Vendor Profile: Cisco Redux

The reigning network leader has bounced back from tough times with record revenue and profits. But can Cisco keep innovating while fending off challengers? Three years later, we take another

October 22, 2004

45 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Even within a single technology, Cisco's architectural thrust means tighter integration of individual products--such as firewalls, VPNs and intrusion-prevention systems in security. Cisco's "self-defending network" strategy involves embedding more security capabilities into its core products, a key differentiator of the new line of integrated services routers Cisco introduced this month. Networks architected in this way not only will be more secure, Cisco reasons, they'll also be cheaper to manage because customers won't have to build and maintain elaborate overlays.

From CEO John Chambers on down, architecture is the rallying cry. Chambers talks about customers moving "from a box to a system to an architectural focus." Pierre-Paul Allard, VP of enterprise marketing, dropped the word architecture at least 50 times during a recent 60-minute interview. In an e-mail response to a question about Cisco's six "Advanced Technology" areas, a PR rep says: "We encourage you to think about these Advanced Technologies as an architectural network evolution, with each technology being linked to the others." OK, we get it now.

But much to Cisco's chagrin, not all customers do. Many still shop around for the least expensive products, or products with targeted feature sets, to solve the latest problem: unclog bottlenecks, lower communications costs, beef up storage, fend off attacks--fix a flawed architecture, in Cisco parlance.

Customers are better served, Cisco preaches, by focusing on total cost of ownership, not up-front pricing. Allard argues that only 20 percent of the average IT budget is spent on systems, with the rest going to facilities and operations. Companies can cut those costs by at least 25 percent, he argues, by standardizing on a primary vendor.

Talking With Cisco

Tune in for an inside look at how Cisco approaches storage management, mobile and wireless, security and network management. Get the scoop straight from the horse's mouth in this exclusive set of audio interviews with the top brass from Cisco.

How so? Going with a primary vendor not only lets customers exact volume discounts, it also lets them reduce IT staff costs (fewer disparate systems to manage) and consolidate maintenance contracts. A primary-vendor strategy also helps customers improve network planning (less time devoted to vendor selection, more time spent reducing unnecessary equipment and optimizing performance) and speed deployment (single-vendor installments take less time)--all while increasing network reliability.

Says who? Sage Research, in a study completed last year of 226 U.S. companies in various industries. The catch? The study was prepared exclusively for Cisco, king of the primary vendors. Your results may vary.

No One Ever Got Fired ...So why do so many companies buy from Cisco? Given four choices, 31 percent of the 820 Cisco customers who responded to a Network Computing survey cited the company's market leadership, while another 31 percent like the interoperability of its broad product portfolio. Some 21 percent think Cisco offers the best technology for the price, while a risk-averse 17 percent of the respondents buy from the vendor "because no one ever got fired for buying from Cisco" (see chart, page 63).

Anecdotally, customers say they're most loyal to Cisco's core networking products: its switches and routers. "They just work, and they almost never break," says one senior IT executive. Also rated highly are Cisco's service and support, and training and certification programs.

What concerns customers--as always--is that an ever-deepening relationship with one vendor will lead to an unhealthy dependence. One IT manager says that his Cisco sales reps almost demand that his company move to a homogeneous networking environment.

Customers also worry that as Cisco has branched into new technology areas--mostly through scores of acquisitions--it has spread itself too thin. "Once you get outside of those core products, all bets are off," the exec says, adding that over the past few years, he has seen a decline in Cisco's ability to seamlessly integrate the companies and technologies it has purchased.

The biggest customer concern remains Cisco's pricing, according to the Network Computing survey. When asked, "If you could make one change at Cisco, what would it be?" 42 percent of the respondents selected "lower prices"--by far the No. 1 choice among eight options. Asked in a separate question to weigh in on Cisco's product pricing, 45 percent of the respondents rated it as inferior to most competing product prices. In contrast, only 4 percent rated the technical quality of Cisco's products as inferior to most competing products, while only 9 percent rated its service and support as inferior (see charts above and on page 66).When told of our survey results, Cisco marketing VP Allard shifted the focus of the discussion. Those IT managers who comb the market for the lowest prices, he says, tend to be focused on fighting fires rather than "resolving business imperatives." That's one reason Cisco has crafted a dozen or so "networking business solutions" around key industries, including transportation, manufacturing, financial services, health care, government, retail and education. With these vertical solutions, Cisco is trying to elevate the conversation above price, appealing to customers' broad business interests--cutting costs, improving productivity, driving revenue.

In March, for example, Cisco rolled out the Intelligent Transportation Solutions program, a suite of IP telephony, wireless, security and other networking products and services tailored for airports, roadways, public transport authorities and seaports. One marquee customer, Toronto Pearson International Airport, consolidated 14 airport, airline and tenant networks and 11 information silos onto a common Cisco infrastructure to improve airport operations, passenger and baggage processing, and aircraft turnaround. The consolidation, part of a new $4.4 billion terminal the airport opened in April, included the installation of 1,100 Cisco IP phones and 1,100 Cisco wireless access points.

There's no higher-profile embodiment of Cisco's architecture-to-business-solutions message than Cisco itself. The company is a rabid consumer and integrator of its own wireless, IP telephony, switching, routing and security dog food. Every quarter or so, all of Cisco's business leaders present their groups' IT strategies to Chambers and their peers, along with productivity improvements to be squeezed from those technology investments. Cisco says the technology and process changes it implemented last fiscal year boosted productivity, as measured by revenue per employee, by 27 percent, to $690,000.

