Even as the enterprise Grid market matures, it is surprising how little discussion has occurred detailing exactly how enterprise Grid sites will be interconnected. Many questions arise. How will true virtualization of computing and storage resources be realized? Will the connections be based on dedicated private lines or private networks, optical channels on demand, Layer 2 (e.g., frame relay, ATM or Ethernet) virtual private networks (VPNs), IP-VPNs, IP-MPLS VPNs or some new network technology? Will the network scale to accommodate many more users and additional interconnected Grid sites? What access network will remote users and/or satellite sites use to “dial in” to access the Grid computer complex? Who will manage such a network, what will be managed and what are the Service Level Agreement (SLA) parameters between customer and service provider?
The generic answer to all the above is a set of managed network services. While service providers continue to focus on growing revenues while cutting costs, user adoption of managed services continues to rise as the benefits to those users become increasingly apparent. Companies in a variety of vertical markets are realizing myriad business improvements, productivity gains and cost reductionsall as a result of outsourcing some network services to service providers in order to focus on core business strengths.
Service providers are deploying several types of managed services, especially different types of VPNs, while developing integrated services (e.g., data, voice, video, storage) to meet growing user requirements beyond site-to-site connectivity. These developments continue to have significant implications in terms of service-provider profitability, customer loyalty and market differentiation. At the same time, the underlying carrier infrastructure is evolving toward a next-generation network (NGN)* with more intelligence and better user control. This creates a multitude of new service opportunities in the small business and enterprise markets.
* See GRIDtoday article, “In Search of the NGN” in Jan. 17, 2005, issue:
Managing in the Managed Network
The service provider manages either the CPE, network service or both. For a managed network service, levels of performance, security, availability and reliability may be specified as part of an SLA. For that reason, many refer to “managed services” as being SLA-based. At this time, each provider defines its own service-dependent set of SLAs.
Cisco on Managed Services
Earlier this month, Cisco held a webinar on managed services. The company defines four classes of network services, of which the latter three are managed in some way. Cisco sees huge revenue potential in the integrated (VPN) type of service.
The quartet of service classes is defined as follows:
- Connectivity: Basic transport/connectivity of end points. Examples include DS1/E1, DS3/E3 private lines, frame relay virtual private lines, dedicated IP private network or a broadband access network (e.g., DSL, PON, WiMax).
- Provisioned: Managed CPE, connectivity plus design, installation and monitoring. Examples: SONET/SDH or metro Ethernet private lines, Layer 2 (frame relay, ATM) VPN, Layer 3 (IP or IP-MPLS) VPN, Ethernet private LAN/ VLAN.
- Integrated: Selectively tailored to a class of customers. Provisioning might include bundled services and/or partner applications. Examples: an IP VPN with built-in security features, IP telephony and/or IP video streaming as well as storage and computer-to-computer high-speed data transfers over the same managed network.
- Customized: Most complex as it's tailored to each customer and integration of services must meet their specific needs. An example here might be wireless voice/data service used to control or reconfigure a broadband wireline service (e.g., boost the bandwidth).
In short, Cisco's managed services strategy is to maximize service provider revenue through network- and CPE-based managed services. Managed network-based services include connectivity (traditional L1-L3), value-added services (L4-L7), application services and business process outsourcing.
Network Services Customers Have Deployed
Cisco recently conducted what it called an “Enterprise-Service Provider Connect” survey. The findings included:
- Packet-based technologies (e.g., IP and Ethernet) are growing in popularity for connectivity (Let's face it, frame relay is almost 15 years old).
- Redundancy for connectivity is not nearly as widespread as might be expected. Less than 28 percent in the commercial segment had a redundant (e.g., back-up/standby) WAN connection.
- WAN connections with quality of service (QoS) are not widely deployed (despite years of hype about IP QoS). Only one-third of respondents in the commercial segment said they had implemented QoS mechanisms over their WAN infrastructure.
- Security needs to be built into the underlying service, rather than an add-on service.
