Enterasys Networks Best in Class Solution for mySAP.com Implementation Whitepaper

Solution Overview ENTERASYS NETWORKS Best-in-Class Solution for mySAP .com Implementation An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Table of Contents Introduction ......................................................................................2 Brief Overview of the mySAP .com Solution ................................3 SAP Architecture..............................................................................4 Enterasys Networks Strategy for the Successful Deployment of SAP Applications ..........................................................................5 100% Availability Networking ....................................................6 Total Networking Visibility ..........................................................6 Adaptive Networking ..................................................................7 Deploying SAP ..................................................................................8 Data Center Architecture ..............................................................8 High Availability Network ..............................................................9 Adaptive Networking Services ....................................................10 Network Visibility ..........................................................................11 Campus Network Architecture....................................................11 Remote Access Networks..............................................................12 Providing End-to-End QoS for a successful SAP Implementation ..............................................................................13 Classification ....................................................................................14 802.IQ priority/TOS Marking........................................................14 Committed Access Rate/Rate Limiting ......................................14 Congestion Management ..............................................................15 Conclusion ........................................................................................15 I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 1 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Introduction For today’s enterprise, the network is the lifeblood of the organization. The data network, and more importantly the business critical applications dependent upon it, have become critical success factors in the daily competitive landscape. Today’s highly effective organizations utilize their network – and the mission-critical applications running across them – to provide an edge over their competition. The network and the enterprise solutions are leveraged by the organization to gain an advantage over their competitors by increasing the efficiency of their core business processes, which in turns reduces time-to-market, increases efficiency, and enables the organization to provide best-in-class customer service. SAPTM is the world’s leading provider of business applications software. SAP software solutions have been implemented in more than 12,000 companies worldwide, and SAP has the leading market share in its segment. Through mySAP .comTM, SAP has moved well beyond integration within single enterprises to power collaboration of entire markets by spanning enterprise boundaries. Addressing a technology opportunity, such as the deployment of mySAP .com, quickly and effectively is key to successfully delivering an IT business advantage to the organization. SAP and Enterasys have entered a Technology Partnership in order to assist our joint customers in this endeavor. Enterasys Networks is the only provider of total network solutions created specifically for enterprise-class customers. By utilizing its technology, expertise and the partnership with SAP and other industry leaders, Enterasys is committed to delivering best-in-class network infrastructure solutions for mySAP .com implementations. This paper is provided to assist our joint customers with the design and selection of an inherently scalable, reliable, and manageable solution that is capable of providing an optimal network infrastructure for a mySAP .com implementation. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 2 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Brief Overview of the mySAP .com Solution SAP AG is the world’s leading provider of inter-enterprise software solutions. Via the SAP R/3® System, thousands of customers across the globe have integrated the processes within their own enterprises and across their business communities. SAP’s sophisticated solutions empower over 12,000 companies worldwide with a large array of products and services addressing a diverse range of industries. In fact, the SAP R/3 system provides industry-specific functionality for 22 industries. Figure 1 summarizes the industry-specific SAP R/3 solutions. Process SAP Chemicals SAP Pharmaceuticals SAP Oil & Gas Process SAP Banking SAP Insurance Services Industries SAP Healthcare SAP Telco SAP Media SAP Transportation Discrete Manufacturing SAP Eng. & Construction SAP Aerospace & Defense SAP High T & Electronics ech SAP Automotive SAP Software Public Sector and Education Federal SAP Utilities State and Local SAP Services Education Cross Industry Financials Enterprise Human Resources Consumer Products SAP Retail SAP Consumer Products SAP Apparel & Footwear Figure 1: SAP Industry-specific Applications Source: SAP AG By heavily leveraging its extensive experience in delivering customer-centric, open, personalized and collaborative inter-enterprise solutions, SAP’s mySAP .com™ offering is powering collaboration of entire markets. With mySAP .com, implemented to fully integrate an organization’s operational business processes, companies can extend their reach beyond the