Financial Strength

Cisco has emerged from the tech downturn better than most vendors. In its most recent quarter, its net income rose 41 percent from a year ago to $1.38 billion--the highest quarterly net income in its history--on 26 percent higher net sales of $5.93 billion. For the fiscal year, net income was up 23 percent from a year earlier to $4.4 billion, on 17 percent higher net sales of $22.0 billion.Driving much of that growth are the six Advanced Technology businesses mentioned earlier. As a whole, they generated 67 percent higher revenue last fiscal year compared with the year earlier and now account for 16 percent of Cisco's total revenue. Cisco's IP telephony revenue grew about 40 percent year over year, wireless grew 45 percent, storage was up 180 percent, optical was up 16 percent, security grew 45 percent, and home networking grew 60 percent. By comparison, Cisco's core switching and routing businesses, which still account for 41 percent and 24 percent of the company's sales, respectively, grew in the low double digits.

Although no longer the world's most valuable company--a title it held for a couple of weeks at the bulge of the dot-com bubble--Cisco's market capitalization, at around $125 billion, remains among the largest for IT vendors. Its brand is as blue chip as ever: For example, in a Yankee Group survey released last month, U.S. enterprises ranked Cisco among the top three "most trusted" security product vendors--even though Cisco has been in that market for only a few years.

But with leadership comes responsibility. After Cisco issued a less-than-exuberant sales forecast during its fourth-quarter financial report--Chambers said customers are "a little more cautious" about tech spending--the broader stock indexes took a dive. For this reason, Chambers is leery about saying too much about technology buying trends for fear a stray word or misinterpreted phrase will spook an investor stampede.

Even with Cisco's dominance (a word Chambers would never use), the CEO still pays lip service to the importance of healthy competition. What ultimately crippled Chambers' former employers, IBM and Wang, was not competition but a lack of it, he says. They failed to keep up with the changing times.

And so Cisco continues to explore new market opportunities while constantly driving productivity improvements internally. If you're just trying to keep pace, you're falling behind, a principle that's truer today than it was three years ago. In the following pages, six Network Computing editors reveal what they learned about Cisco's direction in networking systems, network-management software, security, storage, VoIP and wireless after sitting down with some top company execs.Finally, you may have noticed that Cisco took home our Editor's Choice award for a premium end-to-end network in our cover package RFP (page 38). Although it's coincidental that these articles ended up in the same issue, we suggest taking a peek at Cisco's RFP response, where you'll find nearly 30 proposed upgrades to our fictional company's, yes, architecture.

Switching and Routing

Cisco Systems practically created the router market in the 1980s and has dominated it ever since. With some strategic purchases and some in-house development, the company went on to dominate the switch market as well. Even though many IT pros put routers and switches in the same category, Cisco breaks them into two separate units. Joni Jiandani, vice president and general manager of its switching and storage technology groups, is responsible for Cisco's 6000 series, the company's flagship modular switch that, Jiandani says, is deployed everywhere from the core of enterprise networks to the edges of service providers' MANs (metropolitan area networks). We spoke with Jiandani and Ian Pennell, vice president of Cisco's MCEBU (Multiservice Customer Edge Business Unit), who is responsible for Cisco edge routers, including the 2600 and 3700 series and the new 3800 series. Pennell also oversees Cisco products that extend VoIP (voice over IP) capabilities to the edge, such as voice gateways and Cisco Call Manager Express.

Pennell's job description reveals Cisco's interest in using its dominance in the router market to boost VoIP sales. In fact, we discerned a trend: A lot of crossover is under way among wireless, security and VoIP units into both the switching and routing divisions. From an IT perspective, this is both good and bad. The good news is that cross-pollination promotes innovations that Cisco customers will find useful. The bad news? The more customers take advantage of these features, the more it locks technologies together that otherwise would be clear points of demarcation for best-of-breed offerings. Cisco points out that this interoperability differentiates its products from the competition because much of the basic routing and switching functionality that at one time made Cisco products unique is becoming commoditized in low-priced, third-party ASICs.

Switches OnAlthough Cisco's 6500 is considered a switch, many also use it at the core of their networks as a Layer 3 switch or router. Other vendors offering products with similar functionality include Alcatel, Extreme Networks, Foundry Networks, Nortel Networks and newcomer Force10 Networks, known for its high-density and high-performance Gigabit and 10 Gigabit Ethernet devices. Jiandani points out that Cisco offers cards for the 6500 that add firewalling, IDS, VPN and wireless functionality on the same backplane that can provide high-performance, ASIC-based Gigabit and 10 Gigabit switching and routing. We don't know of any other vendor that can combine that much functionality in one package.

Jiandani also asserts that Cisco originated many of the standards in use today; for example, MPLS (Multiprotocol Label Switching) was Cisco's Tag Switching; ISL link aggregation is now known as IEEE 802.3ad; and PoE (Power over Ethernet) is standardized as 802.3af. But though Cisco has driven many standards, the company also has lagged behind rivals in adopting the standardized versions. Where have we heard that before?

Crystal Ball

Ask Jiandani what she sees coming in three to five years, and she'll express great enthusiasm about Ethernet, saying that someday, Ethernet will be ubiquitous--found in everything from factory floors to Metronets, from the curb to the home, and will even displace Sonet. She predicts that Ethernet eventually will be as ubiquitous as IP is today. To that, we say: Bring it on!