- Customers are interested in additional managed services, but service providers must build a level of trust and partnership. Cost effectiveness was cited as one of the common reasons for choosing the type of managed network services to deploy from the service provider.
- IP VPNs were by far the most widely deployed managed service (Ironically, they are not the most profitable for service providers). Cisco reports that 74.5 percent of small business, 66 percent of mid-sized enterprises and 67 percent of large enterprises have deployed some form of IP VPN (IP Sec, IP MPLS, etc). A much lower percentage have deployed metro Ethernet, managed security or managed voice services.
- Carriers are using IP VPNs as the foundation for managed service and then layering additional services on top. For example, security, storage, IP telephony, IP video would overlay an IP VPN.
Cisco's View on Successful Managed Service
Quality of service (QoS) is critical to providing the guarantees that are an integral part of any managed service. Only one in three enterprise customers, however, has deployed QoS-based WAN connections. Adding to the conundrum: It was said that some business customers need six or seven levels of QOS to support their applications.
QoS interoperability across carrier domains is a huge, unresolved issue. This problem needs to be solved for wider deployment of long haul managed services. In particular, connecting grid sites in different countries with a VPN would require inter-carrier QoS.
Security should be part of “an integrated services VPN.” SLAs should specify the various types and levels of security. This might include firewall, authentication, authorization, identity management, encryption, intrusion detection and prevention, anti-virus and anti-worm.
Cisco's version of the IP NGN suggests collapsing the seven-layer OSI protocol stack into three layers. From top to bottom, they are:
- Application: Converged applications including communication, storage, mobile applications, web services and an IP contact center/help desk.
- Service control: Authentication, personalization, privacy, identity, policy and billing.
- Secure network: Transport, access aggregation, intelligent edge and a multi-service core.
Cisco's Integrated Services Router (ISR) product line was touted as the delivery vehicle for managed services. It includes one-touch provisioning capability, which accelerates service provider time to realizing revenue. By speeding provisioning time, the provider gets services to market faster and realizes revenue sooner. ISR provides embedded security and voice/IP telephony as well as high availability, resiliency and upward compatibility.
Cisco is partnering with service providers (such as BT) to realize its vision of managed services within NGNs. According to Cisco, BT is first among the carriers to have a “tighter systems integration approach with the applications layer.” Cisco is also partnering with IT outsourcing firms, such as IBM, HP and Accenture, to deliver better managed services involving applications and system integration.
Cisco believes managed services help service providers move up their customer's value chain while decreasing churn and increase ARPU. Managed services are of sizable interest to users, but they require network intelligence (e.g., QoS, integrated services VPN, etc.) that does not exist in today's networks in order for the vision to be realized.
Web Services' Role in Managed Networks
Web services can be effectively used by service providers to manage NGN services, independent of the specific service or network technology. This capability is referred to as Service Level Management (SLM) because the service–rather than the underlying network technology–is being managed. [Verizon refers to SLM capability as “command and control” and has implemented more than 70 applications on a web services platform]. Note that the use of Web services for SLM is independent of its use in building Grid infrastructures, as per the Global Grid Forum (GGF) specifications (see below).
Web services are specifically distributed services that process XML-encoded SOAP messages. They are sent over HTTP transport and described using Web services description language (WSDL). Today, they are being deployed broadly. Web services are used in a range of application integration scenarios: from simple, ad hoc, behind-the-firewall, data sharing to very large-scale Internet retailing and stock market trading. Increasingly, web services are being applied in grid computing scenarios that are being standardized by the GGF. Web services provide interoperability between software components that can communicate between different companies and reside on different infrastructures. This solves one of the most critical problems facing customers, software developers and partners.
The benefits of web services in SLM include:
- Much faster provisioning with fewer telco resources engaged in the process.
- Modularity and extensibility of service level management without dependence on the underlying network technologies.
- Structured software interfaces between the service provider's network management system (NMS) and ISV/ OSS vendors (vs. proprietary interfaces that are time consuming to orchestrate and difficult to maintain or modify).
- Simpler interactions with ISPs and other service providers that have endorsed the web services infrastructure paradigm.
Web Services for SLM Within Managed Networks
Web Services technology is best used in four distinct areas of SLM:
- Provisioning of NGN services (e.g., multi-site grid interconnection, MPLS or optical VPNs, Ethernet virtual private line/virtual private LAN, point-to-multipoint video distribution, residential video services and enhanced web phone). This includes a subscription management protocol with ability to specify and negotiate SLA parameters.
- End-to-end performance monitoring, measurement and compliance assessment of SLA parameters (by the service provider or a third party). Performance management reports may be scheduled or obtained via user query, asynchronous alerts or event notification can be requested when specific SLA parameters are not met.
- Other SLM functions (e.g., service advertisement by service provider and service discovery by user, access to distributed directories or service registries to find a desired network service and associated provider, re-negotiation of SLA parameters at service activation as well as once the service is operational).
- OSSintegration and structured software interfaces between EMS and NMS or NMS and OSS. This would include evolution of OSS vendor platforms (e.g., billing, CRM, inventory management, etc.) to a Web services-based infrastructure.
Managed Network Service for Grids
The selection of network connectivity and managed services for Grids decomposes into the following set of unanswered questions and issues:
- What network technology and associated SLA/QoS parameters will be used to interconnect Grid computer/storage sites to realize true virtualization? This means a combination of high bandwidth for computer interconnection with low latency for storage and real time applications (e.g., simulations). The choices include high capacity private lines (with managed firewall), IP-MPLS VPNs, Ethernet-MPLS VPNs/virtual private LANs/geographically dispersed VLANs or optical channels on demand (via IETF/ITU specs for GMPLS or OIF UNI/NNI).
- Which network technology and associated SLA/QoS parameters will be used for fixed broadband access to the Grid sites by remote offices and smaller, satellite sites? The choices include business class DSL (not good in the U.S.), fiber access PONs or WiMax. Mobile or nomadic access to grid sites is not a realistic issue at this time. Please see GRIDtoday article “WiMax MAY BE USED TO ACCESS GRID COMPUTER SITES” in Jan. 24, 2005, issue: http://www.gridtoday.com/05/0124/104502.html
- What CPE should be managed and which aspects of operation are managed? Who provides maintenance as well as hardware and software upgrades?
- Can the service provider adequately manage all aspects of the service? In particular, can its security solution and intrusion detection capabilities be trusted? Are they sufficiently comprehensive and robust? What about identity management and federation?
- Who will monitor and mange the SLA parameters associated with the managed network service? Is the service provider monitoring SLAs a conflict of interest? Who will assess penalties for non-compliance? What type of SLA reporting and alerting will be available to customers?
- What role will Web services play in the managed network used to interconnect Grid sites and provide access to remote users? If the equipment is managed, will it have web services capabilities for things such as security and authorization, reliable messaging, policy, addressing, federated identity, equipment management? If not, will the customer be responsible for procuring and maintaining web services middleware throughout the enterprise? Does that imply end point equipment running Web services code is to be co-managed by the service provider and customer? Envision the finger pointing that would result.
- Should application layer routing be considered? Should a router be able to function as a web services intermediary in order to inspect or append Web services or SOAP headers, (e.g. for WS reliable messaging and WS security)?
Managed services, particularly those using IPv6 addressing, together with metro optical Ethernet (a hybrid IP-Ethernet VPN) offer the most potential for Grid site interconnection and remote access to the Grid computer complex.
Performance, cost effectiveness and scalability will be key issues to consider by service providers in selection of the network technology. SLA parameter selection, negotiation and compliance assessment will be paramount to customers in their evaluation of managed services from a provider. Maintaining SLAs when internetworking between service providers should be carefully considered when one or more endpoints can not be reached by a single provider's network.