of network-enabled business applications.
Many technology providers are converging on these same ideas. Intel predicts that when you boot up a new PC in the year 1998, it will be completely self-configuring, grabbing the software it needs off the network to tailor itself to its surroundings. Microsoft is also talking about Internet-enabled applications, such as a word processor that can search the Web for content and bring back preformatted information. For these applications to work as promised, they will have to know how to get from one router to another, to reserve bandwidth to receive multimedia content, to establish interactive connections, and to maintain security. You can't get there without developing a robust network service layer, a cohesive set of enabling technologies extending from the client to the wiring closet to the backbone and out to the Internet.
To facilitate this vision, Cisco continually makes enhancements to the Cisco IOS software. Our major development initiatives in Cisco IOS Software Release 11.2 are threefold: enhanced security through better encryption technologies and network address translation (NAT) services; Layer 2 Forwarding (L2F) for building virtual private dial-up networks; and multimedia quality of service (QOS) based on appropriate queuing technologies and the Resource Reservation Protocol (RSVP).
This software release is also packaged for greater consistency across all supported platforms. As individual Cisco IOS technologies are embedded in many different types of network devices, companies gain the ability to cost-effectively manage resources via a unified network intelligence. A broad and cohesive set of internetwork software services offers a scalable migration path, allowing for evolution and growth while minimizing the risk of change to the overall information systems infrastructure.
As we work with partners to construct new solutions for network computing, the big picture is much more than just switching and routing. Heeding the lessons of IT history, the most strategic technology investments that companies make are in software. And as the network becomes more critical to the enterprise, Cisco is strengthening the contribution that software makes to the tying together of our computers, our LANs, and our global internetworks.
Stephen DeWitt
Vice President of Marketing,
Cisco IOS Technologies and Network Management
___________________________________________________________________________________________________________
Cisco IOS Software Solutions Ease the Complexity of Growing Networks
The complexity of your enterprise internetwork is increasing every day. More users. More locations. More networked applications. Intranets. World Wide Web access. And more equipment and services to support these communications. Key advantages delivered by Cisco Internetwork Operating System (Cisco IOSTM) software make it easier to accommodate this growth and complexity.
While Cisco IOS software offers an extensive range of capabilities, three Cisco IOS Technologies solution sets are especially beneficial for addressing the needs of growing networks: security, quality of service (QOS), and virtual private dial-up networks.
The solutions in the Cisco IOS software suite offer scalable, interoperable, end-to-end security for enterprise networks, including control for remote access and Internet communications. Specific capabilities include:
Other Cisco security solutions include scalable firewalls, virtual private dial-up networks (VPDNs), and secure intranet and remote access product offerings.
Cisco delivers a solution for end-to-end QOS, covering service requirements from legacy networks to new multimedia applications. Cisco IOS software supports QOS features through:
As the standards for QOS interworking between RSVP and various media are completed, the Cisco IOS implementation of RSVP also will interoperate with Asynchronous Transfer Mode (ATM) and Frame Relay networks to take advantage of their QOS capabilities.
Enterprise networks must accommodate the access needs of a growing number of remote and mobile users, yet building a private access network can be prohibitively expensive. With support for virtual private dial-up networks in Cisco IOS software, service providers can leverage their existing infrastructures to deliver local dial-up access for users of enterprise networks. Cisco's Layer 2 Forwarding (L2F) technology provides a secure "tunnel" for these links to the enterprise gateway.
The Cisco IOS software is the unifying foundation for all Cisco access, routing, and switching products. It offers a universal, open standard for internetworking that reaches from the desktop to enterprise networks to the Internet while addressing the needs of small business, large enterprise, and service provider customers. Cisco IOS software enables Cisco Systems to balance technology features for performance and network services in its products with business requirements for reliability, scalability, security, flexibility, cost control, and manageability of growing networks.
___________________________________________________________________________________________________________
The rise in mission-critical network-based applications and the increasing availability of online information make a rigorous security solution an essential part of a well-designed network. Cisco Systems' security strategy solves real customer issues with a wide variety of hardware and software products to build end-to-end security solutions that are tailored to customer requirements.
A well-planned security solution addresses business issues while protecting valuable information from unwelcome network visitors. The first step is to establish a security policy for several application areas. A comprehensive policy review considers specific security requirements in each area, including:
The four common areas where users require security applications are intranets, the Internet, remote access, and virtual private networks.
Intranet security is a fundamental part of any enterprise network design. While every enterprise network has valuable information to protect, authorized users still need access. For many years, network managers deployed closed data centers or separate networks to provide intranet security, but widely used mission-critical applications and network consolidation call for more robust security.
Electronic commerce, the World Wide Web, and corporate use of the public Internet are some of the many online services companies now offer, but with increased access comes a greater risk of intrusion into corporate assets. Router-based and proxy-server firewall solutions are traditional gatekeepers between public and private networks.
With the explosion of mobile user access and telecommuting, customers want to secure remote user access to their enterprise networks. The challenge is managing multiple access points with either centralized or distributed access scenarios. User authentication becomes a complex issue, with the need for dynamic IP addressing and detailed authentication, authorization, and accounting (AAA) schemes.
A virtual private network (VPN) is any limited-access network that uses a shared transport conduit. This category encompasses everything from a private Frame Relay network to a virtual private dial-up network for mobile users, or a static Layer 3 network among remote offices. With VPNs, customers can lower their WAN costs, expand user access, and enable new online partnerships.
After identifying business drivers and establishing security policies in each application area, network managers must select the appropriate technologies to build a security infrastructure. Rather than deal with point solutions, Cisco considers the ramifications of each technology upon the entire network. No other vendor has a product offering aimed at a complete, network-wide security solution, so customers can customize a solution that meets their needs.