Pennell, though in a different group with very different products, echoes some of Jiandani's themes. He is most excited about Cisco's newly released 3850 router. Like the 6500, the 3800 and, to some extent, lower-end branch-office routers are getting loaded up with firewall, VPN, voice and voicemail capabilities along with the ASICs and DSPs (digital signal processors) necessary to do it all while maintaining performance. Pennell contends that customers are demanding more features combined in one box to ease management costs, provide better protection and ensure high availability of technologies like VoIP. When asked about vendor lock-in, he states that customers have the option of turning on the features when they need them, or not using them at all.When we asked how disparate groups within Cisco manage to integrate functions, Pennell described the process as challenging and requiring a lot of coordination, especially when releasing products in different areas with related feature sets. Previously, Cisco had been organized by market, with separate groups covering, for example, service providers and enterprises. Now, units are grouped by products, and the groups work very closely with one another. Pennell says that under this system, Cisco can adapt to meet the needs of customers and the dynamics of the market. "John Chambers set up a culture that doesn't worry about building domains," he says.

Watch Your Back

As for Cisco's competitors, Pennell has nothing bad to say about them; this was true of everyone we spoke with at Cisco. He says that with what he sees as an improving economy, he expects lots of business for everyone to help drive networking forward. When pressed on which rival he worries about most, Pennell says he pays very close attention to all his competition, but lately Juniper has been on his radar. This is probably because of Juniper's recent move into the edge router market. In the Asian markets, Pennell is watching Huawei, a Chinese company that is partnering with 3Com Corp. in the United States and that recently settled a lawsuit over routing code (see "Cisco Settles Patent-Infringement Suit With Huawei," at www. techweb. com/ wire/ 26805246).

When asked about the future of edge routing three to five years from now, Pennell talks of added security and the importance deeper content inspection without degraded performance. He cites increased use of ASICs to accomplish these goals and says that ASICs will be used more, even in low-end products.

In the past, security at the edge has meant a trade-off with performance when implemented in shared-CPU routers. Cisco's plan to look even deeper into packets traversing its switches normally would raise flags about the processing burden, but putting the process in ASICs addresses performance concerns and is a new concept when it comes to lower-cost edge routers. And, we'll never argue with an emphasis on added security.We also asked about IOS-XR router features showing up in enterprise routing products. The IOS-XR is the high-end, high-performance core ISP router that Cisco introduced this year, sporting a new version of IOS with a more robust design that enables high availability and more modularity in the software. We've heard speculation that these features would trickle down into the enterprise. Pennell squashes these hopes, but points out that IOS is divided into "trains" that keep code for different feature sets under control by matching trains with appropriate equipment and applications. Those of us who've played the features-versus-bugs juggling game might disagree. --Peter Morrissey

Cisco's network and network-management dominance isn't attributable to the excellence of its management software--a statement the company will no doubt publicly contest and privately acknowledge. Rather, Cisco leads thanks to its hardware. But dominance is exactly what's need to move network-management software forward. So we set out to determine whether Cisco has the vision to use its position to make that push.

Cliff Meltzer, senior vice president of Cisco's network management technology group, chatted with us about where the company's dominance is leading it--and all of us. Not unexpectedly, discussion of the autonomic utility or, in Ciscoese, Intelligent Information Network, peppered our time together. But we were surprised to hear Meltzer acknowledge that network management as practiced today is neither standard nor open enough to manage the networks of the future.

First, let's define network management: It's about monitoring and maintaining end-service delivery, including Layer 2 and Layer 3 frames and packets, as well as networked devices, systems, services and apps. But there's a disconnect between what is doable and the expounded vision of industry leaders and thinkers. The need for network-management automation and proactive control is obvious, but the leadership to get it done is lacking. Leadership is what we heard from Cisco, though, and we hope, that will lead to getting it done.

We are heartened by Cisco's vision for an open management initiative, for example. Cisco has long participated in standards bodies, such as the IETF and DMTF, and while excellent piecemeal standards, such as SNMPconf and DEN, have been forged, no seismic network-management advances have occurred. Moreover, these incremental improvements, adhered to and touted by some vendors, are often only sporadically championed and deployed by others, including Cisco. Without a higher standard, our lowest common denominator remains SNMP and device CLI.Meltzer says Cisco's Intelligent Information Network initiative is poised to change this piecemeal approach through a significant new management platform.

"Cisco intends to help the industry as a whole, so customers will be able to associate business value with their networks," Meltzer says. "This will help customers justify the investments they are making in their networks."

He touts shared common resources, like discovery, database, polling and fault management, and a "programmatic," open, consistent interface for all Cisco hardware. Given the number of Cisco devices deployed, the interface alone will simplify life for network managers and management vendors.

Still, if you think this sounds vaguely like management frameworks from Computer Associates, Hewlett-Packard, IBM and just about every other Tom, Dick and Harry management vendor of the past 15 years, you're right. It's a logical approach to managing across complex network environments, but the devil has always been in the detailed, brittle implementations required to configure these frameworks. The inconsistent, proprietary CLI syntax for network devices is at the center of this inflexible network-management reality.

Cisco has the money, smarts and market power to make it happen, but it's not the grand strategy of the Intelligent Information Network that caught our imagination as much as Cisco's plan to fix the way its hardware is managed.The Cisco CLI is the de facto standard for interacting with network devices simply because Cisco gear is everywhere; vendors like Enterasys and Foundry have even modeled their CLIs on it so as to surf Cisco's wake. But it's a terrible interface, lacking intuitiveness and maddeningly different from model to model, release to release, feature set to feature set. Although logging in and pounding out a few commands is no big deal, trying to automate configuration tasks across a large number of Cisco devices is a bear. This increases network-management costs for IT and vendors alike.