boundaries of their own enterprise, to reach out to their customers, suppliers and partners. MySAP .com has become the enabler of a previously unattainable level of collaborative business. The ever-present forces in today’s marketplace such as globalization, expansion, diversification, mergers and acquisitions, and the opportunities of the Internet make a coordinated view and management of information a critical success factor for enterprises today. The proven and reliable SAP Internet platform offers complete and seamless integration of back-office and front-office information, providing users with a complete view of the data integral to the successful execution of their job role. The rapid pace of technological innovation and the Internet is redefining today’s business world. A mySAP .com solution, integrating best-of breed products and services from SAP AG and its strategic and technology partner, Enterasys, can be a key point of differentiation for the best-in-class enterprise. By optimizing the supply chain, improving customer satisfaction, and reducing time-to-market/benefit by attaining new levels of collaboration with customers, employees, suppliers and business partners, mySAP .com can be key to achieving the seemingly limitless potential of the Internet Economy. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 3 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation SAP Architecture A SAP system is built around a scalable and robust architecture. In its simplest from, it is built around a three-tier architecture, shown in Figure 2. The heart of the system is composed of Database and SAP application servers. The Database layer can be built around many different database management systems, including Oracle®, Informix® and DB2® The Application layer is comprised of the SAP R/3 application servers. Database Layer Database Server SAP Server Communications R3 Application Server R3 Application Server R3 Application Server Application Layer SAP Access Communications Presentation Layer SAP GUI SAP GUI SAP GUI Figure 2: SAP Three Tier Architecture Source SAP AG The Basic building blocks of a SAP system deployment are: • SAPgui client™ • SAP Application Server • Database Server The SAPgui client is the primary front-end into the SAP system. It is not a terminal emulation program, but an application that graphically displays SAP data to the user. SAPgui clients make connections to a SAP system through the Dialog Service on a SAP Application server or via a SAProuter. The SAP Application server is the heart of the SAP system that provides industry-specific solutions. These servers are responsible for processing all client transactions, queuing print jobs, generating reports and coordinating access to the Database servers. The Database servers are the central Datastore for the SAP system. Although the Database management system can reside on the same system as a SAP Application server, in larger implementations it is typically deployed on separate systems. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 4 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Application Server (Dispater Dialog Service and Work Proc Dispatcher Port Info Service (Message Server) Gateway Service (Gateway) Print Service (Spool Work Proc.) Message Server Port Gateway Port Gateway Port Gateway Port Figure 3: SAP R/3 Communications Source: SAP AG Different R/3 System Other programs using SAP Comm. API Print Service (SAPL.pd or Berkely Lpd Other SAP components (shown in Figure 3) include the SAP Message server, SAProuter, SAP Gateway and SAP print service: • The SAP Message Server provides a mechanism to manage access through the SAPlogon service. The Message Server manages user connections and provides a connection load balancing. • The SAProuter provides a middleware layer between remoter clients and the SAP Application servers. Each SAP client connects a SAProuter with a SAPgui client. The SAProuter initiates individual connections to SAP Application servers and Gateway services. • The SAP Gateway service provides a connection to other SAP systems. SAP Application servers utilize the Gateway service to share and exchange information between systems. • The SAP Print service manages the print spooling of SAP reports. Enterasys Networks’ Strategy for the Successful Deployment of SAP Applications Enterasys Networks is focused solely on meeting the needs of Enterprise customers. From this focus emerges a keen awareness of the requirements for solutions that meet and exceed the needs and expectations of the Global 2000 enterprise customer. Enterasys’ solutions are designed with three fundamental strategies for delivering next-generation, best-in-class enterprise network infrastructure solutions for mySAP .com implementations. The three fundamental strategies are: • 100% Availability • Total Network Visibility • Adaptive Networking Solutions developed in keeping with these three overarching design strategies result in a scalable, reliable, and inherently manageable network. Design and deployment of an infrastructure with these attributes is key to the successful deployment of SAP and other business-critical applications, particularly as VoIP and other bandwidthintensive applications compete for limited resources. Figure 4 illustrates the concept of the three design strategies, their components and inter-relationships. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 5 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Network Node and Alias Discovery Full RMON I & RMON II Total IP Call Accounting Network Visibility End to End Layer 4 Services Application Level Visibility End to End Quality of Service Distributed Switching Architectures High Availability OSPF Multipath Routing Networking Per VLAN Spanning Tree Spanning Tree SmartTrunk Adaptive Networking Figure 4: Fundamental Elements of Enterasys Networks’ Solutions 100% Availability Networking Compliance with the 100% Availability Networking strategy requires the development and implementation of technologies that ensure the maximum availability of the network and the business-critical applications running on it. This compliance is achieved by designing multiple levels of redundancy and resiliency mechanisms into the elements comprising the network system. In order to achieve physical redundancy, Enterasys products are engineered with redundant power supplies, distributed architectures, and automatic fail-over to secondary interfaces to avoid single points of failure. At the logical level, there are multiple technologies ranging from Layer-2 protocols such as the Spanning Tree Protocol (STP) and link aggregation, to higher-layer protocols such as Open Shortest Path FIrst (OSPF) and Virtual Router Redundancy Protocol (VRRP). The implementation of these resiliency services are designed to be interoperable due to close adherence to the IEEE and IETF standards and other industry-recognized standards bodies. This adherence guarantees the highest possible level of infrastructure interoperability and resiliency, which in turn provides maximum availability of the network for support of business-critical applications such as SAP . All switch platforms, whether simple stackable Layer 2 switches or SmartSwitches™, Matrix E7™, and SmartSwitch Router are designed with the principles of the High Availability Networking strategy in mind. In addition, the services implemented to realize the goals of the strategy also improve overall network scalability by utilizing various load-balancing capabilities. In turn, this provides resiliency as well as the availability of greater network bandwidth. Total Network Visibility Achieving Total Network Visibility is crucial to successfully deploying and achieving maximum availability of SAP’s advanced applications. Total Network Visibility is achieved through: • Advanced monitoring and user detection services built into the hardware • Advanced system-level management software services comprising a complete next-generation network infrastructure solution. • Network End-System Discovery Every Enterasys product supports at least a minimum set of Remote Monitoring (RMON) capabilities, with most products supporting full implementations of the RMON 1, and application-aware RMON2 standards. In addition, every SmartSwitch Router is capable of providing IP call accounting services to provide data for usage accounting, decision support, and billing/charge-back. These technologies are key to monitoring the health and operation of a SAP application, from the client to the I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 6 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation application servers to the database servers. Enterasys recently unveiled the ability to discover end-system network aliases. This capability allows network administrators to locate any resource in the network at any time with a few clicks of the mouse. In the future, this feature will be enhanced to support the detection of application usage. Enterasys also provides a system management software product, NetSight™ Switch Manager, to configure and monitor these features, enabling an enterprise-wide implementation. Many of the administrative tasks required to manage the next-generation infrastructure, including configuration of the multi-layer frame classification functions outlined later in this paper, can be accomplished from a single management interface. NetSight Switch Manager reduces the system configuration burden on the IT staff by enabling configuration of these parameters across an enterprise to be completed within hours instead of days. It eliminates the need to configure each device individually via the local management interface or command line interface. In addition to the configuration management capabilities, the NetSight Switch Manager also provides an intuitive GUI for managing the network topology. This tool can be leveraged in the day-to-day monitoring and troubleshooting activities by providing a near-real time representation of the physical and logical topologies of the network. Through this tool and the node and alias capabilities of the hardware, problem devices can be found in a matter of seconds. Adaptive Networking Full realization of functionality in the third strategic area, Adaptive Networking, is just beginning to emerge. The key concept embodied by this strategy is to move the network infrastructure beyond a reactive system with minimal intelligence, to one with embedded intelligence capable of adapting to a desired behavior. Put differently, the networks of today are dependent on a relatively static configuration of the elements comprising the system that results in a predetermined desired behavior. Changing the behavior of the network system (due to a change in the operating environment) often requires changes to the existing configuration of one or more elements. In some cases, a complete reconfiguration of one or several network elements may be required. Although there are tools to assist in these tasks, in the majority of these changes, some amount of manual intervention must occur. The result is a very static, non-pliant system. The ultimate goal for Adaptive Networking is to change the paradigm away from manual configuration, to a rulesbased paradigm that shifts the change mechanism from manual intervention to automated reconfiguration of the system, initiated by the system itself. In this model, the network infrastructure is provided a set of rules, or a network policy that prescribes a system-level behavior based on a set of occurring conditions. An Adaptive Network requires that the network system has the intelligence to detect its current state, and alter its behavior based on the rule set. The services made possible by an implementation of the Adaptive Network strategy provide for automated end-to-end configuration for Quality of Service (QoS), Advanced Security such as Denial-of-Service attack prevention, and application layer awareness with automated policy enforcement. Enterasys has a long history of innovation in the area of Adaptive Networking. The collection of node and alias information by the switch ports–essentially the detection of individual network users and the protocols they are utilizing–is an important step in Enterasys’ realization of the Adaptive Networking concept. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 7 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Deploying SAP Campus Backbone or Metropolitan Area Network Gigabit Ethernet ATM Packet Over SONET Data Center Distribution Switches The key to deploying a successful SAP implementation is to build it on a reliable and scalable network. A reliable network provides a consistent user experience, while sufficient scalability allows for the continued growth of the deployment. A non-robust network infrastructure will lead to unacceptable network downtime and high operational costs. Enterasys Networks solutions are designed around the needs of the Global 2000 Enterprises. Enterasys’ solutions scale to support network needs from robust large-scale campus networks and high performance metropolitan area networks, to a diverse array of remote user access. Enterasys’ scalable solutions provide End-toEnd QoS and Security while maintaining high availability and reliability. Figure 5 illustrates an Enterasys Network’s 100% availability data center solution. The basic building blocks of a successfully deployed SAP network infrastructure are: • Data Center • Campus Networks and MANs • Remote Networks and WANs Enterasys Networks SmartSwitch Router 8000 Family OSPF Multpath Load Balancing Data Center Server Access Switches Data Center Server w/Gigabit Ethernet SAP Application Servers w/Fast or Gigabit Ethernet SAP ITS Web Servers w/Fast Ethernet Figure 5: High Availability Data Center Solution The Data Center is where the core of the SAP solution is deployed. The campus network provides connections to all campus users and may include Metropolitan Area Networks. Remote Networks include WAN connections for remote offices, Business-to-Business and Internet access via Virtual Private Networks (VPNs). Data Center Architecture To successfully deploy a mission critical client/server architecture, great care in design of the Enterprise Data Center must be taken. Enterasys Network’s advanced networking products are designed to provide robust and highly reliable network solutions. The primary platform is Enterasys Networks’ SmartSwitch Router™ 8000 series. The SmartSwitch Router 8000 and 8600 provide robust, non-blocking routing and Layer 4 services. To provide a scalable architecture for the Data Center, it is advisable to utilize a two-tier architecture. This architecture is designed to minimize network bottlenecks, even under high traffic loads. High bandwidth connectivity options include Gigabit and Fast Ethernet as well as high speed MANs and WANs interfaces such as ATM and Packet over SONET. Each SmartSwitch Router 8600 provides a full range of Layer 3 and Layer 4 services. The SmartSwitch Routers are designed around a fully distributed architecture. Each module from Enterasys is capable of making multi-layer forwarding decisions and benefits from the scalability of this design. Many competing switches on the market today rely on Layer 3 modules to make forwarding decisions for Layer 2 line cards. The increased intelligence of Enterasys’ design provides for greater scalability and reliability. A scalable Data Center architecture is based on a multi-tier network hierarchy. To achieve this, a Server Distribution Layer and a server access Layer provide the necessary building blocks. Each server access switch will be dual homed to a Server Distribution switch with Gigabit Ethernet technology. Each server ideally is dual homed with Gigabit or Fast Ethernet connections to the server access Switches. The proper bandwidth scaling should be done at the time of initial deployment with some percentage of growth provided for. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 8 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation High Availability Network 100% availability of database and application servers is mandatory for successful operation of a mission-critical SAP deployment. Global business operates 24 hours a day, 7 days a week, 365 days a year. Most user sessions will time out in about 20 seconds in the event of a service outage. It is a requirement for the network to converge in 20 seconds or less. Figure 6 depicts two tiers of SmartSwitch Router 8600s. The first tier, or server distribution switches, connects to the campus backbone or metropolitan area network. Both switches are configured for full routing and support Open OSPF a multipath load-balancing routing algorithm that supports rapid re-convergence. The primary connection to , the second tier will be meshed Gigabit Ethernet connections. It is recommended that these connections be configured to participate in OSPF routing on both the server access and server distribution switches. It is usually optimum to implement a server redundancy mechanism. These mechanisms vary from simple physical layer redundancy to more advance server clustering techniques. The need for Layer 2, or non-routed connections between each server access Switch pair will be dependent on the redundancy mode deployed. For example, if multiple adapters with active and unique IP and MAC addresses were utilized, then it would be desirable to allow each server access Switch to be configured to support a unique IP Subnet. This configuration removes the need to support any Layer 2-topology protocol and greatly simplifies the SAP server deployment. However, if a server clustering or adapter redundancy that rely on Layer 2-test mechanism is chosen, then it is necessary to run redundant links between each server access Switch Chassis. Enterasys recommends that SmartTrunk™ port aggregation is utilized. Tier 1 Distribution Switches Routing Domain OSPF Multipath Load Balancing Tier 2 Server Access witches Bridging Domain Whether one or more subnets are trunked between the server access Switches, SmartTrunk will provide for rapid re-convergence and minimal system downtime. SmartTrunk provides for both load balancing as well as sub-second reconfiguration Figure 6: Bridge and Routing Domains between chassis. SmartTrunk also may be utilized to provide redundant server connections. SmartTrunk connections can be distributed over multiple modules and there is no limitation on the number of concurrent physical connections. This allows for the greater resiliency and performance. Another aspect of 100% availability is the utilization of a gateway redundancy mechanism. Each server will generally be configured with a default gateway, which allows communication to the rest of the world. If the default gateway router fails, and even if there is an alternative path available, communications would halt. There are three principal mechanisms to provide default gateway redundancy: • Virtual Router Clusters with Virtual Router Redundancy Protocol (VRRP) • Gateway Advertisements with Internet Router Discovery Protocol • Network topology detection by utilizing routing service in the servers themselves. Virtual Router Clusters use industry standard RFC 2338 to provide a scaleable and efficient gateway failover. Failovers of 1 second are achievable as well as rudimentary load balancing through Symmetrical VRRP Symmetrical . VRRP utilizes two or more default gateways. Each switch in the cluster provides a redundant failover for its neighbor switch. Servers can be alternately configured for each gateway in the cluster, thus providing a load balancing effect. Internet Router Discovery Protocol (RFC 742) is a dynamic method for servers to detect available gateways on the network. Each SmartSwitch Router is configured as an IRDP server. Each router periodically advertises itself to the IRDP clients on the network. An IRDP client maps the gateway address choosing the best available path. IRDP clients can also ‘Solicit’ router information. This allows clients that come on line in-between Discovery messages to detect an available network gateway. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 9 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Campus Backbone or Metropolitan Area Network Data Center Distribution Switches On most servers today, there is the ability to configure routing protocol in a passive or listen only mode. Almost all UNIX systems support the RouteD routing protocol. RouteD is an implementation of the RIP version 1 routing protocol. RouteD is typically used in ‘Quiet Mode,’ where the RouteD process listens for RIP router updates and builds its own routing tables for packet forwarding. Each SmartSwitch Router can be configured to distribute its routing tables to the Servers through Route Redistribution. This method is generally less desirable than the previous two methods because it does place a burden on servers that must now process routing information. With the advent of SAP’s Internet Transaction Service (ITS,) the web has come to SAP users. ITS provides for a Web Server to act as a proxy for SAP clients to the SAP application server. As noted earlier, these web sessions generally utilize standard HTTP sessions with Secure Socket Layer session security. One mechanism to provide scalability and fault tolerance is the use of intelligent Server Arrays. Each SmartSwitch Router is a full-featured server load balancer supporting multiple load balancing algorithms as well as Source IP and SSL session persistence. Figure 7 illustrates high availability server arrays. The server access SmartSwitch Router also provide advanced content verification with the ability to proactively interact with each server and verify that the HTTP process is correctly functioning and passing the proper content. If a SmartSwitch Router detects a web server that has failed or is not providing the proper content, then the switch will not connect any new users to the failed server system. The server is taken out of the active list of servers, but it will be checked periodically to determine if is available for clients again. Data Center Server Access Switches Virtual IP Address and Port Database Server SAP Application Servers SAP ITS Web Servers Figure 7: High Availability Server Arrays Adaptive Networking Services Adaptive network services provide a full range of capabilities to enhance the robustness of a SAP deployment. These capabilities include comprehensive Layer 4 application recognition, rich QoS services, wire speed security and Denial-of-Service Attack prevention Each server access SmartSwitch Router can be configured in an advanced services mode which Enterasys has developed called Layer 4 Bridging. Layer 4 Bridging gives full application-level awareness without the need for routing to the port, as switches from some other vendors require. This application-level awareness will help to ensure reliable and responsive SAP deployments. Each server access SmartSwitch can be configured with advanced Quality of Service (QoS) features such as Differentiated Services, Weighted Fair Queuing, Committed Access Rate, and Weighted Random Early Detection. Most SAP client-to-application server traffic consumes little network bandwidth. The application-server-todatabase-server traffic can consume from 100 Mbs to many Gigabits per second. It is a requirement to provide connections between these servers with good congestion management capabilities to ensure that these transactions happen in an efficient manner. If congestion leads down to the slowing in the processing of transactions, then all up-stream users will experience poor unresponsive performance of the application. Another aspect of adaptive networking is to safeguard the mission critical data that SAP is built upon. Network attacks do not always occur from the outside in. In reality, most attacks on the IT infrastructure and corporate data come from within the enterprise. Each SmartSwitch Router is capable of providing wire-speed Access Control List with packet detection all the way up to the application layer. These Enterasys safe guards insure that SAP services are available only for authorized uses. Each Server Distribution Switch should be configured with security policies disallowing all subnets and networks access to the SAP Application servers and Database servers. As systems, subnets and networks need access to the SAP Application Systems, policies can then be configured to grant access only to specific systems. It is also prudent to grant only limited access to the Database servers. Another important aspect of the SmartSwitch Router is its ability to blunt many of today’s Denial-of-Service Attacks. These attacks include SYN Attack, LAND, SMURF Attack and many others. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 10 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Campus User Access Layer Matrix E7 SmartSwitch 6000 SmartSwitch 2000 Network Visibility Once a network or Data Center has been designed and implemented, its is important to perform periodic evaluations of how that implementation is operating. To this end, Enterasys has designed the SmartSwitch Router to provide advanced visibility and instrumentation services. Because the SmartSwitch Router supports a flow-based architecture, Enterasys can provide network information down to the granularity of individual IP conversations. In addition, it is critical to understand the health of the SAP system. Every SmartSwitch Router supports RMON and RMON II statistics gathering as well as full IP Traffic accounting. Campus Distribution Layer SmartSwitch Router 8600 Campus Core Layer SmartSwitch Router 8600 Campus Network Architecture Data Center Distribution Layer SmartSwitch Router 8600 Data Center Server Access Layer SmartSwitch Router 8600 Matrix E7 The second requirement for a successful SAP deployment is a scalable and resilient campus infrastructure. Enterasys Networks’ supports a wide range of advanced platforms that support a diverse array of enterprise applications and services. A campus network architecture must be robust enough to support SAP’s mission-critical ERP applications as well as support emerging services such as Voice over IP (VoIP). It is desirable to deploy a modular three-tier campus architecture. This building block approach facilitates network resiliency and scalability while allowing for better security. The three tiers of modular campus network architecture are: • • • Access Layer Distribution Layer Core Layer Figure 8: Modular Campus Network Architecture The Access Layer is deployed to service all user connections just as server access switches connect servers in the data center. The Access layer can be made up of the Enterasys Matrix E7 or SmartSwitch 6000. The Access switches provide dedicated 10/100 Mb/s connections. The default uplinks from this layer are two or more Gigabit Ethernet connections, although it is still common to see multiple Fast Ethernet links utilized. Figure 9 is an illustration of a typical implementation of a three-tier modular network utilizing the Enterasys SmartSwitch Router, Matrix E7, and the SmartSwitch 2000/6000. The Enterasys Matrix E7 is a new generation of Intelligent Access Switch. The Matrix E7 has been designed to scale to bandwidth in excess of 400 Gb/s and 500 10/100 user connections. The E7 supports full Layer 4 application layer awareness as well as full QoS and security services. The SmartSwitch 6000 supports over 240 10/100 user connections and bandwidth in excess of 32 Gigabits in addition to all of the services that are provided for in the Matrix E7. Both the Matrix E7 and the SmartSwitch 6000 chassis support Layer 4 routing services today with integrated award wining SmartSwitch Router technology. Enterasys builds on its strategy of total network visibility by providing an innovative service called Node & Alias Discovery. This technology allows system-level visibility into the real time location and properties of the edge devices and end systems. Quite simply, Enterasys is the only vendor able to deliver a system that answers the critical support and monitoring question of “Where is IP address x.x.x.x?” In the future, it will be possible to detect and report which applications are running and which end system they reside on. It will even be possible to detect which SAP Application Server, Message Server and SAP Router a user is communicating with. Enterasys also supports a full implementation of RMON per switch. This means each Matrix and SmartSwitch module support groups 1-9 per port, including packet capture and filters. With the inclusion of the Advanced Router Modules, these systems support all the application-aware functionality of RMON 2 standard. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 11 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation The Campus Distribution Layer provides a point for Layer 3 aggregation. The Campus Distribution Layer should be utilized to isolate the Layer 2 domains in the Access Layer networks. It is key to provide a network that is tolerant of network outages. Enterasys has developed Layer 2 resiliency technologies based on evolving IEEE standards such as Rapid Reconfiguration Spanning Tree (802.1W) and Per VLAN Spanning Tree (802.1s). These technologies minimize the impact on users during a device failure. The Distribution Layer Switches also provide gateway redundancy through Internet standard VRRP and IRDP As . discussed previously, these technologies are key to providing non-stop networking capabilities in the campus. The Campus Core Layer is the backbone of the network. The core interconnects all of the User Access and server access blocks. The majority of the Campus traffic will transverse this layer. All Distribution Layer Switches will connect into the core with Gigabit Ethernet technology except where it is reasonable to utilize trunked Fast Ethernet links. Metropolitan Area Network connections can be accomplished through Long Haul Gigabit Ethernet, ATM and Packet Over SONET technologies. Remote Access Networks A large portion of SAP traffic will come in from remote offices and networks. Enterasys Networks supports a diverse array of Wide Area Options in the SmartSwitch Router family. Remote SAP access can be services with a wide array of technologies including ATM, Frame Relay, Multilink PPP ISDN, VPN, T1/E1, T3/E3, OC-3c/STM-1 , and OC-12c/STM-3 technologies. Enterasys supports these technologies across the entire line of SmartSwitch Router Layer 4 Switches. Core Network Switches A WAN access network is deployed in a similar manner to the Server Distribution network. All WAN connections are aggregated at this point. Great care must be taken when provisioning the wide area circuits. Each SAPgui client consumes approximately 2 Kbytes of bandwidth per dialog instance. SAP has provided a formula for estimating Bandwidth requirements: C= 16000 X N/ (Tresp + Tthink) bits/second Where: SmartSwitch Router 8000 Family C = Bandwidth required to display the SAPgui N = Number of concurrent SAP users WAN Access Switches Tresp = Time needed by the System before it can display the next dialog screen Tthink = Time needed by a user to process a screen shot in seconds WAN Internet ATM T 1/E 1, T3/E3 Frame Relay OC-3c T1/E 1 ISDN Frame Relay VPN L2TP IPSEC , The SAP formula can be used for estimating the bandwidth requirements for traffic between the application server and clients. When combined with the requirements of other applications running between the central and remote sites, it can be used to determine bandwidth provisioning requirements. SmartSwitch Router 2000 SmartSwitch Router 500/600/700 Figure 9: WAN Access Layer I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 12 of 16 An Enterasys Networks’ White Paper I Enterasys Multi-layer Frame Classification Providing End-to-End QoS for a Successful SAP Implementation A fundamental component to deploying a SAP R/3 System is Quality of Service (QoS). In enterprise networks, SAP implementations compete for network resources with many other applications and services. These competing applications can include file transfer, email, IP telephony and many others. These services are usually new multimedia, video, web and telephony, which put a considerable burden on the network infrastructure. The biggest burden comes from applications such as file transfers and network based backup that consumes the maximum available bandwidth. Figure 10 illustrates the concept of providing end-to-end QoS for a SAP implementation. Campus A WAN Campus B QoS Edge •Access Control •Priority Classifications •L2 Marking •Scheduling •Outbound Rate Limit QoS Core •Application Rate Limit •Congestion Avoidance •L3 Marketing •Scheduling QoS WAN •Filtering •Scheduling •Congestion Avoidance •Shaping Figure 10: End-to-end QoS SAP traffic can be broken down into specific performance requirements that are dependent on the type of traffic. SAPgui-to-SAP application server traffic has very little impact on the network, consuming approximately 2 Kbytes per screen update. If SAP Internet Transaction Services is deployed, the SAPgui services will experience a 20 to 30 percent increase in bandwidth utilization. The majority of SAP traffic occurs between the application servers and database servers. This traffic is typically called “back-end” communications. If the back-end communications are impacted by network congestion, then all SAP users will experience overall network delay. Enterasys Networks has engineered a wide array of QoS features and capabilities into all of its enterprise network infrastructure solutions. From the user access level in the Matrix E7/SmartSwitch 6000 to the SmartSwitch Router 8000, a comprehensive suite of services is available to guarantee consistent and timely delivery of SAP services to the end users. The QoS capabilities inherent in the Enterasys solution can be broken down into the following four areas: • Classification • 802.1Q priority/TOS Marking • Committed Access Rate/Rate Limiting • Congestion Management The following sections describe these capabilities and their application in providing end-to-end QoS for a SAP implementation. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 13 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation Classification SIP DIP TYPE TOS/ Src Dest DSCP Port Port The primary component of Enterasys’ QoS services is the ability to detect and classify specific traffic streams. All of Enterasys’ enterprise platforms support a full Layer 4 classification capability. Through this capability, Enterasys is able to provide a network infrastructure solution capable of end-to-end detection of the network traffic associated with SAP Enterasys switching platforms are able to manage all the various IP traffic . patterns, ensuring that SAP’s mission critical applications are delivered to end users in a consistent and timely manner, greatly improving the SAP user experience. Each Matrix E7 and SmartSwitch 2000/6000 supports multi-layer frame classification capability. This capability, when used in conjunction with the frame marking capability outlined later in this section, provides the ability to assign priority handling to SAP traffic across the enterprise. Inabound Packets In Port Flow Setup Flows Enterasys’ SmartSwitch Router suite supports a per-flow classification capability that again can be used in conjunction with priority marking. This capability allows each switch in the network to: • Classify frames at wire-rate QoS • Apply the various traffic management services to the SAP conversations without impacting switch throughput. Figure 11 illustrates the per-flow classification capability of the SmartSwitch Router. Figure 11: SSR Multi-layer Frame Classification 802.1Q priority/TOS Marking All Enterprise switching platforms support multi-layer frame marking. This ability allows User Access switches to mark SAPgui or ITS traffic as mission critical for all up-stream devices. Packet marking allows switches without a classification capability to process marked traffic. Every Enterasys product supports Layer 2 marking with IEEE 802.1D(p) packet tagging. All Enterprise class products support the marking of IP Precedence, Type of Service or Differentiated Services Code Point (DSCP). Committed Access Rate/Rate Limiting Enterasys’ Switches support advanced traffic policing through Rate Limiting services. Rate Limiting allows each Matrix E7, SmartSwitch and SmartSwitch Router to regulate the amount of bandwidth available per application. Rate limiting can be defined such that there is always bandwidth available for applications such as SAP Server to Database transactions. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 14 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation All Other Traffic 30% ERP SAP/r3 Oracle 40% H.323 Voice/ Video 20% Control Message 10% Congestion Management: Congestion Management is accomplished through two distinct services: Avoidance and Scheduling. • Congestion avoidance is performed through Weighted Random Early Detection services. WRED allows for the control of individual IP flows. WRED Provides fair bandwidth reduction between host connections through implicit notification. This service helps to facilitate the delivery of SAP’s mission critical applications while maintaining acceptable performance for less mission critical applications. • Enterasys’ primary scheduling (queuing) mechanism is the Weighted Fair Queuing algorithm. WFQ allows network administrators to define classes of services for various network applications. WFQ is available on all Matrix E7, SmartSwitch and SmartSwitch Router systems. Figure 12 Illustrates the concept of the Weighted Fair Queuing mechanism. Outbound Port Figure 12: Weighted Fair Queuing Conclusion SAP R/3 and the mySAP .com strategy are powerful tools that can provide successful companies a competitive advantage. The successful realization of the competitive advantages provided by SAP R/3 and mySAP .com are ultimately dependent on the scalability, reliability and manageability of the network infrastructure. The network infrastructure is the vehicle by which the organization’s stakeholders utilize the power of the SAP solution. If the network cannot scale as the organization grows and the demands upon it increase, if it is not reliable or cannot be managed effectively, then the power and potential advantage are left unrealized. Enterasys Networks’ approach to designing and implementing a best-in-class network infrastructure for a mySAP .com implementation will result in full realization of that advantage. The experience in providing end-to-end solutions, technology leadership, and our experience as a SAP R/3 customer uniquely qualifies Enterasys as a provider of infrastructure solutions. Through our Technology Partnership, Enterasys is committed to continuing close collaboration with SAP to design and deliver optimal solutions providing advanced features and functionality supportive of SAP R/3 and mySAP .com implementations. I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 15 of 16 An Enterasys Networks’ Solution Overview I Best-in-Class Solutions for mySAP .com Implementation North America 35 Industrial Way Rochester, NH 03867 U.S.A. (603) 332-9400 50 Minuteman Road Andover, MA 01810 U.S.A. (978) 684-1000 Europe/Middle East/Africa Network House Newbury Business Park London Road, Newbury Berkshire, England RG13 2PZ 44-1635-580000 Asia Pacific 85 Science Park Drive #03-01/04 The Cavendish Singapore 118259 65-775-5355 Unit 8,Allambie Grove Estate 25 Frenchs Forest NSW 2086 Sydney, Australia 61-29950-5900 Latin America Periferico Sur No. 3642 Piso 6 Colonia Jardines del Pedregal Mexico City DF 01900 Mexico 525-490-3400 Av Jurubatuba, 73-3° andar Brooklin-São Paulo 04583-100-Brazil 55-11-5508-4600 The following is a partial list of trademarks or registered trademarks owned by, or under the control of, Cabletron: Cabletron Systems, SmartTrunk, SmartSwitch Router, and NetSight. The following is a partial list of trademarks or service marks of Enterasys Networks, Inc: Enterasys Networks. SAP software, R/3 software, mySAP .com, EnjoySAP are trademarks or registered trademarks of SAP AG. Oracle is a registered trademark of Oracle Corporation. Informix is a trademark of Informix Software, Inc. UNIX is a registered trademark of SCO Santa Clara Operation. All their trademarks are the property of their respective owners. Copyright © 2000 Enterasys Networks, a Cabletron Systems, Inc. company. All Rights Reserved. NOTE: Cabletron Systems, Inc. reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Lit#9012047-1 6/00 I Enterasys Networks I www.enterasys.com I Copyright 2000 Enterasys Networks. All Rights reserved pg 16 of 16