Perhaps the most familiar security solution is the firewall approach, a perimeter security solution deployed between trusted and untrusted networks, such as a corporate-LAN-to-Internet connection. Most firewalls available today have multiple hardware and software components that enforce policy layers to define which users may access which services on either side of the firewall. A Cisco partner or systems engineer can help users identify a solution that will meet the requirements stated in their security policy.
Cisco makes a standalone firewall product, called the Private Internet Exchange (PIXTM) Firewall, which was highlighted in the 3rd Quarter 1996 issue of PacketTM magazine.
Another solution is a firewall based on Cisco Internetwork Operating System (Cisco IOSTM) software, which uses a Cisco router and Cisco IOS software. Many companies already use Cisco routers to connect their enterprise networks with the public Internet or other untrusted networks. A Cisco IOS firewall is a sensible solution that need not require any additional investment and maintenance, as it is integrated with the operating system running end-to-end over a Cisco network. This Cisco IOS-based security solution provides technologies for a complete solution, including:
By implementing some or all of these features, firewall solutions can be either very simple, such as IP packet filtering, or highly complex with application-level filters, or somewhere in between, as defined by the user's security policy.
| NCSA Certifies Cisco PIX Firewall |
|---|
| The Cisco PIXTM Firewall has achieved certification by the National Computer Security Association (NCSA), a leading provider of security, reliability, and ethics information and services. For more information on NCSA, visit their Web site at http://www.ncsa.com.
For details on how the PIX Firewall excelled n recent tests conducted by SRI Consulting (Menlo Park, California), visit the URL http://www.cisco.com. |
With Cisco IOS Software Release 11.2, Cisco adds many new security features to its broad product offering; encryption is among the most strategic.
Network administrators use "crypto-maps" to configure an encryption policy, using extended IP access lists to define network, subnet, host, or protocol pairs for encryption between routers. Cisco IOS encryption uses both asymmetric and symmetric methods for a complete solution: router authentication and network-layer encryption.
Router authentication uses Digital Signature Standard (DSS) public keys between routers for two-way authentication before passing encrypted traffic. As an asymmetric "public key" method, DSS uses a closely held private key for encryption, and a widely distributed public key for decryption. DSS is ideal for authenticating both sender and recipients of a message with very strong proofs of identity.
Network-layer encryption uses Diffie-Hellman exchange to generate a secure Data Encryption Standard (DES) session key to pass data traffic. DES uses a symmetric "secret" key much smaller than DSS keys--as small as 40 bits. The controlled distribution of the key itself is a component of the scheme. These small keys make DES ideal for encrypting and decrypting large amounts of data both rapidly and efficiently.
Another new technology, which is available as a separate add-on to Cisco IOS Software Release 11.2, is Network Address Translation (NAT). NAT provides either static or dynamic IP address translation mechanisms between private and public networks. Installed on routers (as well as on the PIX Firewall) that connect a private network with an outside domain, NAT translates internal IP addresses to "legal" addresses before sending traffic onto a public network. This feature conserves limited IP addresses because multiple intranets can use the same IP address range. It does not require a registered subnet address, so it eliminates host renumbering, saving time and maintenance costs. NAT protects network security because private networks with NAT do not advertise internal addresses or topology over public networks.
A successful security policy is an essential part of today's complex networks. Cisco delivers an approach designed to meet real business requirements and integrate smoothly into each network area, along with a variety of technologies suitable for a truly comprehensive solution.
___________________________________________________________________________________________________________
Q Why is it sometimes difficult for my company, which is based outside the USA, to receive data encryption products from Cisco and other vendors?
Robust data encryption is controlled as a "munitions item" under the International Traffic in Arms Regulations (ITAR) and, as such, is heavily regulated by the US National Security Agency (NSA) and the US Department of State (DoS). Encryption exports beyond the USA and Canada require special license authority from the DoS, which grants licenses based on end users and their intended use of the product, and on the destination country.
| Encryption Policies |
|---|
| Detailed information concerning the US encryption laws, regulations, and Cisco Systems' policies is available on Cisco's Web site at the URL http://www.cisco.com/wwl/export/encrypt.html, or send e-mail queries to export@cisco.com. |
Q What type of encryption does Cisco sell and who is eligible to receive it?
A Cisco sells encryption hardware and software based on the Data Encryption Standard (DES). Cisco's 40-bit DES software images, now supported in Cisco Internetwork Operating System (Cisco IOSTM) Software Release 11.2, can be exported to most destinations without an export license. However, all hardware and software that use 56-bit DES or higher is controlled under the ITAR and requires a US export license for shipment outside the USA and Canada.
With few exceptions, Cisco can export 56-bit and higher DES implementations only to end users that are either US subsidiaries or financial institutions. All other requests are handled on a case-by-case basis by Cisco's Export Compliance and Regulatory Affairs group and require additional license-processing time. Also, some countries control the import, use, and re-export of encryption products. For example, China regulates the use of encryption, while France has control over all these activities.
___________________________________________________________________________________________________________
New Cisco IOS Release Brings QOS Features for End-to-End Solutions
Multimedia applications are fast becoming an essential part of the business productivity toolkit. As companies begin to consider implementing new intranet-based, bandwidth-intensive multimedia applications--such as video training, videoconferencing, and voice over IP--the impact of these applications on the existing networking infrastructure is a serious concern. If a company has relied on its corporate network for business-critical SNA traffic, for example, and wants to bring a new video training application on line, the network must be able to provide guaranteed quality of service (QOS) that delivers the multimedia traffic, but does not allow it to interfere with the business-critical traffic.