But, as Meltzer says, Cisco is working on a new management interface for its devices that is standard, open and programmatic. We pressed for more information about how this programmatic interface might be organized. Would it use SNMPconf or something similar to Juniper's XML interface? But we got the political answer: Cisco will use the best technology to get the job done without ruling out existing applicable work. Still, Meltzer says Cisco will offer the interface, due to be in initial trials within 18 months, to standards bodies so Enterasys, Foundry and others can adopt it.

Meltzer was clear that this doesn't mean the existing CLI or SNMP is going away. These approaches will likely be with us forever. "There's just too much invested in SNMP and Cisco CLI," Meltzer says. "New stuff will take time to get a hold. This is evolution, not revolution."

But, you ask, what's in it for Cisco? It's fair to wonder why the company would make it easier for its competitors to manage networks, and it's also true that the road to open standards is carpeted with vendors' self-serving offerings. Meltzer's reply that improved management improves networking--an area in which Cisco competes confidently--didn't surprise us. We've heard this mantra for years from individuals who drive Cisco management strategies.

Even though initial products will begin to arrive within 18 months, Meltzer offers no specific time line or road map, which, while a safe PR move, is disappointing and inconsistent with such a large strategic initiative. Meltzer did talk about the need to move customers to new platforms to get new management interfaces into the field, but he points out that since Cisco can't force hardware upgrades, full implementation could take a while. So hunker down--help is going to be a long time coming.New Attitude

We wondered which technologies or existing standards might be part of Cisco's new approach. Some of the work that has taken place in the IETF and DMTF could play a role, Meltzer says--which is another way of saying that there isn't anything definite and nothing is ruled out. To put it another way, "Follow us--we know where we're going, and we have money to buy a map!"

Some readers told us they don't believe Cisco has expended enough development resources on the enterprise version of CiscoWorks. They complained about MIBs taking a year, as in the case of the Aeronet 1200, and new products requiring paid upgrades. The supposition: Enterprises often negotiate CiscoWorks at a low price as part of a larger deal, curtailing the revenue stream for the enterprise-management line of business.

Meltzer politely but firmly denies any lag, insisting that anyone who thinks otherwise is under a misperception. He says Cisco seeks to ensure that products, at the very worst, are supported in CiscoWorks within "days or a week," but that normally the process dictates a synchronized release of management and new hardware/functionality. We'll have to agree to disagree on this point.

In answer to readers' pricing/development concerns, Meltzer explains that management software is not the core driver of Cisco's business. Rather, it's meant to complement the company's hardware and create a total system. In that case, it seems appropriate to us that the management be included with the products. Meltzer answers that the CLI and Web interfaces were meant to satisfy simple management needs. For more dynamic, larger networks, the new management software will continue to be provided at incremental cost."While the revenue of the network management group is interesting and sizable, our No. 1 priority is not optimizing revenue for particular network management," Meltzer says. "We step back and consider the overall system that the customer is purchasing from us." He adds: "You let people into the movie theater, and they buy your popcorn and soda. You sell the basic car; the money is in the accessories."

We agree that it will be worth the price of our local cineplex's Giganto Tub O'Popcorn with extra butter-flavored goop if third-party vendors can manage Cisco gear fully using the new standard. --Bruce Boardman

The basic equation is simple: Security is a huge issue in networking + Cisco is the world's largest network infrastructure company = Cisco says security features are coming to the network infrastructure. Although other vendors push the idea of individual appliances dedicated to particular functions, Cisco has been at the leading edge of an effort, shared by infrastructure vendors like Enterasys and Foundry, to incorporate firewall and policy-enforcement functions in the switches and routers at the center of the network. In talking to Richard Palmer, Cisco's vice president of the VPN and security business unit, we heard from a company that is trying to consolidate functions inside a huge market share while not acting like a bully in an arena that depends on collaboration for success.

The first step in understanding Cisco's approach to security is to see the company as it sees itself--as the market leader in network-security products. According to Infonetics Research, Cisco is the world's largest vendor of VPN and firewall products, with more than a third of the $722.5 million global market in the second quarter of 2004. One of Cisco's challenges is to make customers see it as a security company when its infrastructure reputation is so large as to block out that message. Cisco's recent advertising is emphasizing security over performance, another indicator that the company is trying to move customer perception in that direction.

Security to the InfrastructureThe next step in Cisco security awareness is to understand that it intends to see most security functions incorporated into the core network infrastructure.

"We have firewall modules in our Catalyst systems, security accelerator blades in our routers and switches," Palmer says. "We think that embedded security will allow people to apply security more comprehensively."

The idea is that minimizing component count and bringing security and network management under a single administration console will make it easier to build rational top-down security policies and implementation plans. We believe it's likely that many security functions, from antivirus protection to vulnerability assessment, will continue to live outside the core infrastructure, owing to the nature of their operation or very real performance concerns based on the processing required.

Palmer goes on to say that Cisco increasingly will integrate the security functions contained in the infrastructure into an overall system. "Security has always been thought of as a set of separate functions," he says. "You have a firewall, IDS and other point-functionality ingredients. We think security will become a system, with more cooperative ingredients. Endpoint software, policy servers and network-infrastructure pieces will all work together."

Just how the pieces will work together is shown in Cisco's Network Admission Control, a system that polls a device during the authentication process and allows or denies network access based (in part) on whether the device's endpoint security functions meet the standards established by the organization. This approach relies both on central policy control and on endpoint hardware and software that will let themselves be interrogated and return information the central manager can use to make access decisions. It relies, in short, on cooperation and partnerships between vendors.This security framework attempts to use the network infrastructure to enforce security policies at every endpoint. In reality, it means sharing a single method of authentication and authorization across all the components and applications; sharing configuration information from hosts to access points within the network; and controlling it all from a central set of policies established by administrators.

