Your SlideShare is downloading. ×
The Context Aware Network A Holistic Approach to BYOD
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

The Context Aware Network A Holistic Approach to BYOD


Published on

This presentation will discuss the bring-your-own-device (BYOD) trends, BYOD at Cisco, Cisco’s BYOD solution, as well as use cases.

This presentation will discuss the bring-your-own-device (BYOD) trends, BYOD at Cisco, Cisco’s BYOD solution, as well as use cases.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. The Context Aware NetworkA Holistic Approach to BYOD
  • 2. Trends BYOD at CiscoBring Your Cisco® BYOD SolutionOwn Device Use Cases Summary
  • 3. Trends #CiscoPlusCA
  • 4. Demand for Mobility 15 billion 56% new networked mobile of information workers devices by 2015 spend time working OUTSIDE THE OFFICE 3/4 of employees uses 100% MULTIPLE DEVICES of IT staff STRUGGLE for work to keep up with mobile needs
  • 5. BYOD: An Enterprise Wide Project Network Compliance Team Operations Endpoint Team Security Operations Application Team Human Resources
  • 6. A New Approach Is Required Routes All Requests Sources All Data Handles All Devices Shapes All Streams Controls All Flows Touches All Users Sees All Traffic 7
  • 7. Cisco Unique BYOD Value PropositionOne Network, One Policy, One Management More Than Just Device ownership is irrelevant: corporate, personal, guest, etc… Personal Devices More Than Just BYO devices need wired, wireless, remote and mobile access Wireless Access BYO devices can be any device: Windows PCs, Mac OS devices, More Than Just iPads any tablet, any smartphone, gaming consoles, printers…etc
  • 8. BYOD at Cisco #CiscoPlusCA
  • 9. Cisco-On-Cisco Client Mix 2,104 73M online Cius 8,144 meetings/yr. iPad 12,290 6,700+ BlackBerry Devices 2,185 -1.6% Growth Other Devices Linux Desktops -3.8% Growth 87,000+ Windows PCs 5,234 Android Devices 9.5% Growth 12,000+ Apple Macs 20,581 iPhones 3.9% Growth
  • 10. Cisco-On-Cisco Realized Gain 59% 32% 20% more devices more users fewer cases
  • 11. Cisco BYOD Solution #CiscoPlusCA
  • 12. BYOD SpectrumWhere are you on this BYOD spectrum? Limit Basic Enhanced Advanced Environment requires Focus on basic services Enable differentiated Company’s native tight controls and easy access for services and on-boarding applications, new almost anybody with security both onsite services, and full control and offsite Company’s only device Broader device types but Multiple device types, Manufacturing Internet only Multiple device types plus company issued environments Education environments access methods Innovative enterprises Trading floors Public institutions Healthcare Retail on demand Classified government Simple guests Early BYOD adopters Mobile sales services networks Contractor enablement (video, collaboration, etc.) Traditional enterprises
  • 13. 400 IT professionals interviewed about BYOD, more than 65 percentsaid they dont have the necessary tools in place to manage personaldevices on the corporate network, and 27 percent said they aren’tcertain of all the personal devices that are accessing the network. #CiscoPlusCA
  • 14. Cisco BYOD Smart Solution Elements Collaboration Application Policy Management Central Management Core Infrastructure Secure Mobility
  • 15. Cisco Switching Differentiators for BYODCisco Switches Scale to Meet Diverse Deployment Scenarios Next Generation Workspace Cisco Switching Differentiators • Unique Support of Next Generation Workspace populated by smartphones, tablets and virtual Any Device HD Video VDI desktops • Support Widest Range of Devices • Prevent eavesdropping and facilitate Catalyst 3K-X Catalyst 4K compliance with MACSec Encryption • Device profilers and device Sensors, Deliver PoE High Consistent Policy Security Video Leadership Availability • Monitor mode greatly simplifies 802.1x Smart Operations deployments Lower TCO Enabling the BYOD Experience
  • 16. Cisco Wireless Technology for BYODCisco Mobility Technology for High Performance Wireless Network Best-of-Breed Mobility Technology AP3600 Clean Air ClientLink 2.0 VideoStream Access Point Innovation Improved Performance Improved Performance Improved Performance The Tablet AP, Enhanced Proactive and automatic Proactive and automatic Wired multicast over a throughput and coverage interference mitigation beamforming Wireless network targeting advanced applications for tablets and For 802.11n and legacy smart devices clients Identity Services Engine (ISE) - Unified Policy Management Prime NCS – Central Network Management
  • 17. Universal Management for BYOD DeploymentsCisco Prime NCS for Unified Network Management Converged Access Management for Wired and Wireless Networks Wireless | Wired | Security Policy | Network Services Converged Security and Policy Monitoring Contextual status and monitoring across wired & wireless networks Centrally Organizes Day 1-to-n Management tasks Instructional configuration workflows Reduces the Time to Troubleshoot Integration with Cisco NCS PrimeImproved Network Visibility - Faster Troubleshooting - Eliminate Configuration Errors
  • 18. TrustSec ArchitectureIdentity and Context Centric Security WHERE Business-Relevant WHAT WHEN Policies Security Policy WHO HOW Attributes Centralized Policy Engine Dynamic Policy & Enforcement Identity User and Devices SECURITY POLICY MONITORING AND APPLICATION ENFORCEMENT REPORTING CONTROLS
  • 19. Policy: Who, What, Where, When, HowIdentity Services Engine (ISE) for Advanced Policy Management IDENTITY PROFILING 1 ISE HTTP 802.1x EAP NETFLOW User Authentication SNMP VLAN 10 DNS 2 VLAN 20 RADIUS Profiling to identify device Corporate DHCP Company asset Resources HQ 4 Wireless LAN Controller Policy 2:38pm Decision Internet Only Person 3 5 6 al asset Posture Enforce policy of the device in the network Full or partial Unified Access access granted Management
  • 20. Simplified On-Boarding for BYODPutting the End User in Control • Reduced Burden on IT staff – Device On-Boarding – Self Registration – Supplicant Provisioning • Reduced Burden on Help Desk Staff – Seamless, Intuitive User Experience • Self Service Model – My Device Registration Portal – Guest Sponsorship Portal
  • 21. Device Authentication Leveraging Your Infrastructure Network Cisco Catalyst® Switch Identity Differentiators Monitor Mode Flexible Authentication Sequence IP Telephony Support Support for Virtual Desktop Guests EnvironmentsAuthorized Tablets IP Phones Network Device Users 802.1X MAB and Profiling Web Auth Authentication Features IEEE 802.1x MAC Auth Bypass Web Authentication Consistent identity features supported on all Catalyst switch models
  • 22. Device ProfilingAutomated Device Classification Using Cisco Infrastructure Cisco Innovation DEVICE PROFILING Profiling for both wired and wireless devices POLICY Printer Personal iPad ISE Access Point Personal Printer Policy CDP CDP iPad Policy LLDP LLDP DHCP DHCP MAC MAC [place on VLAN X] [restricted access] Access PointThe Solution DEPLOYMENT SCENARIO WITH CISCO IOS SENSOREfficient Device COLLECTION CLASSIFICATION AUTHORIZATIONClassification Leveraging Switch Collects Device Related ISE Classifies Device, Collects ISE Executes Policy Based on Data and Sends Report to ISE Flow Information and Provides Device User and DeviceInfrastructure Usage Report
  • 23. Device Posture AssessmentISE Posture Ensures Endpoint Health before Network AccessWired, Wireless, VN User Temporary Limited Network Non- Access Until Remediation Is Compliant Complete Sample Employee Policy: Challenge: Value: • Microsoft patches updated • Understanding health of device • Temporal (web-based) or • McAfee AV installed, running, Persistent Agent • Varying level of control over devices and current • Automatic Remediation • Cost of Remediation • Corp asset checks • Differentiated policy enforcement- • Enterprise application running based on role
  • 24. Guest ManagementISE Guest Service for Managing Guests Guest Policy Web Authentication Internet Wireless or Wired Guests AccessInternet-Only Access Provision: Manage: Notify: Report: Guest Accounts via Sponsor Privileges, Guests of Account Details On All Aspects of Sponsor Portal Guest Accounts and Policies, by Print, Email, or SMS Guest Accounts Guest Portal
  • 25. Extended Security on and off-premiseAnyConnect, ASA, IPS, WSA & ScanSafe Cisco Cloud and Web Security Information Sharing Between ASA and WSA ASA & IPS Cisco Web Users Outside Security Appliance Network Social Networking Enterprise SaaS Corporate AD Email News
  • 26. Remote Access: Cisco AnyConnectOptimized User Mobility• User friendly design• Industry-leading connectivity features• Integrated connection manager for enhanced security• Key Features: • Always On or On-Demand VPN • Auto Re-Connect (Persistence) • IPSec, SSL & DTLS VPN • Clientless WebVPN • Optimal Gateway Selection • Endpoint Posture Assessment
  • 27. Device ManagementMDM & Cisco Solutions MDM Partners Cisco  Device inventory  User/device  Threat defense  Secure remote access authentication  Device provisioning/de-provisioning  Web usage policy  Posture assessment  Device data security  Web application  Policy enforcement DLP  Device application security  Context aware  Cost management access control  Full or selective device remote wipe ISE ScanSafe WSA IPS AnyConnect ASA
  • 28. Simple BYOD Deployment DiagramTying all the pieces together NCS Prime ISE MDM Manager 3rd Party MDM Appliance Cisco Catalyst Switches Cisco ASA WLAN Firewall Controller CSM / Wired ASDM Network Devices Office Wired Access Office Wireless Access Remote Access
  • 29. Advanced Collaboration with Cisco Jabber Win, Mac iPad, Cius Smartphone Web
  • 30. WebEx: Industry-Leading Meeting SolutionsIndustry-leading Document, Integrated with Delivered Securely Consistent,Web Conferencing Application, TelePresence and Over Cisco Cross-Platform Desktop Sharing Jabber for Enhanced Collaboration Cloud Experience• Audio, web, and high-quality video Collaboration • Windows, Mac, Linux, Unix, Solaris• Meeting, Training, Event, and Support • Supported on versions leading mobile devices • Available in 13 languages
  • 31. Use Cases #CiscoPlusCA
  • 32. BYOD Use Case: Basic Implementation Business Policy: Enable Wired and Wireless Access for Company and Personal DevicesUnified Policy-Based Management Uncompromised Security Simplified On-Boarding• Provide identity-aware networking • Provide secure, scalable guest • Provide zero-touch device and data integrity access solutions registration and provisioning of• Universally and effectively control employee and guest devices • Authenticate users and endpoints user and device access through wired wireless access with consistent policy across the enterprise network Cisco® Cisco Wireless Wired Prime™ ISE NCS Smartphones Tablets Games and Thin and Virtual Desktop/Notebooks Printers Clients Devices Layer
  • 33. BYOD Use Case: Advanced Implementation Business Policy: Provide Granular Access to Full Company Workspace, Both On and Off Site Enable a Full Mobile and Collaboration Experience Provide integrated policy management with mobile device management, deliver granular endpoint controls, provide layered security, and enforce network security policies for BYOD deployments Cisco WebEx Cisco Cisco ® Jabber™ Quad™ Enterprise Applications Cisco AnyConnect™ Cisco ® ScanSafe Cisco WSA Cisco ASA Cisco ISE Cisco Prime™ NCS Router Wireless Wired Smartphones Tablets Games and Thin and Virtual Desktop and Notebook Printers Clients Computers Devices Layer
  • 34. Summary #CiscoPlusCA
  • 35. Embrace Mobility While Ensuring SecuritySome Questions to Answer  Do I have the WLAN capacity and reliability to support an increased number of mobile devices and future applications?  How do I enforce security policies on noncompliant devices?  How do I grant different levels of access to protect my network?  How do I help ensure data loss prevention on devices for which I do not have visibility?  How do I mitigate emerging threats targeted at mobile devices?  How do I monitor and troubleshoot user and client connectivity problems on my access (wired and wireless) network?  Is my network capable of delivering the scalability and performance required to achieve the benefits of a BYOD strategy?
  • 36. Looking AheadIs the Network Ready for Next Generation Applications? Mobile BYOD clients drive advanced applications for Voice, Video, and VXI Before: 1 Employee = 1 PC Next Generation Applications require more bandwidth and performance Tomorrow:Infrastructure3 or more Network Employee =Applications Today: 1 Multimedia Will Have = High To Scale Use Devices Bandwidth
  • 37. Q&A #CiscoPlusCA
  • 38. We value your feedback.Please be sure to complete the Evaluation Form for this session. Access today’s presentations at Follow @CiscoCanada and join the #CiscoPlusCA conversation