To ensure that adequate support is available for new multimedia applications, some vendors assert that Asynchronous Transfer Mode (ATM)-to-the-desktop is the only answer. Most users are waiting for a solution that provides end-to-end QOS without necessitating a hardware expense at the desktop.
With Cisco Internetwork Operating System (Cisco IOS[tm]) Software Release 11.2, the wait is over. The new release provides comprehensive, end-to-end QOS capabilities that help ensure that the bandwidth required for any specific application--multimedia or otherwise--is available when required. Cisco IOS Software Release 11.2 does this, in part, by providing the industry's first network implementation of the Internet Engineering Task Force's (IETF's) Resource Reservation Protocol (RSVP). This protocol works with some of the underlying technologies already in Cisco IOS software, such as IP Multicast and Weighted Fair Queuing (WFQ), to deliver consistent, end-to-end QOS across the network. As standards are developed, Cisco IOS software will support dynamic interoperability between RSVP and the native QOS capabilities of Cisco's ATM, Frame Relay, and workgroup switching technologies.
RSVP enables individual hosts or applications -- multimedia and others -- to dynamically reserve the network resources they require to ensure timely and uncorrupted transmission. In addition, Cisco IOS software empowers network administrators to prioritize the amount of bandwidth available to these RSVP-enabled applications and thereby ensure proper balance between different applications.
If, for example, a company assigns a higher priority to SNA traffic than to video training, then RSVP can be used in conjunction with other QOS features of the Cisco IOS software to allow network administrators to set policies that determine the amount of bandwidth that the RSVP-enabled applications can allocate. SNA traffic, for example, can be provided the capacity it needs to handle its mission-critical functions, while RSVP can dynamically allocate the end-to-end resources needed for real-time multimedia traffic.
Because RSVP relies on bandwidth-reservation requests being relayed and accepted from end to end by network entities, it requires both network and client implementations. With Release 11.2 of Cisco IOS software, this RSVP capability is delivered on a wide range of Cisco IOS-supported platforms and interfaces, including ATM, Frame Relay, and LAN interfaces. For the client-side implementation, Cisco is partnering with a number of industry-leading platform and application vendors, including Intel, Microsoft, Sun, Precept, Silicon Graphics, and Hewlett-Packard.
As implemented in Release 11.2, RSVP takes advantage of an underlying Cisco IOS technology, Weighted Fair Queuing (WFQ), to do much of the work. It also can use other technologies, such as Random Early Detection (RED) and Generic Traffic Shaping (GTS), to provide end-to-end QOS solutions.
WFQ ensures that delay-sensitive, interactive traffic receives quick service, while actually providing most of the network bandwidth to the important, high-volume traffic. RSVP also operates dynamically with WFQ to sort major causes of inconsistent response times (such as long trains of packets, one immediately after another) into separate streams, allowing RSVP to guarantee that priority queues do not starve for bandwidth and that RSVP traffic receives predictable service.
RED and GTS, by comparison, can be configured to help provide required end-to-end QOS. RED is tailored to control traffic especially well on high-speed links; it accomplishes this work by reducing the transmission volume at the source when traffic threatens to overload network resources. GTS functions well on lower-speed interfaces, too, and acts like a filter that stops specific hosts or applications from sending too much traffic, too fast. In essence, both of these features help "throttle back" lower-priority traffic first and allow higher-priority traffic to continue unabated.
In addition to RSVP, IP Multicast capability in Cisco IOS software is an essential element for achieving QOS because it enables more efficient use of network bandwidth than traditional point-to-point operations. IP Multicast prevents traffic from going to nodes or users that have no need for it, as happens with the broadcasts on many multimedia applications. Multicasts only require that a single copy of data--which could represent a video signal or voice conversation--is issued to the network regardless of how many end-to-end points must receive the data. All replication of the data is done within the network, on an as-needed basis, contingent upon end-user requests for the data.
To ensure the success of multicast presentations, Cisco IOS software has supported Protocol-Independent Multicast (PIM) since Release 10.3. PIM is an open standard that empowers companies to easily scale their multicast capabilities. It operates at the network level and basically tells the router where to send the multicast; it receives this information from the end-user host or application via the Internet Group Management Protocol (IGMP). Cisco's workgroup switching products also support efficient multicasting, with no required changes to the host, through the Cisco Group Management Protocol (CGMP).
The QOS capabilities of Cisco IOS Software Release 11.2 provide a cost-effective solution for those environments that need an immediate way to leverage their existing infrastructure to carry multimedia applications. The software offers users a richness of choices in the technologies supported, as well as in the types of traffic transmitted.
Armed with this suite of QOS capabilities, organizations can enhance their networks with the latest multimedia applications--without jeopardizing other business applications running on the network. Equally important, networks can now be multimedia-enabled through a software upgrade as an alternative to an ATM-to-the-desktop solution.
___________________________________________________________________________________________________________
In today's data-intensive world, where organizations build larger and larger TCP/IP networks, network administrators face the challenge of cost-effectively setting up an increasing number of systems with the appropriate configuration information. While the Dynamic Host Configuration Protocol (DHCP) can efficiently reduce the effort associated with these configuration tasks in smaller networks, in large switched networks DHCP simply will not scale-at least, not without a facility in the Cisco DNS/DHCP Manager and the Cisco Server Suite 1000 products: the Cisco DHCP server.
DHCP, a protocol developed by the Internet Engineering Task Force (IETF) and defined in RFC 1541, works by creating a central, dynamic pool of addresses for the entire network. When nodes are added or moved within the network, they send out a broadcast to a DHCP server, which responds by providing IP configuration information from this central pool.