Cisco points to partnerships with antivirus vendors such as McAfee, Symantec and Trend Micro, and desktop management vendors like IBM Tivoli as evidence that its efforts are being embraced by the industry. Although a number of companies are seeking to do similar things with security consolidation, most are trying to use a network-security appliance or independent software framework as the central actor in the mix, while Cisco aims to keep the focus on its essential network-infrastructure pieces. Cisco's focus in these partnerships is not merely on technology--the online application form for taking part in the Network Admission Control partnership asks as many questions about marketing and sales issues as it does about technical matters. It's obviously important to Cisco that partner companies be as compatible with their marketing mission as they are with the NAC framework itself, and it's this level of cooperation between companies that makes frameworks such as NAC such huge potential influences on the security landscape.

Standards

Key to interoperability are standards. Who sets the bar over which all vendors must leap in a particular security arena? Palmer correctly points out that security standards have tended to be perceived differently from standards in other technologies because security products haven't had to interact with one another in the same way that, say, wireless NICs and access points do. The most commercially important standards have been driven by government agencies or mandates, including those from the Energy Assurance Office and the Federal Information Processing Standards, and Cisco is certified to comply with standards within both. Cisco also submits some products to ICSALabs for its certification work, but we believe the company's partnerships, such as those reached in conjunction with Network Admission Control, will have a larger impact on most customers than will standards.

PartnershipsWhen asked about partnerships, Palmer talks most readily about Cisco's relationships with other big, enterprise-familiar vendors like IBM, Microsoft and Symantec but admitted that security's fast-evolving nature makes it a fertile area for smaller companies that specialize in one aspect of the overall problem.

"There's huge opportunity for innovative work, particularly in detection of new threats and in being significantly able to correlate events that are happening across the infrastructure in different technology areas," he said. "The customer is well served by having an integrated approach to enforcement, but that doesn't preclude the innovation and multiplicity of other companies being part of that system."

Ultimately, Palmer breaks down Cisco's view of security into three broad areas. Detection is the first, and Palmer sees many different ways to detect attacks, exploits and vulnerabilities, and many different locations for detection to occur. Threat detection is also the technology area in which Palmer sees the most opportunity for start-ups because of the rapid pace of exploit development and release. Next comes establishing the best policy, so that there are rules for knowing how to deal with attacks. Partnerships are critical here, because there are many functions, such as antivirus, that come from other vendors, and a rational policy must take into account the capabilities of all system components. The critical concern for Cisco, though, is that its partners be under the control of a Cisco-centric management system. This blends into the third area, enforcing policy, where action is taken against attacks and intrusions. This is something Cisco sees as increasingly being the role of infrastructure pieces that filter, support and enforce policy.

For network administrators, it's a vision that includes more Cisco in more places, with greater security coordination as the promised payoff. But it's a vision that should be scrutinized carefully in the light of today's fast-moving threats and vulnerabilities. --Curtis Franklin Jr.

VoIP is a force to be reckoned with. According to Synergy Research Group, by next year, IP telephony line shipments will match TDM line shipments, and VoIP's dominance will continue to grow--no matter how you slice and dice the numbers, most industry watchers agree that VoIP is more a matter of "when" than "if."This wasn't always the case, and we give Cisco credit for discerning the trend early on, possibly even driving it with its acquisition of IP PBX provider Selsius Systems more than five years ago. Taking dominant legacy voice providers Nortel and Avaya off guard, Cisco built the Selsius product into a new line of business that matched its prowess in routing and switching. Cisco claims to have sold more than 3.5 million VoIP phones, with 6,500 to 7,000 new Cisco phones going into production every day.

Still, the landscape has changed since Cisco first moved into VoIP. Established providers Alcatel, Avaya, Nortel and Siemens, as well as many smaller players, now also have excellent VoIP technology and are gunning for Cisco. Will these challengers' installed base of legacy installations trump Cisco's own large base of switch and router customers? We spoke with Rick Moran, vice president of product technology for Cisco IPC (IP Communications), the business unit responsible for VoIP products, to get his take.

Long Time Gone

Moran is quick to point out that Cisco was involved with VoIP as early as 1996, two years before its acquisition of Selsius, doing toll bypass with routers. He attributes Cisco's early and continued dominance to the fact that the company understands IP networks, the heart of VoIP. "We understand how the IP network is architected," Moran says.

Some early adopters who experienced Cisco's VoIP products in the 1990s might argue that it takes more than IP know-how to make VoIP work--it's also about features and reliability. Notable early VoIP adopters that later defected from Cisco include Merrill Lynch and the state of Alaska. But these can be chalked up to lessons learned, considering some of Cisco's most recent wins: Add up Boeing's 150,000 phones, plus 180,000 for Bank of America and 50,000 for Ford Motor Co., and you come up with some powerful momentum. The three companies cited cost savings, flexibility, and ease of moves, adds and changes as key reasons for choosing Cisco VoIP gear.Moran pointed out the benefits of having access to the company phone system, whether at home or on the road, and we asked if he was using VoIP from his hotel as we spoke. He said he wasn't--but he added that the technology was involved, since we had called into a Cisco conference bridge based on VoIP. By the end of 2002, Cisco finished the conversion of all 55,000 of its corporate phones to pure IP.

When asked what drives new VoIP implementations, Moran said more obvious sells are companies occupying new buildings, those with geographically dispersed locations and those supporting 10-year-old equipment from multiple vendors with multiple service contracts. We agree. Moran also points out that having 3.5 million phone installations under its belt qualifies Cisco for smoothing what can be a difficult transition--from legacy voice to VoIP.

As for how customers make the ROI case for VoIP, Moran says companies doing lots of moves, adds and changes have a strong case. Indeed, according to David Willis of the Meta Group, the typical cost for one move ranges from $90 to $220, depending on the region and whether it's outsourced or done in-house. Moran adds that many customers neglect to factor in savings gained by logging into the corporate VoIP system and thus avoiding exorbitant hotel phone and cell phone roaming costs, which are usually buried in expense reports and thus often missed by the telecom group.

We asked Moran, who travels often, whether he had experienced any firsthand benefits from using VoIP. His response: "The ability to be anywhere, anytime, anyplace." He went on to explain that geographic location becomes less of an issue; he cited the ability to log in once and have access to the Cisco data network, be on the corporate voice system and have access to e-mail through unified messaging. He said he has to remember only one password and saves time by not having to make a separate phone call to check his voicemail.

Having a portion of his calls carried on the public Internet hasn't caused a problem, Moran says. We found this ironic, given the emphasis Cisco and other vendors put on building and designing expensive, QoS (quality of service)-enabled corporate networks to support VoIP.As for Cisco's future VoIP plans, Moran is excited about presence-based applications based on SIP (Session Initiation Protocol). We asked about Cisco's focus on using all-Cisco gear for both data and voice, and the concerns some IT pros have of getting locked in. Moran responded that Cisco is working on better SIP support for its CallManager VoIP system.

"The reality is that we have to make sure our application runs on heterogeneous networks as well as homogenous ones," he says. "We recognize that we will have other vendors."

Today's reality, however, is that phones used with CallManager must support Cisco's proprietary protocol--you can't use third-party SIP phones, though Cisco's phones do support SIP. Currently, Avaya, Nortel and Siemens are much more enthusiastic about third-party SIP support than Cisco, and though Moran said we'll see improvements, he didn't offer specifics. We see this as a strike against Cisco's strategy and feel the company should fully embrace third-party SIP endpoint support for CallManager, instead of just talking about all the SIP working groups in which it participates.

Open Windows

Some IT managers we've spoken with are uncomfortable with Cisco's running CallManager on Windows, which doesn't have the best track record for security. Moran counters that many Cisco customers are running other critical business apps on Microsoft servers and are accustomed to dealing with security issues. He also points out that Cisco works closely with Microsoft to keep its servers secure and strips out any unnecessary services that could cause security holes. When asked if Cisco will port CallManager to a Unix derivative, Moran says he knows of no immediate plans, though the issue has been discussed.Finally, Moran touched on Cisco's acquisition of Vialto, a developer of advanced IVR (interactive voice response) and voice-activation software that it snapped up in February. Cisco is looking to incorporate Vialto's advanced voice-activation features into its VoIP products. Moran calls the project "full vocabulary voice" that would make it possible for users to simply say, "What meetings do I have Friday?" We think Cisco is on track here because new productivity applications like this are what will define the value of VoIP.

Finally, realizing that brand recognition is everything, we asked Moran about upcoming movies in which we could see Cisco phones in action. He wouldn't reveal any, but he did point out that the company's phones are featured in a number of TV shows, including The West Wing and CSI. --Peter Morrissey

Cisco has had a few years to work its magic in the storage market, so when we got the opportunity to speak with Jackie Ross, VP of marketing, and Rajeev Bhardwaj, senior product manager in the Cisco storage group, we asked them some hard questions about the issues paramount in the storage industry.

Not surprisingly, Cisco comes across as rather proud of its achievements to date--it's been growing storage-switch market share at a rate that should be making Brocade, McData and QLogic take notice. The company also has managed a reasonably steady stream of enhancements to its storage-switch gear that it clearly hopes will generate growth quarter over quarter.

But we wanted to know how Cisco plans to address the big questions that confront storage managers today--competition to expensive Fibre Channel and SCSI gear from a new breed of low-cost SAN and NAS products based on Windows Storage Server or iSCSI; the iSCSI versus FC debate; and the challenges of making disparate architectures play nicely together. Coming at the market tangentially are blade servers and increasing storage speeds. Our questions hit on all these issues, and also delved into Cisco's plans and how customer feedback impacts its direction.Our overall takeaway from Bhardwaj and Ross: Cisco is addressing all these issues from the perspective of giving users choice.

To make certain we all understand the issues, here's some background:

• Fibre Channel is a short-run storage protocol that runs over optical cable. It's used for connecting storage to servers in traditional SANs and for connecting storage to SAN controllers.

• FCIP tunnels Fibre Channel commands over an IP network, giving you FC functionality without the short-run and optical limitations.

• Finally, iSCSI is similar to FCIP but tunnels SCSI disk commands over IP. The iSCSI market has evolved such that the device normally on the other end is not just a hard disk, but a disk array.All these technologies make remote storage appear as a local drive, but performance varies--any IP-based storage is slowed by network bandwidth and the requirements to package and unpackage data, while FC is limited by requiring specialized hardware at each end. Cisco's position: FC will continue to grow; FCIP will be used to interconnect SANs and simplify backups; and iSCSI will be useful at the low end. We question whether, long term, FC has legs and whether FCIP will gain popularity.

Still, Cisco's platform is hard to beat if your crystal ball tells you the only constant in the storage space--at least for the next several years--will be change. Although we believe IP-based storage will win out eventually, other industry pundits say iSCSI will never be high-performance enough to compete with Fibre Channel directly. Cisco has deftly managed to appease both sides with its 9000 Series line of SAN switches. If you need FC today but require FCIP access to a remote SAN or consider iSCSI a serious threat to FC, then Cisco has a box for you: the 9216i. Just call it Switzerland.

"We're protocol agnostic--whatever the customer requires," Ross says.

And when technology changes your requirements, you slip in a new blade or change a configuration setting and run cables. We've tested some of these new Cisco products that handle FCIP, iSCSI and FC, all in a single box. Our impression: Although you won't use FCIP in this environment unless you're already an FC shop, and it is a little pricey, the 9216i does a good job of tying FC with IP storage protocols (see our Sneak Preview of the 9216i on page 29, ID# 1521sp1.).

We disagree with Cisco's assertion that the market for FCIP in the enterprise is larger than most analysts and editors give it credit for, but if you're running FC and need remote access--say, for interconnecting SANs, accessing a SAN from remote servers (such as remote departmental servers requiring access to your data-center SAN) or for backups--interoperability is useful. And because Cisco supports FCIP in addition to FC, iSCSI and even mainframe storage connectivity through FiCon (fiber connectivity), it doesn't hurt iSCSI or FC users to have FCIP built in, and it's probably a selling point at larger organizations.Cisco also believes that the features and perceived quality it has applied to data networking is a huge plus for its positioning in the storage networking arena. We have to agree. Ross characterizes early adoption of SAN technology as on par with early adoption of TCP/IP, and puts forth the premise that Cisco's background gives it a leg up on developing advanced storage-networking features. If VSAN, the ability to make SAN-based VLANs to segment data traffic, and inter-VSAN routing capabilities are any indication, Ross is right. As more storage networking heads into the IP arena, this strength should serve Cisco well.

We told Ross and Bhardwaj that though Cisco's traditional market is oriented toward the enterprise, where FC is the ruling technology, the up-and-coming IP storage market is going to grow the most at the low end, where small and midsize businesses don't want to have to learn IOS and FC to set up storage. In response, they pointed us to Cisco's GUI, which Bhardwaj says does the same things as IOS. Bhardwaj also directed our attention to the fact that growth in the low end is unlikely to be FCIP--that will be used to hook remote servers to SANs and to handle SAN-to-SAN linking over a WAN or MAN. Rather, iSCSI will be the system of choice for low-end users, and with its GUI, iSCSI is relatively easy to configure.

One area in which we completely endorse Cisco's approach to the low end is in education of IT staff before implementing storage networking. As smaller shops begin to use more SAN technology, it would be nice if they could architect a long-term plan instead of throwing a NAS or iSCSI device on the network and assuming they're done. When these shops outgrow the capacity of that device, they'll need to do something more complex, and if the users have training beforehand, they can make decisions that will work for them now and in the future.

Come Together

When we asked about the convergence of IP and SAN traffic and support for blade servers, Bhardwaj and Ross again pointed out Cisco's successes in both the IP and SAN markets as proof that it's on top of convergence. Ross added that the company already supports the unique storage needs that blade servers meet through partnerships with blade-server vendors, including IBM.Overall, we feel Cisco is on the ball in the storage market. It has the background and the talent to compete in an arena that is becoming increasingly network-oriented. It also has a ready-made market, with its dominant installed base of data networking gear. And because the company supports your SAN regardless of which protocol you choose to implement, it's also appealing for merger and acquisition purposes.

However, despite its outward endorsement of FC, we see no evidence that Cisco has truly changed its belief that IP networking is the wave of the future for SANs. It has segmented the market such that it has a good idea of what is needed today and what will be needed in the future: Short term, it's selling FCIP for inter-SAN connectivity, and iSCSI to hook departmental machines up to the SAN. Longer term, it's looking at iSCSI for small and midsize businesses, and a mix of FC-iSCSI-FCIP for enterprises. This is a sound plan evidencing a good understanding of the technologies in question. --Don MacVittie

When it comes to wireless, Cisco doesn't try to be all things to all people. Although the company has dipped its toes into areas like fixed wireless and mobile application infrastructure, the strategy of the wireless network business unit (WNBU) is focused on Wi-Fi--and for good reason. With nearly 50 percent market share in an enterprise market that's expected to grow significantly in coming years, it's almost impossible to imagine how the company could fail.

In spite of its strong market position, Cisco is not resting on its laurels. Bill Rossi, vice president and general manager of the WNBU, told us he's determined to extend the company's leadership position in WLAN systems with a strategy of leveraging its dominant market position in Ethernet. "Cisco will continue to grow its leadership position in WLAN systems that integrate and extend wireless and wired to provide customers with reduced total cost of ownership," he says.

Cisco's architectural blueprint, known as the structured wireless aware network, or SWAN, is designed to provide a foundation of secure and highly available wireless services to support conventional PC-based applications as well as emerging systems like wireless VoIP.Skin in the Game

As the 802.11 standards emerged in the 1990s, Cisco's market absence communicated a not-very-subtle message that WLANs weren't ready for the enterprise. Its entrance, through the 1999 acquisition of Aironet Communications, sent the opposite signal. Aironet was regarded as a leader in enterprise Wi-Fi, and once the logo on the box changed from Aironet to Cisco, sales volumes rose sharply. The overall enterprise WLAN market didn't grow as fast as many had hoped, but Cisco's entrance added legitimacy.

