Introduction... 4 Purpose... 4 Scope... 4 Audience... 5 Feedback... 5

Transcription

1 VCE Word Template Table of Contents CLOUD SERVICE ASSURANCE: CISCO VIRTUAL SECURITY GATEWAY (VSG) AND CISCO VIRTUAL WIDE AREA APPLICATION SERVICES (VWAAS) ON VBLOCK INFRASTRUCTURE PLATFORMS December

2 Contents Introduction... 4 Purpose... 4 Scope... 4 Audience... 5 Feedback... 5 Technology Overview... 6 Vblock Infrastructure Platforms... 6 Cisco Virtual Security Gateway... 7 VMware vshield... 7 VMware vshield Edge... 7 Cisco Virtual Wide Area Application Services... 7 Cisco Nexus 1000V Series Switches... 8 VMware vsphere... 9 Vblock Infrastructure Platforms CSA Architecture High-Level Connectivity Layout Cisco VSG Test Case Topology Cisco vwaas Test Case Topology Cisco VSG Testing Deployment Prerequisites Validation Environment VSG Test Cases Test Case 1: Two Tenants in Different Port Groups and VLANs Test Case 2: Two Tenants in Different Port Groups, but the Same VLAN Test Case 3: VSG Restricting Traffic within the same Tenant Test Case 4: Multilayer Security using VSG and vshield Edge Cisco vwaas Testing Deployment Prerequisites Validation Environment vwaas Test Cases Test Case 1: Microsoft SharePoint 2007 and vwaas Optimization Test Case 2: Microsoft Exchange Server 2010 and vwaas Optimization

3 Test Conclusions Overview of Cloud Service Assurance Management Risks and HyTrust Appliance Risk Factors Addressing the Risk Next Steps

4 Introduction Services available from the cloud offer cost and efficiency benefits, but until now, many organizations have been hesitant to move to the cloud because of concerns about security, performance Service Level Agreements (SLAs), and availability. Cloud service providers need to address these concerns by offering services that help meet customer SLAs for critical applications. Virtual appliances are an increasingly popular option for service providers to implement serviceassured cloud offerings. Virtual appliances are designed to provide a secure enhanced end-user experience for hosted applications and fulfill customer SLAs. They can deliver security, application availability, WAN optimization, and performance management; their functionality can be offered individually or bundled into packaged offers. Purpose The goal of this paper is to show that Cloud Service Assurance (CSA) can be implemented by using virtual appliances from Cisco, and that these have been demonstrated to work on Vblock Infrastructure Platforms in a multi-tenant environment. Using virtual appliances, service providers can reduce capital expenditures and operating expenses and offer SLAs to end customers to fulfill their critical application demands in the trusted multi-tenancy (TMT) environment. Cloud service assurance is a key element in TMT. It provides security, performance, and availability to end customers to meet SLAs. This paper discusses how Cisco Virtual Security Gateway (VSG) and Cisco Virtual Wide Area Application Services (vwaas) apply to cloud service assurance, in terms of security, management, and application performance. The paper contains common test cases to show these virtual appliances working on the Vblock platform to meet SLAs. It also looks at risk factors associated with cloud service assurance. Scope This paper focuses on two Cisco virtual offerings: VSG and vwaas. The scope of the paper consists of: Functional testing of Cisco VSG on the Vblock platform, both alone and with VMware vshield Edge. VSG is enforcing policy inside the tenant and vshield Edge is enforcing traffic separation at the edge of each tenant. Functional testing of Cisco vwaas on the Vblock platform. The Vblock platform represents the data center and Cisco vwaas is used to provide service assurance to remote office locations. This paper describes the methodology used to install, configure, and validate Cisco VSG and Cisco vwaas on the Vblock platform. Procedures and configurations for implementing the solution may vary, depending on customer requirements. This paper also discusses the use of HyTrust to address management risks to CSA. 4

5 Note: This paper does not provide any comparison between the Cisco and VMware virtual appliance offerings. Although all features and functionalities are fully supported on the Vblock platform as per Cisco and VMware virtual appliance software releases and deployment guides, we did not test all virtual appliance offerings. For additional details, refer to Cisco and VMware software releases and deployment guides of the virtual appliances. Audience This paper is intended for Vblock platform customers with current or future Cisco product implementations; system, network, and application administrators; and technical engineering staff, IT managers, IT planners, and other IT professionals who are evaluating, acquiring, managing, operating, or deploying appliances in a virtualized data center environment. Those customers may be service providers whose business is offering cloud services to the IT services marketplace, or IT organizations within traditional businesses that offer IT-as-a-Service to their internal customer base. Feedback To suggest documentation changes and provide feedback on this paper, send to docfeedback@vce.com. Include the title of this paper, the name of the topic to which your comment applies, and your feedback. 5

6 Technology Overview This solution uses the following hardware and software components and technologies: Vblock Infrastructure Platforms Cisco Virtual Security Gateway VMware vshield VMware vshield Edge Cisco vwaas Cisco Nexus 1000V Series switches VMware vsphere Vblock Infrastructure Platforms With Vblock Infrastructure Platforms, VCE delivers the industry's first completely integrated IT offering that combines best-of-breed virtualization, networking, computing, storage, security, and management technologies with end-to-end vendor accountability. This converged infrastructure enables rapid virtualization deployment, so customers see an accelerated return on investment. Vblock platforms are characterized by: Repeatable units of construction based on matched performance, operational characteristics, and discrete requirements of power, space, and cooling Repeatable design patterns that facilitate rapid deployment, integration, and scalability An architecture that can be scaled for the highest efficiencies in virtualization An extensible management and orchestration model based on industry-standard tools, APIs, and methods A design that contains, manages, and mitigates failure scenarios in hardware and software environments Vblock platforms provide pre-engineered, production ready (fully tested) virtualized infrastructure components, including industry-leading technology from Cisco, EMC, and VMware. Vblock platforms are designed and built to satisfy a broad range of specific customer implementation requirements. Refer to the Vblock Infrastructure Platforms Technical Overview for detailed information on the Vblock platform architecture. 6

7 Cisco Virtual Security Gateway Cisco VSG serves as a security policy management tool for applications hosted in a virtualized environment, supporting various services in the cloud, including security zones, service templates, multi-tenancy, standard securities policies, and administrative roles. This component is managed by the Cisco Virtual Network Management Center (vnmc), a centralized console for configuring policies across a virtualized cloud infrastructure. Cisco VSG for Cisco Nexus 1000V Series switches is a virtual appliance that delivers security and compliance for virtual computing environments. Cisco VSG uses a virtual network service data path (vpath) technology embedded in the Cisco Nexus 1000V Series Virtual Ethernet module (VEM), offering high performance with vpath-based policy enforcement of packets. Security policies must be able to follow machines as they move in the cloud. Cisco VSG can apply security to the virtualized infrastructure, not just to the network. Cisco VSG recognizes a virtual machine and can apply security policies to the virtual ports that it utilizes. It follows that virtual machine from one data center to another. Cisco VSG is multi-tenant, so it can be deployed in a scalable way. It offers APIs, so other portals and orchestration tools can plug into it and provision it in an automated way. Go to for more details about Cisco VSG. VMware vshield VMware vshield provides important protection for virtual data centers and cloud environments. It fortifies security for data and application operations while improving control and visibility, accelerating compliance measures, and enabling multi-tenancy in a virtualized environment. This component engineers flow monitoring to enhance visibility while providing centralized management of segmentation and zone boundaries. VMware vshield Edge VMware vshield Edge, part of the VMware vshield family of virtualization security products, virtualizes data center perimeters and offers network services such as DHCP, NAT, Web load balancing, and virtual private networking (VPN). vshield Edge is a virtual firewall appliance that can be provisioned on-demand and its services enabled on the fly to meet the flexibility requirement of cloud deployments. Cisco Virtual Wide Area Application Services Cisco vwaas is a virtual appliance that enhances business applications delivered from private cloud infrastructures through rapid acceleration. Applications delivered from the cloud need high performance as they travel across the network to users in remote offices. These offices might be serviced by links with limited bandwidth, high latency, and congestion. This offers an opportunity to build WAN optimization as a service on a utility basis, in response to the provisioning of application server virtual machines. As user demand increases, service providers can scale up performance of vwaas virtual appliances by moving them to a more powerful platform or by allocating more resources on existing platforms. 7

8 Cisco vwaas can be: Virtualized on the VMware ESX and ESXi hypervisor Deployed on Cisco Unified Computing System (UCS) x86 servers in an on-demand, elastic, and multitenant manner Integrated with the Cisco Nexus 1000V switch, which optimizes application delivery in a virtual machine environment through Cisco vpath architecture services This enables cloud service providers to offer rapid delivery of the WAN optimization service, with minimal network configuration. Cisco vwaas provides application-specific optimizations for MAPI and the various client and server configurations, including cached mode. Cisco vwaas provides a number of acceleration services for MAPI to help improve performance. This acceleration provides: Reduced send and received times for messages and improved response times for interactive control operations Fast downloads of Microsoft Outlook offline address book with reduced bandwidth consumption Faster cleanup of s from the outbox Go to for more information about Cisco vwaas. Cisco Nexus 1000V Series Switches Cisco Nexus 1000V Series switches deliver highly secure, multi-tenant services by adding virtualization intelligence to the data center network. The Cisco Nexus 1000V switch is a virtual machine access switch that operates inside the VMware ESX or ESXi hypervisor. It has two components: Virtual Ethernet Module (VEM), a software switch embedded in the hypervisor Virtual Supervisor Module (VSM), which manages networking policies and quality of service for virtual machines with the VEM The Cisco Nexus 1000V switch is integrated with the VMware hypervisor, providing fast path performance for redirection. Cisco VSG and vwaas sit in the fast path as well and take advantage of this performance benefit. Cisco VSG and vwaas use vpath on the Cisco Nexus 1000V switch to deliver service to the virtual machines. VSG integrates with the Cisco Nexus 1000V switch to provide trusted multi-tenant access with granular zone-based security policies for virtual machines vwaas integrates with the Cisco Nexus 1000V switch to deliver assured application performance acceleration to IT users connected to enterprise data centers and private clouds. The Cisco Nexus 1000V switch provides feature and operational consistency with the physical Cisco Nexus switch, so network administrators can manage it using the same tools. 8

9 VMware vsphere VMware vsphere is a complete, scalable, and powerful virtualization platform, delivering the infrastructure and application services that organizations need to transform their information technology and deliver IT as a service. VMware vsphere is a host operating system that runs directly on the Cisco UCS infrastructure and fully virtualizes the underlying hardware, allowing multiple virtual machine (VM) guest operating systems to share the UCS physical resources. 9

10 Vblock Infrastructure Platforms CSA Architecture The virtual appliances described in this paper are implemented as multiple components working in concert with Vblock platforms. Figure 1 illustrates the cloud service assurance architecture. Figure 1. CSA Architecture The validation performed in this paper is applicable for all Vblock platforms. 10

11 The virtualized versions of appliances including the Cisco Virtual Security Gateway (VSG), Cisco Network Analysis Module (NAM), and Cisco virtual WAAS (vwaas) run on VMware ESXi server. Cisco VSG and Cisco vwaas have traffic redirected to them by the Cisco Nexus 1000V switch using the vpath technology. This paper provides a framework for deploying this functionality (such as Cisco UCS, VMware, and the Nexus 1000V), turning up those capabilities as needed, and directing them at the virtual machines running the applications hosting for customers. Note the following: Their device managers control the individual appliances. Turning up the VMs and redirection is done through the VMware vcenter and Cisco Nexus 1000V switch. There is tight integration with VMware. These appliances run in the fast path for high performance. This model enables cloud service provider customers to turn up services quickly and scale them out as needed to meet customer demand. VMware vshield has multiple offerings: vshield App, vshield Edge and vshield Endpoint. Cisco VSG and VMware vshield App provide similar security. The choice of which to use depends on client choice and comfort level. VMware vshield Edge provides additional benefits, such as VPN, NAT, firewall, and DHCP services. Using Cisco VSG and VMware vshield Edge helps achieve multilayer security. Note: VMware vcenter and vsphere and the Cisco Nexus 1000V switch (VSM and VEMs) are assumed to be already installed; VSM can be a VM or on Nexus

12 High-Level Connectivity Layout Figure 2 shows the Vblock platform high-level connectivity layout: Figure 2. High-level Connectivity Layout Cisco VSG Test Case Topology Cisco VSG provides controls at the VM level, using VM attributes, so that context-based policies can be applied. These policies are VLAN agnostic and can be applied to zones of virtual machines, providing topology-invariant, policy-driven security controls. This protects traffic from external sources to the VMs and traffic from VM to VM. Cisco VNMC is designed to manage Cisco VSG and security policies in a dense multi-tenant environment, so administrators can rapidly add and delete tenants and update tenant-specific configurations and security policies. Tenant A and Tenant B have their own virtual security gateway that provides security policies only for its VMs. Figure 3 depicts the multi-tenancy of VSG on the Vblock platform infrastructure. 12

13 Figure 3. Multi-tenant Deployment with Cisco VSG on Vblock Infrastructure Platform 13

14 Components The following are the required components used to set up the VSG environment for testing. Component Cisco VNMC Cisco VSG Cisco Nexus 1000V switch VMware vcenter Server Description Virtual appliance that provides centralized device and security policy management of the Cisco VSG. Operates with the Cisco Nexus 1000V switch distributed virtual switch in VMware vsphere hypervisor; uses the vpath embedded in the Cisco Nexus 1000V Series VEM. Virtual machine access switches that are an intelligent software switch implementation for VMware vsphere environments running the Cisco NX-OS software operating system. vpath is built into Virtual Ethernet Module (VEM) of the Cisco Nexus 1000V switch (1.4 and above). Manages the VMware vsphere environment and provides unified management of all hosts and VMs in the data center from a single console. Solution requires vcenter 4.0 or later with the Enterprise Plus license. Additional test bed components included: VNMC-to-vCenter communication over Vendor Independent Messaging (VIM) API VNMC-to-VSG communication over secure layer 3 (SSL) with pre-shared key VNMC-to-VSM communication over secure layer 3 (SSL) with pre-shared key and VM to IP mapping to VNMC VSG-to-VEM (vpath) communication over Layer 2 service vlan VSM-to-VEM communication - Over layer 2 - Over layer 3 Cisco vwaas Test Case Topology Cisco vwaas is a WAN optimization service that is deployed in an application-specific, virtualizationaware, on-demand manner. It accelerates applications delivered from private and virtual cloud infrastructure, using policy-based configuration in the Cisco Nexus 1000V switch to associate with server VMs as they are instantiated or moved. Figure 4 shows the test case topology for Cisco vwaas. 14

15 Figure 4. Cisco vwaas on Vblock Infrastructure Platform Test Case Topology Components The following are the required components used to set up the vwaas environment for testing. Component Cisco vwaas Cisco vwaas Central Manager Cisco Nexus 1000V switch VMware vcenter Server Description A powerful application acceleration and WAN optimization solution for the branch office that improves the performance of any TCP-based application operating in a WAN environment. Centrally manages the Cisco vwaas platform to enable shared management by network and application administrators. It minimizes operational dependencies by providing comprehensive, role-based management features. Used for creating network, installing and configuring Virtual Supervisor Module (VSM), adding hosts, adding vwaas and server virtual machines to Cisco Nexus 1000V switch port profile, and configuring vpath interception. Testing requires vcenter 4.0 or later with the Enterprise Plus license. Provides unified management of all hosts and VMs in the data center from a single console. 15

16 Cisco VSG Testing The objectives of testing Cisco VSG on the Vblock platform are to validate: Cisco VSG isolating traffic when VMs are isolated in different VLANs Cisco VSG isolating traffic when VMs are not isolated in different VLANs Cisco VSG restricting traffic within the same tenant Multilayer security using both Cisco VSG and VMware vshield Edge Deployment Prerequisites The deployment prerequisites are listed below. Component VMware vsphere Description Version 4.0 or later and VMware Virtual Center Cisco Nexus 1000V switch 1.4 or later Installed Virtual Supervisor Module (VSM) Registered VSM to VMware vcenter Verified that all ESXi servers contain Virtual Ethernet Modules (VEMs) Registered to VNMC Virtual Network Management Center (VNMC) Installed VNMC Registered to VMware vcenter Registered to Cisco Nexus 1000V switch VSG virtual machine Installed VSG Registered to VNMC Assigned VSG to a tenant Active VSG One (or more) per tenant 16

17 Validation Environment The lab represents a Vblock platform with VMware vsphere set up, with two physical ESX hosts offering services to virtual machines and a vcenter to coordinate this behavior. Furthermore, a Cisco Nexus 1000V switch, Cisco VSG/VNMC, and vshield Edge are used to provide services and security to the two physical ESX hosts and the virtual machines residing on them. Testing was done with the following setup snapshot: Resource Description VMware vsphere Version 4.1 Data center Name Cluster Name Hosts in a cluster VMware vcenter Cisco Nexus 1000V switch Virtual Supervisor Module Virtual Security Gateway (VSG) Virtual Network Management Center Four VLANs CSA CSA-Cluster1 2 Cisco UCS blades (Pluto-ch01-esx-1.pluto.vcelab.net) and (Pluto-ch01-esx2.pluto.vcelab.net) One dedicated vcenter was configured on Management VLAN 130. Reachable at vcenter-csa via the vsphere client Reachable at VSM-1 via SSH Reachable at Nexus1000VSG Register to VMware vcenter Four VLANs were configured: VLAN 128 CSA_Tenant_A /24 Gateway VLAN 129 CSA_Tenant_B /24 Gateway VLAN 130 CSA_Mgmt /24 Gateway VLAN 131- VSG_Data /24 Gateway Nexus 1000V Control VLAN = 130 Nexus 1000V Management VLAN=130 Nexus 1000V Packet VLAN=

18 VSG Test Cases The following test cases were executed during validation: Objective Demonstrate that Cisco VSG can isolate traffic when VMs are isolated in different VLANs on the Vblock platform. Demonstrate that Cisco VSG can isolate traffic when the VMs are not isolated in different VLANs on the Vblock platform. Demonstrate Cisco VSG restricting traffic within the same tenant on the Vblock platform. Demonstrate multilayer security by using both VSG and vshield Edge on the Vblock platform. Test Case Two tenants in different port groups and different VLANs on the Cisco Nexus 1000V switch. The VMs are in the same VLAN, but in different port groups on the Cisco Nexus 1000V switch. Cisco VSG has three zones defined within the tenant: APP, Web, and DB. Traffic is restricted to the different zones within the tenant with Cisco VSG. Cisco VSG is enforcing policy inside the tenant and vshield Edge is enforcing traffic separation at the edge of each tenant. Test Case 1: Two Tenants in Different Port Groups and VLANs This test case demonstrates that Cisco VSG can isolate traffic when the VMs are isolated in different VLANs. 1. The following screenshot shows the CSA vcenter environment with two dedicated hosts. Each host has multiple virtual machines (VMs) on two tenant vlans. 18

19 2. The following screenshot shows the Virtual Network Management Console, which is used to manage the VSG instances in the environment. Each tenant has its own VSG for enforcing traffic separation. The policy of Tenant A is set with a Permit_All_Rule in effect. 19

20 3. The following screenshot shows the policy on VSG that is enforcing traffic separation on Tenant B. Tenant B is allowing FTP and HTTP to Tenant A as well as Remote Desktop Protocol (RDP) into the environment for access to the VMs. 4. The following screenshot shows same firewall rules shown in Step 1 in the CLI. 20

21 5. The following screenshot shows the hit count on the rules for the VSG for Tenant B. Notice that there are no hits on any of the rules. 6. The following screenshot shows the FTP connection attempt from a VM in Tenant B succeeding to a VM in Tenant A. 21

22 7. The following screenshot shows the hit counts on the rules for Tenant B s VSG. Notice there is an allow (permit) for the FTP rule. Other traffic is dropped. 8. The following screenshot is another capture of the firewall rules that show HTTP traffic being allowed as per the rules. 22

23 Test Case 2: Two Tenants in Different Port Groups, but the Same VLAN This test case demonstrates that the VSG can isolate traffic even when the VMs are not isolated in different VLANs. In this test, the two tenants have two different port groups applied even though they are on the same VLAN. 1. The following screenshot shows the new IP range for Tenant B. Notice they are now in the same network as Tenant A. This shows that the VMs are no longer isolated by VLAN. 2. The following screenshot shows the new rules for Tenant B. The rules are the same with the exception of the source condition, which is changed to reflect the new IP addresses for Tenant B. 23

24 3. The following screenshot shows the rules on VSG for Tenant B. Remember that Tenant A has a permit any rule. 24

25 4. The following screenshot shows the firewall rules on Tenant B s VSG with no hits. 5. The following screenshot is showing the sessions initiated on a VM in Tenant B to a VM in Tenant B on both FTP and HTTP. 25

26 6. The following screenshot shows the hits after an FTP connection is successful from Tenant B to Tenant A. Notice the drops in the rules. 7. The following screenshot shows the same screenshot, but this time it reflects hits on the rules for HTTP. 26

27 Test Case 3: VSG Restricting Traffic within the same Tenant This test case demonstrates VSG restricting traffic within the same tenant. VSG has defined three zones within the tenant: APP, Web and DB. Traffic is restricted to the different zones within the tenant with the VSG. The tenant shown is Tenant B. The VMs for Tenant B are set up in the same port group (VLAN_Tenant_B). New zones are set up for Tenant B for Web, App, and DB. Rules are created to restrict traffic within the newly created zones. 8. The following screenshot shows the traffic being initiated from a VM on Tenant B to another VM on Tenant B. The traffic is FTP and HTTP. 9. The following screenshot shows the traffic being allowed by VSG on Tenant B, thereby demonstrating that the traffic separation was enforced within the tenant between VMs. 27

28 Test Case 4: Multilayer Security using VSG and vshield Edge This test case demonstrates multilayer security by using both VSG and vshield Edge. 10. The following screenshot shows the vcenter cluster with both VSG and vshield Edge installed and running. 11. The following screenshot shows the vshield Edge enforcing firewall policies at the port group on the Cisco Nexus 1000V switch. VSG is now enforcing policy inside the tenant with vshield Edge enforcing traffic separation at the edge of each tenant. 28

29 12. The following screenshot shows the same scenario as Step 2, except that it applies to the edge of Tenant B. 29

30 Cisco vwaas Testing The objective of testing Cisco vwaas on the Vblock platform is to demonstrate: Performance improvements in the network delivery of applications Ability to maintain performance SLAs and provide service guarantees to the end customer Deployment Prerequisites The deployment prerequisites are listed below. Component Cisco UCS B-Series blades VMware ESXi VMware vcenter Server VMware vsphere VMware ESXi server Description Two; for branch and data center Version 4.1 or later Hypervisor Version 4.1or later Enterprise Plus license With access to a virtual Central Manager (a virtual Central Manager does not require a Central Manager) Cisco vwaas software Version Cisco virtual Central Manager software Version WAN bridge WAN simulator Cisco Nexus 1000V switch vwaas virtual machine Version 4.2(1)SV1(4) for vpath interception Virtual Supervisor Module (VSM) installed and configured Port profiles created (including vwaas network profile and service-vlan, which is mandatory) Virtual Ethernet Modules (VEM) installed Installed and configured with the following vwaas settings: IP address and netmask Defau t gateway and primary interface Enterprise license Central Manager address CMS Interception (WCCP or other) Note that vwaas registration with the Central Manager is mandatory before traffic can be optimized. 1-2 client PC virtual machine images Windows 7 Active Directory Server 2008 Microsoft SharePoint 2007 Server Microsoft Exchange

31 Validation Environment Testing was done with the following setup snapshot: Resource Description VMware vsphere Version 4.1 Main Campus Remote Campus One Cisco UCS blade (pluto-ch01-esx-1.pluto.vcelab.net), with the following: Cisco vwaas CM DC-Cisco-vWAAS DC-Exchange (Active Directory setup) Exchange 2010 SharePoint2007_Server vcenter-csa: One dedicated vcenter was configured on Management VLAN 130. Reachable at vcenter-csa via the vsphere client. VSM-1: Reachable at VSM-1 via SSH. One Cisco UCS blade (pluto-ch01-esx2.pluto.vcelab.net), consists of the following: Branch-Cisco-vWAAS Branch-Client1 Branch-Client2 WAN-Bridge 1.8b3 31

32 Two UCS blades are used in the lab to simulate the data center and branch environment: One blade is used for server infrastructure (SharePoint, Exchange, Active Directory), data center vwaas, and Cisco WAAS Central Manager. The second blade is used to simulate the branch environment. Two client machines, each with Windows 7, are used to simulate branch PC. Branch vwaas and WAN Bridge for simulating WAN bandwidth and latency are hosted on this blade. The following screenshot provides a snapshot of the Cisco vwaas setup on the Vblock platform. 32

33 vwaas Test Cases The following test cases were executed during validation: Validation Objective Demonstrate performance improvement and provide performance SLAs running Microsoft SharePoint 2007 on the Vblock platform. Demonstrate performance improvement and provide performance SLAs running Microsoft Exchange Server 2010 on the Vblock platform. Test Case Microsoft SharePoint 2007 with and without vwaas optimization enabled. Microsoft Exchange Server 2010 with and without vwaas optimization enabled. Test Case 1: Microsoft SharePoint 2007 and vwaas Optimization A user in a branch location is accessing a collaborative document over the WAN from the Microsoft SharePoint portal hosted in a private cloud with a bandwidth of T1 (1.54Mbps) and latency of 80 ms. This private cloud is hosted by the Vblock platform, with vwaas services running as a virtual service in the compute layer. The test shows that Cisco vwaas optimizes the performance and bandwidth use of Microsoft SharePoint 2007 over a wide area network. This helps maintain performance SLAs and provide service guarantees to the end customer. Microsoft SharePoint Test Without vwaas Optimization The following test was performed: 13. Open the Microsoft SharePoint portal in the browser. 14. Download a 6 MB attachment (PowerPoint file). 15. Note the time it takes to download the file and the transfer rate, as shown in the following screenshot: 33