While this scheme is elegant in its simplicity, the problem with most DHCP server implementations is that the address pools that they create are limited to one subnet per physical network. For most networks using Class C addresses, this scheme amounts to 254 nodes per address pool. Large switched networks, however, not only have more nodes, but also use multiple subnets and may use secondary addresses on a router to completely address the network.
Cisco's DHCP server resolves this limitation by allowing network administrators to chain multiple subnets into a single address pool. In addition, Cisco Internetwork Operating System (Cisco IOSTM) software supports a feature called DHCP relay, which allows the DHCP server to respond to broadcast requests for configuration information from remote nodes. DHCP relay ensures that a centralized DHCP server provides an appropriate address for the subnet on which the node resides. As a result, one DHCP server can dynamically address thousands of IP nodes automatically and centrally with no manual intervention--even with the largest and most complex networks, including those relying on Cisco's CatalystTM 5000 workgroup switch.
The cost-effectiveness of Cisco's DHCP server is enhanced by its ability to automatically update the Domain Name Service (DNS) with IP address and name information. For example, if the DHCP server adds or updates an IP address, the information automatically goes to the DNS database as well. As a result, network administrators do not have to modify network text files for these updates.
By general industry estimates, physical "moves, adds, and changes" to network nodes account for over 40 percent of network administration costs, a figure that will likely rise with the increasingly mobile work force. The bottom-line benefit of the DHCP server is a significant reduction in overhead associated with configuring nodes in expanding TCP/IP networks. At Cisco Systems, for example, with an estimated 1400 adds, moves, or changes annually, the DHCP server saves more than US$35,000 annually, based on the 15 minutes of an administrators time per manual change, at a billable rate of $100 per hour.
The Cisco DNS/DHCP Manager is available for Solaris, HP-UX, and AIX. Windows NT for Intel and Alpha platforms will be available in January 1997.
___________________________________________________________________________________________________________
As WANs grow in size and complexity, customers face several key challenges. How to support more users, in more locations, over different WAN technologies? How to deliver bandwidth to high-demand applications affordably? How to simplify network management, even as the network becomes more complex? And how to ensure high levels of security throughout the network?
A variety of WAN solutions from Cisco Systems delivers answers to these challenges, including adapters for Cisco's core routers, features in the Cisco Internetwork Operating System (Cisco IOSTM) software, and techniques such as NetFlowTM Switching and Web-based management.
Enterprise networks today must accommodate a larger range of users-mobile employees and telecommuters, users at branch offices and data centers-and more variety in the types of network access. Each of these access- and user-types has unique requirements for connectivity, security, performance, and protocol support.
One concern is providing a diverse mixture of connectivity options to meet the varying needs of individual users. New port service adapters support this diversity in the Cisco 7500, 7200, and 7000 series routers with a Route/Switch Processor (RSP). The new adapters include:
Additionally, the new Packet OC-3 Interface Processor provides a 155-Mbps interface for packet-based traffic and is compatible with private and public Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) network facilities. This new interface processor uses standard packet protocols and efficient overhead structures to maximize data throughput and line utilization, reducing costs for high-bandwidth WAN links.
WANs today carry a greater variety of distributed applications for essential business functions. Some applications are bandwidth- intensive, while other mission-critical applications demand a high level of network responsiveness. The challenge is to balance responsiveness and performance without the need for costly bandwidth upgrades.
Cisco offers numerous Quality of Service (QOS) features to deliver the required network performance for these applications, within the available bandwidth. These features include support for the Resource Reservation Protocol (RSVP) and advanced queuing techniques that allocate bandwidth to different traffic types based on user-defined priorities.
For most enterprises, networking expense is growing dramatically as both usage and the number of WAN links increase. To gain control over spiraling costs, network managers need effective techniques for improving the availability of existing bandwidth. The Cisco IOS software offers many solutions to this challenge through support for techniques such as bandwidth-on-demand, data compression, and NetFlow Switching. These capabilities make more efficient use of existing WAN bandwidth by integrating diverse applications on a single network and maximizing throughput.
A greater number of access points and diverse infrastructures add complexity to WAN management tasks. To simplify these tasks, Cisco offers in-depth management views of users and applications through detailed traffic data provided by the data export function of NetFlow Switching. In addition, new Cisco solutions for Web-based management transcend standard concepts of network monitoring and control by supporting remote management of Cisco routers through a Web browser.
WANs will continue to grow in size, complexity, and importance to business. And Cisco Systems will continue to offer powerful solutions that address the challenges that accompany this growth-for access, bandwidth allocation, management, and security.
___________________________________________________________________________________________________________
Transaction Adds to Enterprise Network Management Offerings
Cisco's enterprise network management offerings will be strengthened through the planned acquisition of NETSYS Technologies, Inc. Based in Palo Alto, California, NETSYS provides standards-based software capable of leveraging Web and Internet technology for managing complex internetworks. Use of network modeling, planning, and analysis on an end-to-end basis helps network managers consolidate their SNA and TCP/IP networks and support multivendor network infrastructures. Over 200 NETSYS customers already use the company's products to help scale their networks and forecast future needs.
An agreement to acquire NETSYS was announced in mid-October and is expected to be completed in November. NETSYS's approximately 50 employees will become part of Cisco's Central Engineering team.
NETSYS Technologies was founded in 1991 as a consulting and custom software development company to provide network problem-solving, design, planning, and management services for government and private industry. The company observed that enterprise computing managers faced major challenges in deciding how, when, and where to grow the network and solve the day-to-day problems of enterprise management.
NETSYS' Enterprise/Solver product family is a set of network-planning and problem-solving tools that help users manage and grow their enterprise networks. The analysis, validation, and diagnostic capabilities of Enterprise/Solver products enable proactive planning as well as reactive problem-solving within LAN/WAN environments. With the NETSYS tools, network managers, analysts and designers can perform such tasks as network configuration problem solving and planning, trouble forecasting, and network design analysis under normal and failure conditions.
Cisco Systems has held a minority interest in NETSYS Technologies since 1995. For more information about the NETSYS acquisition, visit the URL http://www. cisco.com.
___________________________________________________________________________________________________________
Cisco Systems recently announced the acquisition of privately held Granite Systems (Palo Alto, California) for its standards-based, multilayer Gigabit Ethernet switching technologies.
The acquisition is intended to give customers a wider choice of backbone network technologies best suited for their individual network environments. Gigabit Ethernet switching and multilayer switching are emerging technologies that can expand the choices Cisco customers have for campus network information transportation. Multilayer switching and Gigabit Ethernet may help alleviate traffic congestion on network backbones resulting from new users, new bandwidth-hungry applications, and new high-performance servers.
Granite Systems was founded in 1995 by Andy Bechtolsheim, a founder and previous Vice President of Technology at Sun Microsystems, and David Cheriton, Professor of Computer Science at Stanford University, to develop high-performance, multilayer switching solutions.
___________________________________________________________________________________________________________
Cisco Systems has announced the acquisition of privately held Nashoba Networks (Littleton, Massachusetts), a leading supplier of Token Ring switching solutions. Cisco and Nashoba will provide customers with high-performance switched workgroup and backbone Token Ring LAN connectivity.
Token Ring switching is one of the faster-growing segments of the LAN market.
Cisco customers will now have access to products and technology comprising a broad set of solutions for Token Ring environments. Cisco's intent in acquiring Nashoba Networks is to give users a wide choice of Token Ring LAN switching products designed for workgroup and backbone environments.
For more information on the acquisition, visit the URL http://www.cisco.com/warp/ public/146/919_nashoba.html on the World Wide Web.
___________________________________________________________________________________________________________
Addressing the need for timely and cost-effective purchase capabilities for customers, Cisco's recently implemented Web-based ordering system, Internetworking Product Center (IPC), is providing several benefits to users, as evidenced by its large order volume. As part of Cisco's industry-leading Web site, the application allows users to configure, price, and submit purchase orders for all Cisco products and services via the World Wide Web, and removes time and location constraints inherent with traditional purchasing procedures.
Currently, the center is managing 10 percent of all Cisco orders, with a goal of 30 percent by the end of its first year. "The IPC has greatly increased our productivity," says Jamie Burton, Account Manager at Data Systems West (Woodland Hills, California), a Cisco reseller. "We've eliminated order paperwork, and features such as the Configuration Agent ensure order accuracy, reducing our lead-time by a minimum of three days."
Several features in the IPC are available with the help of Cisco's Commerce Agents, a family of interactive electronic commerce applications that simplifies and speeds the process of doing business with Cisco. Soon, select Commerce Agent products will also be available on CD-ROM.
Commerce Agent gives users greater control over their accounts by allowing access to order status and verification, quick search capabilities, and the most current pricing, configuration, and ordering information.
Status Agent provides quick and easy access to current information on Cisco orders. This application simplifies and enhances the ability to track the progress and status of orders 24 hours a day, 365 days a year.
Pricing Agent allows direct customers to access Cisco's online price list and search for prices based on product family, product description, or product number. An additional feature enables users to download the entire price list to their computers.
Configuration Agent allows users to search for Cisco products that are configurable, choose a particular model, and create a configuration on line.
The IPC is part of Cisco MarketPlace on the Web at http://www.cisco.com.
___________________________________________________________________________________________________________
With the enormous growth in the networking arena, the breadth of available technology has increased at a tremendous rate, and end-users are hard-pressed to keep up with the vast range of choices available. To help solve this problem, Cisco customers and employees are forming user groups to facilitate the exchange of technical ideas.
Cisco user groups are now cropping up throughout the USA, and interest has spread internationally, as well. Cisco users as far away as Poland have expressed interest in starting similar groups. Group meetings are usually held monthly and often consist of a one-hour technical presentation, after which the group splits into several informal discussion groups, allowing members to interact with their industry peers.
"I'm a strong supporter of Cisco user groups," says Jim Monkman, Network Systems Engineer, INS Consulting (Sunnyvale, California). "Being able to network and share information with others has proven to be an invaluable resource. The discussion topics are highly relevant, and, in turn, I've been able to help my own customers resolve many complicated technical issues."
Tom O'Keefe, President of the Dallas/Fort Worth Cisco User Group and independent network consultant, cites learning as an element of success of the groups. "The user groups are another way to learn about technology that's not in textbooks, magazines, or other sources. It's a form of continuing education that delves into the details of how things actually work."
Established Cisco user groups often have visitors from other areas of the USA, looking for ideas to start their own local groups. "Interest is growing rapidly," says Beau Williamson, a Systems Engineer for Cisco who helped with the organization of the Dallas/Fort Worth Cisco User Group. "Users realize the importance of sharing ideas and discussing possible solutions for their specific environments."
Information on meetings and membership for the Dallas/Fort Worth Cisco User Group is available at the URL http://dfw. cisco-users.org on the World Wide Web.
___________________________________________________________________________________________________________
In an extension of the strategic partnership announced last year, Compaq Computer Corporation and Cisco Systems announced a multiyear, worldwide agreement to develop the market for industry-standard networking platforms using Cisco Internetwork Operating System (Cisco IOSTM) Technologies software. This agreement extends the partnership between the two companies to include joint sales and marketing activities, targeted to meet the expanding demand for networking products and complete client/server network solutions for small and mid-sized businesses.
"This agreement with Cisco will give Compaq direct access to the industry's premier source of internetworking expertise and will enable wider availability of the benefits of Cisco IOS Technologies software through Compaq's extensive distribution partners," says Doug Pushard, Vice President of Compaq's Networking Products Division.
As part of the new agreement, Compaq and Cisco will participate in joint market development activities such as seminars, promotions, and competitive replacement programs in target markets. Both companies will continue to independently sell and support their own products, and will jointly support the sales of internetworking products through Compaq's high-volume distribution channels.
As a direct result of the partnership formed between Cisco and Compaq last year, Compaq has introduced the Netelligent 8500 Communication Platform, a standalone routing platform based on Cisco IOS Technologies software.
Information about Compaq and Netelligent products can be obtained by visiting the URL: http://www.compaq.com on the World Wide Web.
___________________________________________________________________________________________________________
DIGEX, Inc. (Beltsville, Maryland) has selected Cisco Systems to enhance its existing commercial Internet services. DIGEX's Telecommute Solutions Group provides subscriber-line Internet access featuring high reliability and experienced customer support for telecommuters and small office/home office (SOHO) customers.
DIGEX is one of the first Internet service providers (ISPs) to integrate the Cisco AS5200 universal access server as the dial-up platform of choice for its subscribers. DIGEX also relies on Cisco as its end-to-end networking solution provider to supply backbone routers, remote office routers, and dial-up access servers.
"The capability of the AS5200 to accept both analog and digital calls with a single trunk line allows us to issue one dial-in number to all of our subscribers, thereby providing us with a simple, reliable, and scalable solution," reports Brian Deobald, Vice President and General Manager of DIGEX's Telecommute Solutions Group.
DIGEX depends on many Cisco products to deliver high-reliability services, including the Cisco 7513 enterprise router for its national backbone, with 27 already in use.
For company information, visit the DIGEX Web site at the URL http://www.digex.net.
___________________________________________________________________________________________________________
Ericsson Radio Systems (Stockholm, Sweden) and Cisco Systems recently announced plans to collaborate on the development and exploration of wireless Internet services. Wireless data communication makes it possible for network operators to deploy and offer new services based on implementations of remote LAN access, intranet access for internal corporate communications, and global Internet access.
The two companies intend to deploy several standard wireless implementations as a result of these efforts, including GSM 900, DCS 1800, and PCS 1900.
Increases in Internet usage, laptop PCs, PC cards (PCMCIA cards), and digital mobile phones are driving forces in the wireless data marketplace. The collaboration between Ericsson and Cisco will allow wireless operators to meet the demands of this increased market growth.
The goal of the two companies is to provide solutions for end-to-end digital connections and fast-call opportunities for wireless circuit-switched data services. Typical operator service offerings will include direct Internet access with TCP/IP connectivity.
For more information about Ericsson, access the URL http://www.ericsson.se.
___________________________________________________________________________________________________________
Cisco has joined BMC Software, Compaq Computer, Intel, and Microsoft Corporation to propose an industry-standards effort that will allow administrators to use any Web browser to manage disparate systems, networks, and applications. The intent of the Web-based enterprise management effort is to enable the development of tools that reduce the complexity and costs of enterprise management.
Based on existing industry standards, the effort is open to the entire hardware, software, OEM, and internetworking community and is designed to integrate existing standards into any architecture that can be managed using any Web browser.
"Today's management applications don't go far enough toward interoperability," says Jamie Lewis, President of the Burton Group (Midvale, Utah), a leading analyst firm focused on network computing technology and architecture. "This specifications effort provides the industry with a tremendous opportunity to help corporate customers reduce the complexity and cost of managing their systems, networks, and applications."
The Web-based enterprise management (WBEM) standards are currently under discussion in the Internet Engineering Task Force (IETF) and the Desktop Management Task Force (DMTF).
For more information on this effort--including a list of supporting companies--visit http://wbem.freerange.com on the World Wide Web or e-mail info@freerange.com.
| New Technologies |
|---|
| The Web-based enterprise management effort promotes the use of two new management-related technologies to provide data modeling, manipulation, and communications capabilities:
Hypermedia Management Schema (HMMS), an extensible data model representing the managed environment. Hypermedia Management Protocol (HMMP), a communication protocol embodying HMMS that runs over Hypertext Transfer Protocol (HTTP). |
___________________________________________________________________________________________________________
The explosion in Internet usage has raised two major operational concerns to companies contemplating an Internet presence. These concerns include security-specifically, how to provide easy access to the Internet while preventing unauthorized access to internal resources-and cost-of-ownership issues. Fortunately, a new technology called the Cisco Private Internet Exchange (PIXTM) Firewall can resolve both issues.
"The PIX Firewall offers cost-effective and unprecedented security and performance," says Chris Gettings, Chief Technology Officer at e>Connect, Inc., Toronto, Ontario, "even while eliminating the need to recreate an internal IP addressing infrastructure."
A high-speed networking company offering systems integration and engineering services worldwide, e>Connect is also a provider of Internet access services to the Canadian market through its Smart Building System. This service offering, based on a fiber-optic backbone that e>Connect has implemented in large, multitenant office buildings throughout Canada, lets users simply plug into a jack on their office walls and be connected, at native wire speeds, to the Internet. The company now relies on Cisco PIX Firewalls in its internal networks and to provide all its customers with secure, cost-effective, high-speed access to the Internet for traditional World Wide Web-type applications, as well as to create their own secure intranets.
"The reason we rely on the PIX Firewall product," Gettings explains, "is that it was designed from the ground up to serve as a secure, standalone firewall. This means that it operates at much higher speeds than conventional proxy server-type firewalls, and it requires no high-maintenance, potentially hackable operating system, such as UNIX. Furthermore, the PIX Firewall uses Cisco's adaptive security algorithm to allow packets to pass through--never opening them as proxy server firewalls do. The result: unmatched security, performance, and throughput."
Proxy server-type firewalls are built on PC platforms or workstations, and their throughput is limited by the underlying operating system that can also render the device "hackable." With UNIX-based firewalls, for example, if an unauthorized user gains access to a UNIX session, that user can potentially breach the firewall security.
"Not only does the Cisco PIX Firewall provide the security and performance our customers need, but with its encryption options, it also lets us leverage these capabilities in the creation of the cost-effective intranets they want to enhance their business operations," Gettings says. "For example, this system has enabled us to create a high-speed virtual private network for one of our customers that encompasses sites in Vancouver, Calgary, Toronto, and Montreal as well as New York City, London, Paris, and Zurich--all for less than Can$100,000.
"Had this network been implemented with comparably fast leased lines," he continues, "this cost would have been consumed in the first two months. But with Cisco PIX Firewalls and encryption capabilities, they actually cut ongoing monthly costs to just Can$5000. As a result, in its first year of operation, this Internet-based, secure VPN will save thiscompany an estimated Can$440,000."
These dramatic savings, achievable only because of the functionality of the Cisco PIX Firewall product, are one key reason e>Connect relies on them now for all firewall applications it implements--both internal to their own network as well as on behalf of its clients.
"We had used other firewall products prior to switching to Cisco PIX Firewalls," Gettings says, "but these did not offer the PIX Firewall's performance or its additional capability of address translation. In addition--and what we like most of all about this firewall--is that it is a Cisco product and we are 100 percent Cisco, end-to-end, in all of our networks."
"We don't support other network technologies for a couple of reasons," he continues. "First, it's much easier on us from a technical perspective to support only one vendor's product line. Second, and equally important, we have found that Cisco's products tend to be easier to implement and maintain for our customers--and thereby to have a lower overall cost of ownership."
Contributing to this low cost of ownership is the Cisco PIX Firewall's ease of setup. With proxy server-type firewalls, product configuration requires defining each specific program or protocol available--such as the File Transfer Protocol (FTP), e-mail, or Web connections--and each user of that service. Furthermore, every time a user is added to the network, or permissions for any user change, the entire firewall setup needs to be modified. As a result, while configuring and implementing a proxy server-type firewall can take days, Cisco PIX Firewalls can be up and running in less than an hour.
"I have never seen a firewall product as flexible and functional as Cisco PIX Firewall," he continues, "and in 15 years of doing business in the computer industry, I have never seen a vendor as helpful and supportive as Cisco. The combination of best product with best vendor presents a win-win situation for us, as a systems integrator and service provider, as well as to our customers."
For more information on Cisco's PIX Firewall, see "Firewall Security...," PacketTM, 3rd Quarter 1996.
___________________________________________________________________________________________________________
In an ongoing effort to bring worldwide information access into school curriculums, volunteers throughout the USA are committing time and money to NetDay96, a nonprofit, volunteer program designed to help students and educators benefit from access to leading-edge networking technology by exposing them to the vast knowledge available on the Internet.
The program's goal is to wire primary and secondary public and private schools for access to electronic resources. In a grass-roots movement launched in California in March 1996, the first NetDay was a tremendous success and served as a model for programs in other US states. The achievements in planning statewide-as well as US National NetDay (October 1996)--have led to the creation of an International NetDay to link classrooms together around the globe.
Cisco is teaming with other companies and NetDay organizers on various levels in support of all NetDay events. NetDay is "virtually organized," with volunteers coordinating activities from the NetDay site on the World Wide Web. On each NetDay, volunteers using equipment supplied by sponsoring corporations, civic groups, school fundraisers, or other contributors will wire classrooms, libraries, and computer labs in as many schools as possible.
International NetDay is scheduled for April 1997. Countries will participate by holding their own NetDays on one of the four Saturdays in April.
For more NetDay USA information, or to register as a volunteer for a NetDay event in your area, visit the URL http://www.netday96.com.
___________________________________________________________________________________________________________
In recognition of schools' efforts and vision to use the Internet in innovative ways to improve curriculum in classrooms, Cisco Systems designated 150 nonprofit primary and secondary schools in the USA as recipients of 1996 Virtual Schoolhouse Grants.
Complementing Cisco's corporate initiative to provide the benefits of Internet access and international communication in today's classrooms, the 1996 Virtual Schoolhouse Grant program invited schools demonstrating solid technology plans and the financial and personnel commitment to implement them to apply for grants. Each winning school received cash, equipment, and services valued at US$10,000, for a combined total of $1.5 million. A personal grant from Cisco Chairman John Morgridge allowed Cisco to award an additional 100 grants to the 50 originally announced.
Details of the 1997 grant program were announced at the National School Board Association Conference in Dallas, Texas, in October. The program is now available not only to USA K-12 schools, but primary and secondary schools in all participating countries. Each first-place winner receives a one-time award of Cisco router or switching products, services, and training. For application information, visit the URL http://sunsite. unc.edu/cisco or send e-mail to edu-grant@ cisco.com.
___________________________________________________________________________________________________________
In an ongoing effort to maximize the value of PacketTM magazine for readers, Cisco recently conducted a survey to determine how satisfied Packet readers are. The phone survey spanned hundreds of randomly selected readers in the USA, Canada, and Europe.
Overall, readers are pleased with Packet, giving it a rating of four on a five-point scale. The majority of respondents would like more technical details, product news, and case studies to help them do their jobs. Relying on Packet to keep them up to date on product information, readers feel that the magazine provides educational value in terms of Cisco products.
In terms of content, readers gave Packet high marks for readability and language, but lower scores for their satisfaction with its technical level. The most important elements for readers in the USA are timeliness, technical content, and valuable information. Internationally, the sequence is technical data, valuable information, and insight and analysis.
Regarding distribution, most readers prefer to receive paper copies (55 percent in the USA and 62 percent internationally) of Packet, while reading it via the Web is the next preferred choice (23 percent and 17 percent, respectively).
Altogether, 45 percent of North American readers (33 percent internationally) found Packet some degree higher than average in terms of value compared with other vendor publications.
Moving forward, Packet's focus will be on more technically informative pieces, industry-related articles, product information, and case studies. Phone surveys will continue to play an important role to help Packet editors stay in touch with readers and their preferences.
If you have feedback about Packet, please e-mail your comments to packet@cisco.com.
___________________________________________________________________________________________________________
Strengthening service operations in the People's Republic of China (PRC), Cisco Systems has announced the creation of the first Chinese language World Wide Web (WWW) customer support site.
Based in Beijing, the new Cisco Connection Online (CCO) site offers users in the PRC free access in their own language to the same information and services available to Cisco customers globally. By connecting directly to ChinaNet, the PRC's national Internet backbone, Cisco has eliminated the expense of toll charges typically incurred by PRC users when accessing Internet sites outside the country.
Information is available 24 hours a day, seven days a week on the new site, with two layers of access. The first layer, available to anyone, offers general information about Cisco's product and solution offerings. The second layer, available only to registered customers and partners, allows customers to communicate and interact with Cisco's technical staff worldwide. Cisco's Asian Technical Assistance Center (TAC) is located in Sydney, Australia, and is staffed by Cisco-Certified Internetwork Experts (CCIEs), who are experienced in handling inquiries in a variety of Asian languages, including Chinese.
The Chinese language Web site is located at http://www-china.cisco.com.
___________________________________________________________________________________________________________
The following tables include new Gold, Silver, and CIP 7000 Cisco partners that have achieved certification since the last issue of Packet. For complete partner information, visit the World Wide Web URL: http://www.cisco.com/public/Partner_root.html.
| Gold Certified | |
|---|---|
| Company | Location |
| AllTech Data Systems | USA |
| Enator Dotcom AB | Sweden |
| Pacific Bell Network Integration | USA |
| Silver Certified | |
|---|---|
| Company | Location |
| Microland Limited | India |
| Soft Net S.A. | Argentina |
| ST Computer Systems & Services Ltd. | Singapore |
| CIP 7000 Partners | |
|---|---|
| Company | Location |
| Comtech | Belgium |
___________________________________________________________________________________________________________
| Product | Award | Awarded By |
| Cisco 4000 Series Routers | Editor's Choice Award | Internetwork Magazine August 1996 |
| Cisco Systems | Readers' Choice Award Routers | NetWare Solutions Magazine August 1996 |
| Cisco Systems | Readers' Choice Award Switches/Bridges | NetWare Solutions Magazine August 1996 |
| Cisco StrataCom BPX | Best of Show Awards WAN Services and Equipment | Data Communications/LAN Times Magazine September 1996 |
| Cisco StrataCom IGX/IPX | 1996 Standard Achievement Award Best Frame Relay Device | Internetwork Magazine September 1996 |
| Cisco 4000 Series Routers | 1996 Standard Achievement Award Best Edge Router/Switch | Internetwork Magazine September 1996 |
| Cisco 7500 Series Routers | 1996 Standard Achievement Award Best WAN Router | Internetwork Magazine September 1996 |
| Cisco 7500 Series Routers | 1996 Standard Achievement Award Best Multiprotocol Router | Internetwork Magazine September 1996 |
| Cisco 7500 Series Routers | Integrator's Choice Award Best Router | NetworkVAR Magazine September 1996 |
| Cisco 4500 Series | Integrator's Choice Award Best WAN Connectivity | NetworkVAR Magazine September 1996 |
___________________________________________________________________________________________________________
PacketTM magazine is published quarterly and distributed free of charge to users of Cisco Systems products.
Direct address corrections and other correspondence to packet@cisco.com,
or to Packet, in care of:
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California, 95134-1706
USA
Phone: 408 526-4000
http://www.cisco.com
Editor-in-Chief: Joanna Holmes
Assistant Editor: Deanna Andreasen
Art Direction and Design: Donna Helliwell
Project Coordinator: Carol Rolin
Production: Emily Burch
Published by the Cisco Systems News Publications Group
Special thanks to the following contributors: David Baum, Andrea Cheek, Barbara Dallenbach, Sam Diamond, Anne McLeod Haynes, Janice King (MarkeTech), Donna McCord, Herman Mehling, Gail Meredith (The Write Place), Beau Williamson, and the Cisco Graphics Group.
AtmDirector, BPX, Catalyst, CiscoAdvantage, Cisco Remote, Cisco IOS, the Cisco IOS logo, Cisco Systems, CiscoView, NetFlow, Packet, PIX, Stratm, TrafficDirector, and The Cell are trademarks; and Cisco, HSSI, LightStream, MultiNet, StrataCom, and the Cisco logo are registered trademarks of Cisco Systems, Inc.
All other products or services mentioned in this document are the trademarks, service marks, registered trademarks, or registered service marks of their respective owners.
Packet, copyright 1996, 1997 by Cisco Systems, Inc. All rights reserved. Printed in the USA.
No part of this publication may be reproduced in any form, or by any means, without prior written permission from Cisco Systems, Inc.
|
|