In the past five years, Cisco has revamped its product line but has stayed true to the original Aironet "smart AP" architecture. Its 340/350 series was the first offering introduced on Cisco's clock, but it was the 1200 series that represented the most significant step forward. The 1200 was packed with processing power and memory, and its modular radio architecture made it Cisco's first product to offer field-upgradable radio modules. Customers like this attribute, which provides a level of investment protection during a period of evolving standards. Although a little pricier than competitive offerings, the 1200 has a reputation for excellent performance and rock-solid reliability.

Although Cisco offers a great access point, it has been slow to respond to enterprise needs for more sophisticated WLAN services, including roaming, multilayer security and radio resource management, opening the door for more nimble start-ups like Airespace, Aruba and Trapeze. These competitive offerings have been architected for and targeted directly at Cisco's enterprise customer base, and they have won over numerous Cisco accounts. To counter this competitive threat--or, as Cisco might say, to "respond to emerging customer requirements"--it's filled some holes in its product line. First, Cisco introduced an appliance-based wireless management platform--the Wireless LAN Solution Engine, or WLSE--that let customers centrally manage hundreds or thousands of access points and monitor the network for rogue devices.

Next, Cisco introduced a wireless switch module for its Catalyst 6500 platform--the Wireless LAN Switching Module, or WLSM--designed to enhance security and mobility services while leveraging the capabilities of other Catalyst modules. The combination of WLSE and WLSM is clearly a step in the right direction for Cisco but doesn't appear to have stalled competitors' market momentum. Building a wireless network out of Cisco 1200 APs, WLSE and WLSM can be a complex and expensive proposition, especially if an organization needs to buy new Catalyst switches and supervisor modules. Cisco is betting that many customers will be content to add the WLSM to existing switches and argues that, from a price/performance standpoint, WLSM is very competitive to deploy. Still, this assemblage of components designed by three different business units lacks the elegant simplicity of competitive offerings.Beyond high cost and implementation complexity, Cisco also lags in support for 5-GHz 802.11a services that we consider critical to meeting the capacity needs of large enterprises. The good news is that Rossi acknowledges the need to implement multiband WLAN systems, providing support for 11b, 11g, and 11a.

"In terms of technology migration, I see this moving from 11b to 11g to 11a," Rossi said. "And I see this happening as a/g becomes standard on the client side. In the next six to nine months, the cost premium for a/g on clients and APs will be minimal."

Cisco is slated to introduce new 11a radio modules by the end of the year.

That Old Standards Song

As the dominant player in the network industry, Cisco is often a target of criticism with respect to standards. The rap is that while it talks a good game on standards and is an active participant in standards bodies, Cisco often pushes proprietary features that effectively lock customers into its product line, citing the need to meet "essential customer requirements" before standards have been ratified. Rossi puts a positive spin on this strategy: "To meet customer demands, Cisco will innovate in advance of standards, [but] always with an eye toward migrating to standards once they are in place."Competitors often cry foul, but it's likely that most would adopt the same strategy if they held a similar market position. Prospective customers do need to be vigilant in guarding against getting locked in. Case in point: When prospective customers pronounced WEP inadequate for meeting their security needs, Cisco introduced its proprietary LEAP authentication protocol. Cisco deserves credit for the LEAP architecture, which leveraged the 802.1X standard and provided robust mutual authentication and dynamic encryption services. However, the system locked customers into Cisco NICs at a time when competitors' products were increasingly being integrated into notebook computers.

Cisco's response was its Cisco Compatible Extensions (CCX) program, launched in 2003 and targeted at wireless chip makers and NIC manufacturers. CCX added new security, roaming and radio-resource-management capabilities to wireless client adapters under the framework of a royalty-free licensing program. Critics view CCX as an effort to leverage proprietary Cisco capabilities, an end run around the standards process. But in Cisco's defense, the 802.11 standards process has often progressed at a snail's pace, which sometimes makes it impossible for the company to meet the needs of its largest customers that often require advanced capabilities not addressed by current standards.

Cisco also points to the fact that CCX is a royalty-free licensing program that has been embraced by all major chip vendors. However, to leverage the power of CCX on the client, you'll need Cisco infrastructure.

Huge but Nimble

Pro football teams search far and wide for 350-pound linemen with the strength to flatten opponents and the ability to run the 40-yard dash in 4.6 seconds. There aren't many out there. In the network industry, Cisco is the 350-pound lineman--some might say the 800-pound gorilla--but there are always questions about its agility.Rossi concedes that coordinating efforts within and across Cisco business units is challenging. "I need to work internally to be successful in meeting our customer demands to view wired/wireless as one integrated network," he says. But he insists that Cisco's customer-driven entrepreneurial focus leaves the company well-positioned to compete with smaller start-ups. Given Cisco's incredible success, it's hard to deny that its corporate culture promotes success and helps it overcome the management challenges often associated with large organizations.

Cisco's success is dependent on more than just a positive internal culture. The company has been able to generate significant customer loyalty, mainly by engaging its customers, from field sales through support and on up to business line managers. Rossi spends lots of time on the road meeting with customers, and his performance is measured not only on the bottom line but also on the basis of how many customer meetings he has participated in at the company's San Jose Campus Executive Briefing Centers. Beyond understanding external customer needs, Cisco is its own customer, with perhaps the largest production enterprise WLAN in existence, consisting of more than 3,000 access points deployed at 300 sites in 100 countries serving the needs of more than 27,000 users. Now that's a wireless network! --Dave Molta


SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights