larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Designing Networks and Services for the Cloud: Delivering business-grade cloud applications and services

eBook (Watermarked)

  • Your Price: $51.19
  • List Price: $63.99
  • About Watermarked eBooks
  • This PDF will be accessible from your Account page after purchase and requires PDF reading software, such as Acrobat® Reader®.

    The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

  • Description
  • Sample Content
  • Updates
  • Copyright 2013
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 336
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 0-13-273099-5
  • ISBN-13: 978-0-13-273099-0

Designing Networks and Services for the Cloud

Delivering business-grade cloud applications and services

A rapid, easy-to-understand approach to delivering a secure, resilient, easy-to-manage, SLA-driven cloud experience

Designing Networks and Services for the Cloud helps you understand the design and architecture of networks and network services that enable the delivery of business-grade cloud services.  Drawing on more than 40 years of experience in network and cloud design, validation, and deployment, the authors demonstrate how networks spanning from the Enterprise branch/HQ and the service provider Next-Generation Networks (NGN) to the data center fabric play a key role in addressing the primary inhibitors to cloud adoption–security, performance, and management complexity.

The authors first review how virtualized infrastructure lays the foundation for the delivery of cloud services before delving into a primer on clouds, including the management of cloud services. Next, they explore key factors that inhibit enterprises from moving their core workloads to the cloud, and how advanced networks and network services can help businesses migrate to the cloud with confidence.

You’ll find an in-depth look at data center networks, including virtualization-aware networks, virtual network services, and service overlays. The elements of security in this virtual, fluid environment are discussed, along with techniques for optimizing and accelerating the service delivery. The book dives deeply into cloud-aware service provider NGNs and their role in flexibly connecting distributed cloud resources, ensuring the security of provider and tenant resources, and enabling the optimal placement of cloud services.

The role of Enterprise networks as a critical control point for securely and cost-effectively connecting to high-performance cloud services is explored in detail before various parts of the network finally come together in the definition and delivery of end-to-end cloud SLAs. At the end of the journey, you preview the exciting future of clouds and network services, along with the major upcoming trends.

If you are a technical professional or manager who must design, implement, or operate cloud or NGN solutions in enterprise or service-provider environments, this guide will be an indispensable resource.

*  Understand how virtualized data-center infrastructure lays the groundwork for cloud-based services

*  Move from distributed virtualization to “IT-as-a-service” via automated self-service portals

*  Classify cloud services and deployment models, and understand the actors in the cloud ecosystem

*  Review the elements, requirements, challenges, and opportunities associated with network services in the cloud

*  Optimize data centers via network segmentation, virtualization-aware networks, virtual network services, and service overlays

*  Systematically secure cloud services

*  Optimize service and application performance

*  Plan and implement NGN infrastructure to support and accelerate cloud services

*  Successfully connect enterprises to the cloud

*  Define and deliver on end-to-end cloud SLAs

*  Preview the future of cloud and network services

Table of Contents

Introduction xix

Part I Building Blocks for Offering Network Services in the Cloud

Chapter 1 Virtualization 1

Virtualization Basics 1

    One to Many 2

    Many to One 2

Virtualization: A Brief History 3

Server Virtualization 3

    Drivers for Server Virtualization 4

    Approaches to Server Virtualization 5

    Components of Server Virtualization 6

        CPU Virtualization 6

        Memory Virtualization 7

        I/O Virtualization 8

    Benefits and Risks of Server Virtualization 11

Network Virtualization 12

    Drivers for Network Virtualization 12

    Logical Segmentation: One to Many 14

        Path Isolation 14

        Access Control 17

        Sharing Network Services 17

    Network Consolidation: Many to One 18

        Software Defined Networking 19

    Virtualization-Aware Networks 20

    Benefits and Risks of Network Virtualization 21

Storage Virtualization 22

    Drivers for Storage Virtualization 22

    How Storage Virtualization Works 22

    Common Implementations of Storage Virtualization 23

        Array-Based Storage Virtualization 23

        Network-Based Storage Virtualization 23

    Benefits and Risks of Storage Virtualization 24

Summary 25

Review Questions 25

References 26

Chapter 2 Arrival of the Cloud 29

Phases of Virtualization 29

Virtualization Enables the Cloud 31

What Exactly Is Cloud Computing? 32

    A Little History 34

Trends Driving the Growth of Cloud Computing 35

Impact of the Cloud 37

    Spur Innovation and Entrepreneurship Globally 38

    Collect and Analyze Big Data 39

Cloud Challenges 41

    Security 41

    Compliance 42

    SLA: Reliability and Performance 42

    Interoperability 43

Summary 44

Review Questions 45

References 45

Chapter 3 Cloud Taxonomy and Service Management 47

Cloud Service Models 47

    Software-as-a-Service 48

        SaaS Stack 49

    PaaS 50

        PaaS Components 52

    IaaS 53

        IaaS Components 54

    Comparing IaaS, PaaS, and SaaS 55

        Scope and Control 55

        Evolution 56

    Deployment Models for the Cloud 56

    Public Cloud 57

    Private Cloud 57

    Hybrid Cloud 57

    Community Clouds 59

    Open Clouds: Toward the True Intercloud 59

Cloud Actors 60

Cloud Service Management and Orchestration 62

    Service Orchestration 63

Summary 64

Review Questions 64

References 65

Chapter 4 Networks and Services in the Cloud 67

The CIO’s Dilemma 67

Increasing Relevance of the Network 69

    World of Many Clouds 70

    An Even Larger Cloud 70

    Growth of Cloud Data Traffic 71

Monetization 73

    Service Catalog 73

    Network Services à la Carte 74

        OpenStack Quantum 75

    Network Containers 77

        Cisco Network Services Manager 78

Evolution of Network Services for the Cloud 80

    Automation 80

    Virtualization Awareness and Multitenancy 80

    Location Independence 81

Quick Guide to the Rest of This Book 82

    Part II: Inside the Data Center Networks 82

    Part III: Inside the SP Next Generation Network (WAN) 82

    Part IV: Putting It All Together–Cloud Services Delivered 83

Summary 83

Review Questions 84

References 84

Part II Inside the Data Center Networks

Chapter 5 Role of the Network Infrastructure in a Virtualized Environment 85

Trends Influencing the Data Center 86

    Case 1: Acquisition of a Community Bank 86

        Virtualization 87

        Cloud Enablement 88

        Power and Cooling Considerations 88

        Return on Investment 89

        Economy of Scale 90

    Case 2: Service Provider Enabling New Services and Content to Its Customers 91

        Virtualization 92

        Cloud Enablement 92

        Power and Cooling Considerations 93

        Return on Investment 93

        Economy of Scale 94

    Case 3: Public Utility Companies Offering Smart Technologies to Address Power and Energy Requirements in a More Reliable, Economic, and Sustainable Manner 97

        Virtualization 97

        Cloud Enablement 98

        Return on Investment 98

        Economy of Scale 99

    Case 4: High-Performance Computing and Low-Latency Applications 99

        Virtualization 100

        Cloud Enablement 101

        Power and Cooling Considerations 101

        Economy of Scale 101

    Summary of the Use Cases 102

Network Segmentation in the Data Center 102

    Multitenancy 106

    Network Containers 107

Virtualization-Aware Network 108

    Virtual Switching 108

    Network Policy 110

    VM Mobility 110

Virtual Network Services 111

    Fabric Intelligence for Virtual Services 111

Service Overlay 112

Summary 113

Review Questions 113

Reference 114

Chapter 6 Securing and Optimizing Cloud Services 115

Motivations to Design Secure Multitenant Networks 118

    HTTP Tunneling 119

    Web Proxy/Caching 121

Design Considerations for Securing Multitenant Data Centers 124

    Threat: Identity Theft 124

    Solution: PCI DSS Compliance 125

        Operational Challenges 128

        Penalties 129

        How the Cloud Model Can Help 129

    Information Confidentiality 129

        Operational Challenges 132

        Penalties 132

        How the Cloud Model Can Help 132

How Virtual Security Is Enabled: Solutions and Architectures-Based Approach 134

    Traditional Security Approaches as Applied in Virtual Environment 134

        Security Containers: Contexts and Zones 134

        Segmentation and Access Control Lists 134

        Secured Access 135

        Application Security 135

    Virtual Appliance Approach 135

        Cisco ASA1000v Tenant Edge Security Solution 136

        Cisco Virtual Secure Gateway 138

Deployment Considerations 138

Summary 141

Review Questions 141

References 142

Chapter 7 Application Performance Optimization 143

Application Architectures in the Cloud 144

    Three-Tier App Architecture in the Virtualized World 146

    Provisioning and Management 148

Application Performance in the Cloud 148

Drivers for the Transition from Physical to Virtual Network Services 153

    Virtualization Awareness 153

    Agility, Elasticity 153

    Multitenancy 154

    Virtualized Application Delivery Solutions 154

        WAN Acceleration 154

        Server Load Balancing 157

Summary 157

Review Questions 158

Part III Inside the SP Next Generation Network (WAN)

Chapter 8 IP NGN Infrastructure That Supports Cloud Services 159

IP NGNs Evolve in Line with the Cloud 160

Role of DCI Technologies in Delivering Cloud Services 162

    Key Use Cases Enabled by DCI in the Cloud 162

    Workload Mobility in the Cloud 165

    Data Center Interconnect Requirements for the Cloud 166

DCI Solutions to Build Virtualized and Distributed Cloud Data Centers 167

    Transport Option 1: Layer 2 over Dark Fiber 168

    Transport Option 2: Layer 2 over MPLS 173

    Transport Option 3: Layer 2 over IP 176

Ingress and Egress Route Path Optimization 178

Summary 182

Review Questions 183

References 184

Chapter 9 Securing Cloud Transport and Edge Using NGN Technologies 187

Security Challenges in the Cloud 187

Key Requirements to Secure the Cloud 188

NGN Solutions to Secure the Cloud 189

    Providing Secure Access to the Cloud 190

        Internet Protocol Security 192

        Transport Layer Security Protocol 200

        Datagram Transport Layer Security Protocol 201

        Clientless Versus Full Tunnel 201

    Securing the Cloud Edge 202

    Multitenant Traffic Separation 206

Summary 209

Review Questions 210

References 210

Chapter 10 Optimizing and Accelerating Cloud Services 213

Enhancing Performance of Cloud Applications and Services 213

    Role of IP NGN in Optimizing Cloud Applications and Services 213

    How Cloud Services Are Placed Today 215

    Network Positioning System 215

    Cloud Service Placement at an Optimal Location 216

    NPS Solution Components 219

    NPS Operation 221

    Serving Cloud-Based Applications from an Optimal Location 222

    Application Layer Traffic Optimization 223

    Dynamic Extension of Customer VPNs 224

Accelerating Cloud Services 224

    Key Benefits of the Cisco WAAS Solution 225

Summary 228

Review Questions 229

References 229

Part IV Putting It All Together: Cloud Services Delivered

Chapter 11 Connecting Enterprises to the Cloud 231

Cloud Aware Enterprise Networks 233

How Enterprises Connect to the Cloud 235

    Enterprise Managed Cloud Connector Deployment 235

    Cloud Provider—Managed Cloud Connector Deployment 235

    Examples of Cloud Connectors 236

        Cloud Web Security Connector 236

        Webex Cloud Connected Audio 237

        Ctera Cloud Storage Connector 238

        Cisco Asigra Cloud Connector 240

    Future Cloud Connector Concepts 241

        Cloud Broker Connector 241

        Federated Identity Connector 243

        SAML 244

        OAuth 245

        Cisco Ping Identity Connector 246

    Cisco Extensible Cloud Connector Solutions 247

Summary 247

Review Questions 248

References 249

Chapter 12 End-to-End Cloud SLAs 251

Defining and Monitoring SLAs 252

    Network Service Provider 253

    Colocation Service 255

    Application Hosting Service Provider 256

    SLA Targets and Penalties 257

    SLA Assurance and Methodology 258

    SLA Management Framework 260

SLA in a Cloud Environment 262

Complexity of Cloud SLA 262

    Service Level Metrics 263

        Cloud Service Level Metrics 263

        Network Container Level Metrics 264

        Component Level Metrics 266

        Location/Scope for the End-to-End Measurements 266

    Guaranteed SLA 267

    End-to-End SLAs 270

Summary 271

Review Questions 272

References 272

Chapter 13 Peeking into the Future 273

Future Clouds 274

    The Intercloud 274

        Internet Analogy 275

        Intercloud Use Case 276

        Deeper Dive into the Intercloud Vision 277

        Intercloud Challenges and the Role of Networks 278

    Internet of Things 280

        A Bigger Cloud 281

        IoT Use Cases 281

        Sensor Networks and IP 285

        IoT Challenges: Networks to the Rescue 286

Network Evolution Continues 288

    Software-Defined Networking 288

        Hybrid Approach 289

        Challenges 289

    Application-Network Interactions 290

Summary 293

Review Questions 293

References 294

Appendix A Answers to Review Questions 295

9781587142949   TOC   4/23/2013

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020