Customers use desktop virtualization solutions such as VMware® Virtual Desktop Infrastructure (VDI) to replace traditional PCs with virtual machines that are managed from the data center to reduce operational costs, increase control of desktop management, and extend business continuity and disaster recovery to enterprise desktops.
However, when desktop virtualization solutions are deployed over the WAN, latency and bandwidth constraints limit their effectiveness. Customers face the following challenges in deploying virtual desktop solutions for the enterprise:
• Poor performance of display protocols over the WAN, affecting employee productivity
• High bandwidth consumption, increasing costs
• Limited scalability, reducing the number of users that can be supported
• Poor performance of centralized printing and increased costs of printing at the branch
• Large amount of time and bandwidth required to back up data center virtual desktop infrastructure for disaster recovery
To address the challenges associated with today's complex user desktops, Cisco in collaboration with VMware offers a joint solution for VMware VDI, an enterprise network architecture for deploying VMware VDI with Cisco® Application Networking Services (ANS) with design best practices and implementation guidance that optimizes desktop delivery to all type of users in the enterprise.
Cisco and VMware have worked together to deliver this joint solution, including collaboration on the lab setup, solution testing, and validation of test results. Cisco and VMware jointly validate that the lab setup and solution testing represent best efforts in creating a realistic customer deployment and accurate documentation of such deployment.
The joint Cisco and VMware solution optimizes VMware VDI delivery, offering the following benefits:
• Near-LAN performance for virtual desktops over the WAN, improving performance by 70 percent
• Increase scalability of the number of VMware VDI clients by 2 to 4 times and provide massive scalability of VMware VDI and VMware VDM data center infrastructure
• Reduce costly WAN bandwidth required by 60 to 70 percent
• Optimize printing over the WAN by 70 percent and provide the option of a local print server hosted on the Cisco Wide Area Application Services (WAAS) appliance
• Improve business continuity by accelerating virtual image backups by more than 10 times, with bandwidth reductions exceeding 90 percent.
The purpose of this document is to provide a design best practices and deployment guide for the joint Cisco and VMware solution to optimize desktop delivery to all type of users in the enterprise.
Prerequisites
The following prerequisites are required to deploy the joint Cisco and VMware solution:
• Working knowledge of VMware VDI
• Experience with basic networking and troubleshooting
• Experience installing the Cisco products covered by this network design, including the Cisco WAAS and Cisco Application Control Engine (ACE) product families
• Working knowledge of Cisco IOS® Software
Document Organization
Table 1 provides a brief description of each section.
Table 1. Document Organization
Section
Description
Solution Overview
Provides a high-level introduction to the solution; introduces the solution, historical aspects, potential benefits, scope, and limitations
Solution Architecture
Describes the architecture of the joint solution
Implementing and Configuring the Cisco WAAS Solution
Describes configuration and implementation of Cisco WAAS within the joint solution
Implementing and Configuring the Cisco ACE Solution
Describes configuration and implementation of Cisco ACE within the joint solution
Network Monitoring with NetQoS
Describes the network monitoring software used for the solution testing
Solution Testing and Results
Describes the test methodology used and presents the results
Solution Overview
Cisco WAAS and ACE with VMware VDI reduces the cost and complexity of managing desktops by optimizing virtual desktop delivery over the WAN while avoiding costly bandwidth upgrades.
• This jointly validated solution improves employee productivity by combining VMware VDI for virtualizing and centralizing desktops and Cisco WAAS for compressing and accelerating VMware VDI traffic and optimizing branch office printing.
• Cisco WAAS increases the scalability and number of VMware VDI users supported over the WAN, and Cisco ACE improves the availability and scalability of data center VMware VDI infrastructure.
• Enterprise business continuity is improved by reducing the time required for backup and replication of datacenter VMware VDI infrastructure.
Solution Description
The joint Cisco and VMware solution offers optimized and scalable enterprise network architecture to deploy VMware VDI using Cisco ANS products. Cisco ANS provides optimization services and application scalability for VMware VDI deployments in the data center and branch offices. Following are the main components of this solution:
• VMware VDI and VMware Virtual Desktop Manager (VDM), to virtualize and centralize desktops
Step 1. Virtual desktops are hosted on VMware Infrastructure 3 ESX Server in the data center.
Step 2. VMware VDM Connection Server allows remote branch users to connect to their virtual desktops in the data center running VMware ESX Server.
• Cisco WAAS, to accelerate virtual desktop performance, reduce bandwidth demands, and provide faster backup
Step 3. Cisco WAAS, deployed on both sides of the WAN, optimizes display protocol traffic between the end users and the data center using a sophisticated combination of TCP optimizations that reduce the effects on the WAN, providing persistent session-based compression and data redundancy elimination. Cisco WAAS optimizes display protocol delivery, including delivery of Microsoft Remote Desktop Protocol (RDP), the underlying protocol used by the current version of VMware VDM and currently the predominant protocol used by the various virtual desktop implementations.
Step 4. The branch-office Cisco WAAS appliance provides print services locally to branch-office users by running Microsoft Windows print services.
Step 5. Cisco WAAS can also be deployed between data centers to optimize backup of VMware VDI infrastructure for disaster recovery.
• Cisco ACE, to improve the scalability and availability of data center VMware VDI infrastructure
Step 6. The Cisco ACE appliance provides load balancing among multiple VMware VDM Connection Servers, providing scalability and resiliency to the VMware VDI solution.
VMware Virtual Desktop Infrastructure
VMware VDI is an integrated desktop virtualization solution that delivers enterprise-class control and manageability. VMware VDI, built on VMware's industry leading virtualization platform, provides an efficient and reliable environment for virtual desktops.
The VMware VDI solution includes the following components (Figure 1):
• VMware Infrastructure 3 software, which provides a platform for hosting virtual desktops including the VMware ESX and VMware ESXi software
• VMware VDM, a desktop management server that securely connects users to virtual desktops in the data center and provides an easy-to-use web-based interface for managing the centralized environment
• VMware VDM Client, which runs on a windows PC and allows users to connect to virtual desktops through VMware VDM; clients can use Microsoft RDP or the VMware VDM Client software
Figure 1. VMware VDI Solution Components
VMware VDI enables users to run desktop operating systems and applications on virtual machines that reside on servers in the data center. These desktop systems running on virtual machines are called virtual desktops. Users access virtual desktops and applications from a desktop PC client or thin client (called VMware VDI clients) using a remote display protocol.
VMware VDI clients first connect to the VMware VDM Connection Server. The VMware VDM server then sends the connections to the end virtual desktops. VMware VDM servers maintain a central inventory of virtual desktops running on VMware ESX Server. Administrators provision virtual desktops on VMware ESX Servers and then register them to the VMware VDM server. In a large environment, multiple VMware VDM servers can be used to share client requests. In such cases, VMware VDM servers are replicated, with one primary VMware VDM server.
VMware VDI offers the following main benefits:
• Desktop environments are isolated.
• Data is secure in the data center.
• All applications work on a virtual machine.
• Normal management tools work on a virtual machine.
• Images are managed centrally.
• Hardware can be consolidated.
• Desktops are always on and always connected.
• Users have access to their desktops from anywhere.
Cisco Application Networking Services
Cisco ANS is a comprehensive portfolio of application networking solutions and technologies that supports the application delivery network in both the data center and the branch office. The Cisco ANS product portfolio includes these components:
• Cisco WAAS: Provides accelerated delivery of centralized applications to remote users, helping consolidate resources, optimize the WAN, and locally host critical applications
• Cisco ACE: Optimizes overall application availability, security, and performance by delivering application switching and load balancing
Cisco Wide Area Application Services
Cisco WAAS is a comprehensive WAN optimization solution that accelerates applications over the WAN, delivers video to the branch office, and provides local hosting of branch-office IT services. Cisco WAAS enables IT departments to centralize applications and storage in the data center while maintaining LAN-like application performance and to rapidly deliver local branch-office IT services while reducing the branch-office device footprint through the following application acceleration and WAN optimization features:
• Transport Flow Optimization (TFO): TFO addresses TCP performance limitations in high-latency, high-loss, and high-bandwidth networks. TFO employs the following main optimizations:
– Selective acknowledgement (SACK) and extensions: Reduces the amount of data that must be retransmitted when a loss is detected
– Large initial windows: Reduces the amount of time each connection spends in slow-start mode to enable more timely use of available bandwidth
– Virtual window scaling of TCP windows: Enables end nodes to transmit and receive larger amounts of data by increasing the amount of data that can be outstanding and unacknowledged in the network at any given time
– Advanced congestion avoidance: Reduces the performance effects on throughput when a loss is detected by more intelligently managing the congestion window of each TCP connection; this congestion avoidance mode also enables "fill-the-pipe" optimization to enable applications that are TCP throughput bound to make better use of available bandwidth capacity
• Data Redundancy Elimination (DRE): DRE is a bidirectional database of blocks of data seen within TCP byte streams. DRE inspects incoming TCP traffic and identifies data patterns. Patterns are identified and added to the DRE database, and they can then be used in the future as a compression history, and repeated patterns are replaced with very small signatures that tell the distant device how to rebuild the original message. With DRE, bandwidth consumption is reduced, as is latency associated with data transfer because fewer packets need to be exchanged. DRE maintains full application and protocol coherency and correctness because the original message rebuilt by the distant Cisco Wide Area Application Engine (WAE) device is always verified for accuracy at multiple levels and is application independent. Patterns that have been learned from one application flow can be used when another flow is seen, even when using a different application. DRE can provide from 2:1 to 100:1 compression depending on the application, data, and workload.
• Persistent Lempel-Ziv (LZ) compression: Cisco WAAS implements LZ compression with a connection-oriented compression history to further reduce the amount of bandwidth consumed by a TCP connection. Persistent LZ compression, which can be used independently or in conjunction with DRE, provides from 2:1 to 5:1 compression depending on the application used and data transmitted, in addition to any compression offered by DRE.
Cisco Application Control Engine
Cisco ACE application switches provide core server load-balancing services, advanced application acceleration, and security services to increase application availability, performance, and security. Cisco ACE application switches provide a virtualized hardware platform, application-specific intelligence, powerful performance, and granular role-based administration. Cisco ACE application switches are typically deployed in the data center in an asymmetric solution.
Cisco ACE application switches are part of the Cisco family of Data Center 3.0 solutions and help to:
• Increase application availability
• Scale application performance
• Secure application delivery
• Facilitate data center consolidation
Cisco ACE achieves these goals through a broad set of intelligent Layer 4 load-balancing and Layer 7 content-switching technologies integrated with leading acceleration and security capabilities. To increase application availability, Cisco ACE uses best-in-class application-switching algorithms and highly available system software and hardware. Cisco ACE provides industry-leading scalability and throughput for application traffic. Cisco ACE greatly improves server efficiency through highly flexible application traffic management and offloading of CPU-intensive tasks such as SSL encryption and decryption processing and TCP session management.
Solution Benefits
The joint solution offers optimized virtual desktop availability, performance, security, and costs by providing virtual desktops to users.
Virtual Desktop Performance
The Cisco WAAS product family provides application optimization services for virtual desktop delivery to support VMware VDI client high performance:
• WAN optimization: Provides intelligent caching, compression, and protocol optimization that yields, for example, 3 to 25 times faster printing and 90 percent traffic reduction
• Print optimization: Reduces print data traversing the WAN and improves print latency
Virtual Desktop Availability
The Cisco ACE product family provides load-balancing services for VMware VDM connection brokers:
• Server and application health monitoring: Continuously and intelligently monitors availability of VMware VDM Connection Server
• Server load balancing: Efficiently routes end-user desktop connection requests to the best available VMware VDM Connection Server
Solution Architecture
In this solution, virtual desktops run on VMware ESX Servers, and two VMware ESX Servers are used in this architecture. These servers are connected to shared storage to take advantage of VMware VMotion, VMware Distributed Resource Scheduler (DRS), and high-availability features. VMware ESX Servers and virtual machines running on them are managed by VMware VirtualCenter, which runs on separate servers.
A VMware VDM connection broker server holds the inventory of all virtual desktops. Two VMware VDM connections broker servers are used in this architecture. User requests to these servers are load balanced by the Cisco ACE load balancer.
Connections between the branch office and data center are optimized by Cisco WAAS. Routers on the branch office and data center sides intercept Web Cache Communication Protocol (WCCP) traffic and use two Cisco WAAS appliances, one each on the branch-office side and the data center side, to optimize the traffic. One Cisco WAAS Central Manager on the data center side is used to monitor the traffic and configure the Cisco WAAS setup.
Various print options are available for users. Print servers in both the data center and the branch office accept the requests from virtual desktops. Additionally, VMware VDI clients at the branch office are connected to a local printer.
Installing and Configuring Virtual Desktop Machines
Virtual desktop machines run on VMware ESX Servers. Refer to the latest VMware documentation to create and provision virtual machines. The following steps were used in this solution to create virtual desktops:
Step 1. From VMware VirtualCenter, create a virtual machine. Figure 2 shows the sample configuration used in this solution.
Step 2. Install Microsoft Windows XP on the virtual machine.
Step 3. Install VMware tools in the virtual machine.
Step 4. Download and install the latest VMware VDM agent on the Microsoft Windows XP virtual machine.
Step 5. Create a template of virtual machine to provision desktops in VMware VDM.
Figure 2. Sample Solution Configuration
Note: Refer to "Configuring Virtual Desktops for Optimization" to optimize the virtual machine for performance in this solution.
Installing and Configuring VMware VDM Connection Servers
Refer to the latest VMware documentation for installing and configuring VMware VDM Connection Server. The following steps were used in this solution to install VMware VDM Connection Server:
Step 1. Install Microsoft Windows Server 2003.
Step 2. Download and install the VMware VDM Connection Server executable file (VMware-vdmconnectionserver-2.1.0-<xxx>.exe). Install the first server as the standard server (Figure 3).
Figure 3. VMware VDM installation options
Step 3. Repeat the preceding steps for the second server, but this time select Replica.
Step 4. Next, a one-time configuration is required to configure VMware VDM Connection Servers.
Step 5. Launch http://hostname_or_ip.of.vdm.server/admin and log on with the appropriate credential. Typically, you can use any local administrator group user.
Step 6. In the Configuration section, add the license key.
Step 7. In the VirtualCenter Servers section, click Add and complete the details for the VMware VirtualCenters to be used with VMware VDM.
Step 8. Enable the VMware VDM Connection Server by selecting it from the list of VMware VDM servers and clicking Enable.
Provisioning Virtual Desktops
Desktops need to be provisioned for VMware VDM. The following steps were performed for this solution:
Step 1. Logon to VMware VDM Connection Server (as described in the preceding section) and click Inventory.
Step 2. In the All Desktops section, click the Desktops tab and click Add.
Step 3. Select Desktop Pool (persistent) and follow the steps to provision the required number of desktops. Select the virtual desktop template from the VMware VirtualCenter inventory when asked.
Step 4. When all the desktops are created and added to pool (this will take a while), name the desktops for the users. Select the user or group as required.
Installing and Connecting from the VMware VDI Client
Install and connect to the VMware VDI client. The following steps were performed for this solution:
Step 1. Download and run the VMware VDI client software (VMware-vdmclient-2.1.0-<xxx>.exe).
Step 2. Follow the standard installation steps to install the VMware VDI client software.
Step 3. Run the VMware VDI client software and enter the IP or hostname of the VMware VDM server to which you want to connect. From the list, choose the virtual machine to which you want to connect. If a hardware load balancer is used (such as in this solution), enter the IP or hostname of the load balancer in the VMware VDI Client window.
Server Hardware and Software
VMware ESX
VMware ESX Servers run all the desktop virtual machines. The tests use the following hardware:
The VMware ESX Server environment consists of two physical servers running VMware ESX 3i with the following configuration:
• 2 dual-core Intel Xeon CPUs at 3.06 GHz
• 4 GB of RAM
• VMware ESX 3.5
VMware VDM Connection Server
VMware VDM Connection Servers are the middle clients to which users connect and authenticate. Users then select their desktops and connect to the end virtual desktop. The tests use the following hardware and software for VMware VDM Connection Servers:
• Microsoft Windows Server 2003 Enterprise Edition with Service Pack 1
• 2 dual-core Intel Xeon processors at 3.06 GHz
• 1 GB of RAM
• Local storage
Storage for VMware VMotion
The physical VMware ESX Servers are connected to EMC Clariion storage over Fibre Channel. Both servers can write simultaneously to the Veritas File System (VxFS) on physical storage, a prerequisite for VMware VMotion.
Virtual Desktops
Each VMware ESX Server hosts 10 virtual machines running with the following configuration:
• 1 CPU
• 1 GB of RAM
• 8-GB hard disk
• Microsoft Windows XP OS with Service Pack 2.
Other Components
Microsoft Windows 2003 Server running as a VMware virtual machine serving the entire data center network includes the following:
• Microsoft Active Directory
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
Printing
Depending on the printing scenario, the print server runs on either the branch-office or the data center side. More details can be found in the implementation sections. The following printer was used to test printing:
• HP LaserJet 4000 with Jetdirect network port
Solution Workflow without Cisco WAAS and Cisco ACE
Packet flow from a remote site can be categorized into three segments, client, WAN, and server (Figure 4).
Figure 4. Packet Flow
Client Segment
The client segment is the location to which users are connected that allows them to connect to virtual machines in the data center. Users connect PCs or thin clients to a local external switch or an integrated switch or router. When a user opens a VMware VDI client on the PC or thin client and connects to a virtual desktop running in the data center, the data is sent from the PC to the switch. The switch forwards the data to the router that is connected to the WAN.
WAN Segment
The WAN provides connectivity from the client location to the data center where the server farm is located. The WAN is provided by a service provider with a given service-level agreement (SLA). The WAN inherently introduces delay and packet loss to the data traffic (data packets).
VMware ESX Server Segment
The server segment consists of a highly available and resilient core, aggregation layer, and access layer Ethernet switching. The core routes the data traffic to and from the WAN and the aggregation layer. The aggregation layer provides consolidation of multiple access layers and routes the access layer traffic to the core. The aggregation layer also takes the data traffic from the core layer and sends it to the appropriate access layer. The access layer provides connectivity to the VMware VDM Connection Servers and the VMware ESX Servers on which the virtual desktops reside. The data traffic from the client segment transverses the data center until it is received by the appropriate server.
Inside VMware ESX Server
Traffic from outside access switches is then redirected to a virtual switch inside VMware ESX Server. The virtual switch connects to the virtual machines and passes the traffic to them (Figure 5). Refer to the Cisco and VMware joint white paper for details.
Figure 5. Traffic flow inside VMware ESX Server
Cisco ANS Architecture for VMware VDI
Cisco ACE and WAAS reside in the data center and are configured to provide virtualized application optimization services for multiple VMware VDM server groups as well as other enterprise applications.
Because of their unique location, these solutions can take intelligent action on end-user traffic before it is routed to the end virtual desktops, including server load balancing, server health monitoring, and end-user access control.
Cisco WAAS also resides in the branch office and is configured to provide virtualized application optimization services for all application users in that location. The branch-office Cisco WAAS deployment together with the data center Cisco WAAS deployment offers a WAN optimization service through the use of intelligent caching, compression, and protocol optimization.
When end users access the virtual desktops through VMware VDM Servers, Cisco WAAS compresses the response and then efficiently passes it across the WAN with minimal bandwidth use and high speed. Commonly used information is cached at both the Cisco WAAS solution in the branch office and the data center, which significantly reduces the burden on the servers and the WAN.
Figure 6 shows the Cisco ANS architecture.
Figure 6. VMware VDI and Cisco WAAS Network Configuration
The VMware VDI and Cisco ANS solution consists of two main parts:
• Data center
• Enterprise branch office
Data Center
The data center follows the design guidelines in Data Center Infrastructure Design Guide 2.1, a Cisco Validated Design found at http://www.cisco.com/go/srnd. The design consists of a data center WAN router; core, aggregation layer, and access layer Ethernet switching; and the server farm where the application resides. This document focuses on the data center WAN router, aggregation layer, and server farm.
The core Ethernet switching provides routing to and from the data center WAN router and the aggregation layer. The access layer Ethernet switching provides Layer 2 connectivity for the server farms to the aggregation layer.
The data center WAN router performs the same function as the branch-office WAN router by redirecting traffic to the data center Cisco WAE. The data center Cisco WAE performs the following functions:
• Locally cached data: If the data that is being requested is locally cached, the Cisco WAE responds to the requestor with the cached data and requests only required data from the branch office. This process makes the WAN more efficient because only required data is requested.
• New data: If the data that is being forwarded to the branch office or coming from the branch office is new, the Cisco WAE runs compression algorithms on the data, enabling for the WAN to perform more efficiently.
Included in the data center is the Cisco WAAS Central Manager, which runs on the Cisco WAE appliance. The Cisco WAAS Central Manager provides a centralized mechanism for configuring Cisco WAAS features and for reporting and monitoring Cisco WAAS traffic. It can manage a topology containing thousands of Cisco WAE nodes and be accessed from any web browser using SSL. The Cisco WAAS Central Manager can be configured for high availability by deploying a pair of Cisco WAE appliances as central managers.
Within a Cisco WAAS topology, each Cisco WAE runs a process called the configuration management system (CMS). The CMS process provides SSL-encrypted bidirectional configuration synchronization of the Cisco WAAS Central Manager and the Cisco WAE appliances. The CMS process is also used to exchange reporting information and statistics at a configurable interval. When the administrator applies configuration or policy changes to a Cisco WAE appliance or a group of Cisco WAE appliances, the Cisco WAAS Central Manager automatically propagates the changes to each of the managed Cisco WAE appliances. Cisco WAE appliances that are not available to receive the changes will receive them the next time the appliances become available.
The aggregation layer contains Cisco ACE, which provides the following features:
• Virtualization: Virtualization partitions devices into multiple contexts, where each context can be configured for different applications and is independent of any others. In the joint solution, the Cisco ACE appliance is configured with the Admin context and the VMware VDM context.
• Server load balancing: The Cisco ACE VMware VDM context is configured to provide intelligent load balancing of the VMware VDM Connection Servers.
• Session persistence: Session persistence is the capability to forward client requests to the same server for the duration of a session. Cisco ACE is configured for source IP-based session persistence.
Enterprise Branch Office
In an enterprise branch-office setup, the Cisco WAE appliance is connected to the local branch-office router, typically a Cisco Integrated Services Router.
Users connect PCs or thin clients to a local external switch or an integrated switch or router. When a user opens a VMware VDI client on the PC or thin client and connects to the virtual desktop running in the data center, the data is sent from the PC to the switch. The switch forwards the data to the router that connects to the WAN.
The traffic is redirected from the branch-office router to the Cisco WAE by WCCP.
The Cisco WAE performs the following functions:
• Locally cached data: If the data that is being requested is locally cached, the Cisco WAE responds to the requestor with the cached data and requests only the required data from the server farm. This approach makes the WAN more efficient because only the necessary data is requested.
• New data: If the data that is being forwarded to the server farm or coming from the server farm is new, the Cisco WAE performs compression algorithms on the data, making the WAN more efficient.
WAN Simulation between Branch Office and Data Center
To provide a realistic WAN-like scenario for the solution test, a WAN bridge was used. The WAN simulator provided simulations of the following WAN links:
• WAN Type 1 T1
– Bandwidth: 1.544 Mbps
– Delay: 100 milliseconds (ms)
• WAN Type 2
– Bandwidth: 10 Mbps
– Delay: 50 ms
Process Flow with Cisco WAAS and Cisco ACE
Figure 7 shows the process in which data flows when Cisco ACE and Cisco WAAS are connected in the network.
Figure 7. Cisco WAAS and Cisco ACE Process Flow
Packet Flow with Cisco WAAS and Cisco ACE
Figure 8 shows the sequence for the handshake between a client and the VMware ESX Servers and the data transfer phase.
Figure 8. Cisco WAAS and Cisco ACE Packet Flow
The following sequence describes the handshake between a client and the VMware ESX Servers and the data transfer phase:
1. The client sends a TCP synchronize (SYN) packet to the virtual IP address configured on the Cisco ACE for VMware VDM Connection Server load balancing. The packet is forwarded to the branch router. The branch router intercepts the packet with WCCP and forwards it to the branch-office Cisco WAE appliance.
2. The branch-office Cisco WAE applies a new TCP option (0x21) to the packet if the application is identified for optimization by an application classifier. The branch-office Cisco WAE adds its device ID and application policy support to the new TCP option field. This option is examined and understood by other Cisco WAEs in the path as the ID and policy fields of the initial Cisco WAE device. The initial ID and policy fields are not altered by another Cisco WAE. The packet is forwarded to the branch-office router and then to the WAN.
3. During the data transfer phase, if the requested data is in its cache, the branch-office Cisco WAE returns the cached data to the client. Traffic does not travel through the WAN to the server farm. Hence, both the response time and WAN link utilization are improved.
4. The packet arrives on the WAN edge router. The WAN edge router intercepts the packet with WCCP and forwards the packet to the data center Cisco WAE.
5. The data center Cisco WAE inspects the packet. Finding that the first device ID and policy is populated, it updates the last device ID field (the first device ID and policy parameters are unchanged). The data center Cisco WAE forwards the packet to the WAN edge router. The edge router forwards the packet to the aggregation switch, and the aggregation switch then forwards it to the Cisco ACE. The Cisco ACE load balances the connection on one of the VMware VDM Connection Servers in the server farm.
The following steps are for reverse traffic flow.
6. The VMware VDM Connection Server sends the SYN/ACK packet back to the client with no TCP option. The packet from the server is matched by a policy-based routing (PBR) rule on the aggregation switch and forwarded to the Cisco ACE and then to the WAN edge router. The WAN edge router forwards the packet to the data center Cisco WAE. The data center Cisco WAE marks the packet with TCP option 0x21. During the data transfer phase, the data center Cisco WAE caches the data if the data is not in its cache.
7. The data center Cisco WAE sends the packet to the WAN edge router.
8. The packet travels through the WAN and arrives at the branch-office router. The branch-office router intercepts the packet and forwards it to the branch-office Cisco WAE. The branch-office Cisco WAE is aware of the Cisco WAE in the data center because the SYN/ACK TCP option 0x21 contains an ID and application policy. Autonegotiation of the policy occurs as the branch-office Cisco WAE compares its application-specific policy to that of its remote peer defined in the TCP option. At this point, the data center Cisco WAE and branch-office Cisco WAE have determined the application optimizations to apply on this specific TCP flow. During the data transfer phase, the branch-office Cisco WAE caches the data if the data is not in its cache.
9. The packet is forwarded to the branch-office router and then to the VMware VDI client.
Implementing and Configuring the Cisco WAAS Solution
Implementation Overview
The Cisco WAAS solution requires a minimum of three Cisco WAE appliances to autodiscover and deliver applicable application optimizations. One Cisco WAE is placed in the enterprise data center and the other at the branch-office site. The enterprise data center Cisco WAE is placed on the WAN edge connected to the WAN router. The third Cisco WAE is used as the central manager. The architecture offloads the Cisco WAE device from the local branch-office router and uses the available ports on a local switch. This design provides scalability and availability for the solution.
Network Integration
Cisco WAAS technology requires the efficient and predictable interception of application traffic to produce results. It is critical that the Cisco WAE device see the entire TCP conversation. At the WAN edge, Cisco routers support the following four methods of traffic interception:
• Inline hardware
• WCCP Version 2
• Service policy with Cisco ACE
• PBR
WCCPv2 is the most common method used in the remote branch-office environment; therefore, WCCPv2 has been used for this solution.
Network Topology
Figure 9 shows the network topology used in this solution.
Figure 9. Network Topology for Cisco WAAS Solution
Hardware
• Cisco WAE-674-K9
• Cisco WAE-7341-K9
• Cisco WAE-612-K9
Software
• Cisco WAAS Software Version 4.1.1
Features, Services, and Application Design Considerations
The VMware VDI solution uses port 80 to send RDP connections from VMware VDI client machines to virtual machines. In the context of Cisco WAAS, port 80 is accelerated by default; no further configuration in the Cisco WAE is necessary unless the application requires ports that are not part of the default application profile. For applications that use TCP ports that are not defined in the default application profile, you must define ports in the existing application profile or create a new application profile with the associated ports.
With the recommended design of Cisco WAAS at the WAN edge, client data traverses the Cisco WAEs only once, at ingress or egress to the data center. The VMware VDM connection broker and virtual machines are in the data center, and communication between them stays in the data center network.
TFO, DRE, and LZ compression, the three main technologies of Cisco WAAS, are enabled by default. Each of these features is described in the "Cisco Wide Area Application Services" overview section earlier in this document. The net results are reduced traffic and decreased latency across the WAN. Since Cisco WAAS deployments are transparent to the network and application, applications do not need to be aware of the added functions and continue to work as-is, but with decreased response time and increased traffic throughput and transactions.
Scalability and Capacity Planning
Cisco WAE farms can scale up to 32 devices with WCCP and up to 16,000 with Cisco ACE load balancing. Cisco WAAS services scale linearly in an N+1 configuration. In addition to the maximum optimized TCP connections, the fan-out ratio between the data center Cisco WAE and branch-office Cisco WAE must be considered. The fan-out ratio is determined by several factors, such as the number of Cisco WAEs in the branch offices, the amount of network traffic, and the number of TCP connections. A sizing tool is available internally that can help automate sizing decisions. NetFlow, NetQoS, and other network analysis tools can provide additional traffic flow information for increased accuracy in scalability and capacity planning.
High Availability
Device High Availability
Cisco WAAS deployments are transparent to the application. The application client and server do not know that Cisco WAAS is optimizing traffic flows. High availability is built into the WCCP interception. If WCCP is not active or if Cisco WAAS devices are not functioning, WCCP does not forward traffic to the Cisco WAEs, resulting in unoptimized traffic flows: the worst-case scenario, where traffic flow continues but is not optimized.
N+1 Availability
Cisco WAEs and the network provide additional high-availability capabilities. Routers can be configured redundantly, providing Hot Standby Router Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP) services. Cisco WAEs can be configured in an N+1 configuration, which provides scalability and availability. This design calls for N number of Cisco WAEs for a specific workload and then a standby Cisco WAE. Because the workload is always distributed evenly among the Cisco WAEs, the standby Cisco WAE is used, reducing the overall workload. If a Cisco WAE fails, the rest of the Cisco WAEs continue with the normal workload.
Configuration Tasks
Each Cisco WAE appliance can be configured either as an application accelerator or a central manager. As a best practice, Cisco recommends deploying a primary and a standby central manager. These devices will configure all other WAE devices on the network. Application accelerators are placed at the core and edge sites, and these devices perform the actual WAN acceleration.
The devices must be activated on the network in a specific order:
