The right Wireless Architecture for you

1,643 views

Published on

The explosion of mobile devices driven by the BYOD phenomena is placing a renewed focus and premium on proper WLAN design and deployment. Cisco offers the most extensive and flexible no solutions set on the market, from Autonomous Access Points to Converged Access, including FlexConnect and Cloud based solutions.

Published in: Technology

The right Wireless Architecture for you

  1. 1. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11© 2012 Cisco and/or its affiliates. All rights reserved.Toronto, CanadaMay 30th, 2013The Right WirelessArchitecture for YouFrancis GirardConsulting Systems Engineer – Enterprise Mobilityfgirard@cisco.com
  2. 2. Cisco Unified Access: FlexibilityAutonomous AP Centralised FlexConnectConvergedAccessCloud Managed• Intended for static installations• Aironet Access Points• Catalyst Switches• Identity Services Engine• Prime Infrastructure• Premise-based Controller• Controller at every location• Optimized for campusdeployment• Aironet Access Points• Centralized Controllers• Catalyst Switches• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Data Center hosted Controller• No Controller at remote sites• Optimized for small branchdeployment• Aironet Access Points• Centralized Controllers• Catalyst Switches• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Common LAN & WLAN OS• LAN & WLAN featureconsistency• Optimized for high performance• Optimized for campus & branch• Aironet Access Points• Catalyst 3850 Switch• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Common LAN & WLAN OS• LAN & WLAN featureconsistency• No Controllers• Optimized for distributedenterprise• MR Access Points• MS Switches• MX Security• DashboardWANDashboardWAN Internet
  3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 4AutonomousAccess Points
  4. 4. How It WorksAutonomous Access Points• Since the beginning of times (1997)• Each AP is individually managedFrom AP CLIFrom AP GUIFrom Cisco Prime Infrastructure (WLSE)• AP connected to 802.1q trunk switch port• SSID = VLAN• End-user is dropped in local VLAN• End-user data traffic is locally switchedAccess PointsEnd-User Data TrafficISE PrimeInternalResourcesCampusNetworkManagementTools
  5. 5. Indoor Autonomous Access Point Portfolio1600 2600 3600• 3X3 MIMO-2 Spatial Streams• CleanAir Express• ClientLink 2.0• 3X4 MIMO-3 Spatial Streams• CleanAir• ClientLink 2.0• 4X4 MIMO–3 Spatial Streams• 802.11ac module (planned)• CleanAir• ClientLink 2.0
  6. 6. Outdoor Autonomous Access Point Portfolio1552I1552E1552EU1552C1552CU• Integrated Antennas• Low Power Consumption• CleanAir• ClientLink• External Antennas• High Power Gain• Fiber SPF Option• PoE Out• CleanAir• ClientLink• Integrated DOCSIS 3.0 CableModem• Cable Plant Powered• High Power Gain• CleanAir• ClientLink1552H1552S• ATEX Certified Class1 / Div2/Zone2• Integrated Honeywell SensorGateway (S)• Fiber SPF Option• PoE Out• CleanAir• ClientLink
  7. 7. BenefitsAutonomous Access Points• Affordable entry level solutionNo controllers and licensing• Supports latest Wi-Fi standards:802.11 a/b/g/n for connectivityWPA2 for robust security• Industry best range and throughputBest of bread RF• Investment protectionCan be upgraded to a controller-based architectureAccess PointsEnd-User Data TrafficISE PrimeInternalResourcesCampusNetworkManagementTools
  8. 8. LimitationsAutonomous Access Points• Each AP is managed individuallyProne to configuration inconsistenciesIndividual software upgradesEach AP must be configured in RADIUS server• Base level Wi-Fi functionalityNo dynamic radio resource managementNo Advanced securityRogue detection and mitigationWIPSNo guest access,• Voice over WLAN (roaming)Requires campus wide VLAN’sAccess PointsEnd-User Data TrafficISE PrimeInternalResourcesCampusNetworkManagementTools
  9. 9. Where / When To UseAutonomous Access Points• Hotspot deployments with nomadic roaming• Static environments• Customers without requirement for advancedservicesGuest access, location, rogue detection, WIPS, etc.• Small business or small distributed branchoffices• Small warehouses and plantsAccess PointsEnd-User Data TrafficISE PrimeInternalResourcesCampusNetworkManagementTools
  10. 10. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11CentralisedArchitecture
  11. 11. How It WorksCentralized Architecture• Zero touch AP deploymentAuto discoveryAP joins WLCAP established CAPWAP tunnel with WLCAuto firmware updateAuto configuration• Single centralized management pointFrom WLC GUIFrom Cisco Prime Infrastructure• End-user is dropped in a VLAN behind WLCVLAN can be dynamically assigned• End-user date traffic is centrally switchedAccess PointsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  12. 12. Indoor Lightweight Access Point Portfolio600 1600 2600 3600• 2X2 MIMO-2 Spatial Streams• Local Ethernet Ports• 3X3 MIMO-2 Spatial Streams• CleanAir Express• ClientLink 2.0• 3X4 MIMO-3 Spatial Streams• CleanAir• ClientLink 2.0• 4X4 MIMO–3 Spatial Streams• 802.11ac module• Security and SI module• CleanAir• ClientLink 2.0
  13. 13. Outdoor Lightweight Access Point Portfolio1552I1552E1552EU1552C1552CU• Integrated Antennas• Low Power Consumption• CleanAir• ClientLink• External Antennas• High Power Gain• Fiber SPF Option• PoE Out• CleanAir• ClientLink• Integrated DOCSIS 3.0 CableModem• Cable Plant Powered• High Power Gain• CleanAir• ClientLink1552H1552S• ATEX Certified Class1 / Div2/Zone2• Integrated Honeywell SensorGateway (S)• Fiber SPF Option• PoE Out• CleanAir• ClientLink
  14. 14. 5500500 APs7,000 ClientsWiSM21,000 APs15,000 Clients85006,000 APs64,000 Clients250075 APs1,000 Clients57601,000 APs12,000 ClientsWireless LAN Controller Portfolio
  15. 15. Cisco Unified Access PillarsIdentityServices Engine (ISE)PrimeManagementWired and Wireless Network• Self-provisioning portal – My Devices• Secure Group Access (SGA) -simplified role-based access controland enforcement based on context,avoids manual ACL/VLAN configs• Comprehensive Guest Management• Consistent functionality across wired andwireless• Application Visibility and Control (AVC)• Sub-second Stateful Switchover (SSO)• Hierarchical QoS - Port, Access Point, Radio,SSID, User, & application• Advanced Analytics and Business Intelligence• One application wired and wireless -Cisco Prime Infrastructure 1.4• Application visibility and assurance –deterministic end user applicationexperience across wired and wireless• Third Party device management
  16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17Cisco Identity Services EngineIdentity-based access control policy platform across wired, wireless or VPN.Automated, role-based and consistent access controlenforcement across wired and wirelessBased on context: user, device, and location.Self-registration personal device onboardingUsers self-management of their registered devices –Moves, Adds, Changes & Blacklist (Lost)One Policy
  17. 17. One ManagementCisco PrimeInfrastructure 1.2Unified VisibilityPrime 360Integrated Workflows Alignedwith Lifecycle ProcessesSupport the way networkoperators do their jobPrime Assurance ManagerEnhanced Application Visibilityand Control (AVC)Offering Wired and WirelessApplication Insight and ControlISR G2 Routers NAMASR WLAN Controller
  18. 18. BenefitsCentralized Architecture• Centralized management and troubleshootingfor lowest TCO• Easy to deploy and manage• Consistent configuration across all AP’s• Radio Resource Management (RRM)• Advanced securityRogue detection and mitigationWIPSIdentity Networking / RADIUS CoA / ISE• Voice over WLAN (roaming)• Guest accessAccess PointsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  19. 19. BenefitsCentralized Architecture• High availability (client SSO)• AVC - Application Visibility and Control• Location services• CleanAir• Videostream / multicast delivery optimisation• CMX - Connected Mobile Experience / Analytics• Apple Bonjour gateway• Mesh (indoor and outdoor)• Highly customizable and advanced feature setAccess PointsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  20. 20. Network Based Application Recognition - NBAR2Deep Packet Inspection et App IDNBAR2 LIBRARYDeep Packet inspectionTrafficPOLICYPacket Mark andDropWireless LAN ControllerNetflix = 50%YouTube = 15%WebEx = 10%Citrix = 9%Exchange= 8%Netflow v9 export• Classify 1000+ applications with sub-classification within applications: e.g. Lync – desktop share, video/voice, file transfer• Apply Granular policies - Per SSID, Device, Campus, Building, Floor• Real-time troubleshooting on the Wireless LAN Controller• Wired-wireless consistent export to standard netflow collectorsApplication Visibility and Control (AVC)
  21. 21. LimitationsCentralized Architecture• All end-user traffic is forwarded to the WLC• Poor use of LAN/WAN infrastructure wheninternal resources are distributed• WLC may become a bottleneck• WLC can be a single point of failureAccess PointsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  22. 22. Where / When To UseCentralized Architecture• Flexible architecture for campus, large branch,home, and outdoorEnterprise campusLarge manufacturing plantsHospitalsEducation campus / universities• Significant customization needs• For VoWLAN deployments / real timeapplications with roaming• Need / prefer on-premise managementAccess PointsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  23. 23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24FlexConnectArchitecture
  24. 24. How It WorksFlexConnect Architecture• First available in 2005• Originally named Hybrid Remote Edge AccessPoint (Hybrid-REAP / H-REAP)• Extension to the Centralised architecture• End-user is can either be dropped in a VLANbehind WLC, or in a VLAN in the switch towhich the AP is connectedPer SSID, user/group and/or per location• End-user data traffic can be locally switchedAccess PointsAP-Controller CAPWAP tunnel (Control Plane)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesCampusNetworkManagementTools
  25. 25. How It WorksFlexConnect Architecture• First available in 2005• Originally named Hybrid Remote Edge AccessPoint (Hybrid-REAP / H-REAP)• Extension to the Centralised architecture• End-user is can either be dropped in a VLANbehind WLC, or in a VLAN in the switch towhich the AP is connectedPer SSID, user/group and/or per location• End-user data traffic can be locally switchedAccess PointsAP-Controller CAPWAP tunnel (Control Plane)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesWANManagementToolsBranch
  26. 26. Indoor Lightweight Access Point Portfolio1600 2600 3600• 3X3 MIMO-2 Spatial Streams• CleanAir Express• ClientLink 2.0• 3X4 MIMO-3 Spatial Streams• CleanAir• ClientLink 2.0• 4X4 MIMO–3 Spatial Streams• 802.11ac module (planned)• CleanAir• ClientLink 2.0
  27. 27. 5500500 APs7,000 ClientsWiSM21,000 APs15,000 Clients85006,000 APs64,000 Clients250075 APs1,000 ClientsVirtual Controller200 APs3,000 ClientsFlex75006,000 Aps64,000 ClientsFlexConnectFlexConnect Wireless LAN Controller PortfolioCentralized and/orFlexConnect
  28. 28. FlexConnect – Advanced Services• High Availability – WAN SurvivabilityFlexConnect AP provides wireless access and services to clients when theconnection to the primary WLC fails• Fast Secure Roaming in remote branches – for VoWLAN• Dynamic VLAN and ACL assignment – per user• Scalability• Number of FlexConnect groups: 500 (7500s) and 100 (5500s)• APs per Group: 50 (7500s) and 25 (5500s)
  29. 29. FlexConnect – WLC AuthenticatorBranch OfficeData CenterWLCISR 3925 ISR 3925VPNAPISR 3925 ISR 3925Dot1X Auth ReqDot1x Auth SuccessNew Client12AAA RADIUS• All the client authentication requests travels through Central Controller• If Controller is not reachable, then no clients can authenticate
  30. 30. FlexConnect – AP AuthenticatorBranch OfficeData CenterWLCISR 3925 ISR 3925VPNAPISR 3925 ISR 3925Dot1X Auth ReqDot1x Auth SuccessNew Client• All the client authentication requests travels straight from AP to RADIUS Server.• If Controller is not reachable, clients can still continue to authenticate and access network services.12AAA RADIUS
  31. 31. FlexConnect – AP AuthenticatorBranch OfficeData CenterWLCISR 3925 ISR 3925APISR 3925 ISR 3925Dot1X Auth ReqDot1x AuthSuccessNew Client• All the client authentication requests travels straight from AP to Local Branch RADIUS Server.• If WAN link is down, clients can still continue to authenticate and access network services.12AAA RADIUS
  32. 32. FlexConnect – Local AuthenticationBranch OfficeData CenterWLCISR 3925 ISR 3925APISR 3925 ISR 3925 Dot1X Auth ReqDot1x AuthSuccess• All the client authenticated directly by the AP.• If WAN link & Local Backup RADIUS Server is down clients can still continue to authenticate and accessnetwork services.12AAA RADIUS
  33. 33. By The Way…• SSID’son “Local Mode” AP’s• Centrally Switched SSID’son FlexConnect AP’s• End-user traffic is alwaysswitched at the controller• “Local Mode” 
  34. 34. BenefitsFlexConnect Architecture• Same benefits as for the CentralisedArchitecture (most of them) + …• Flexible deployment and configuration options• Simple wireless operations with DC hostedcontroller (no need to distribute controllers)• Efficient use of WAN resources for branchesOnly desired traffic is tunneled to the controller• Highly available and scalable for large numberof remote branchesAccess PointsAP-Controller CAPWAP tunnel (Control Plane)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesWANManagementToolsBranch
  35. 35. LimitationsFlexConnect Architecture• Some WAN limitations may applyRTT must be below 300 ms data (100 ms voice)Minimum 500 bytes WAN MTU (with maximum fourfragmented packets)• Requires site wide VLAN for roaming(VoWLAN)• Some features are not available in standalonemode or in local switching modeAVC and VideoStreamSee full list in « H-REAP Feature Matrix » at www.cisco.comAccess PointsAP-Controller CAPWAP tunnel (Control Plane)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesWANManagementToolsBranch
  36. 36. Where / When To UseFlexConnect Architecture• Flexible architecture for small to medium sizebranches (up to 50 AP’s per site)Retail storesFood / restaurant chainsSmall warehousesBranch offices• Significant customization needs• For VoWLAN deployments / real timeapplications with roaming• Need / prefer on-premise management• Excellent migration option for autonomous AP’sAccess PointsAP-Controller CAPWAP tunnel (Control Plane)End-User Data TrafficISE PrimeWireless LANControllerInternalResourcesWANManagementToolsBranch
  37. 37. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38Converged Access
  38. 38. How it worksConverged Access• Similar to Centralised Architecture• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement• Mobility Controller (MC) is responsible for:– Client Mobility– Radio Resource Management (RRM)– WiPS, Spectrum ManagementAccess PointsISE PrimeMCMAWireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data Traffic
  39. 39. How it worksConverged Access• Similar to Centralised Architecture• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement• Mobility Controller (MC) is responsible for:– Client Mobility– Radio Resource Management (RRM)– WiPS, Spectrum ManagementAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMAMACatalyst 3850
  40. 40. Wireless ControlSystemAccess ControlServerLAN MgmtSolutionIdentityMgmtNACProfilerGuestServerCisco WirelessLAN ControllerInternalResourcesCisco FirewallCiscoAccess PointCatalystSwitchCorporateNetwork InternetOne ManagementPrimeOne PolicyISEDelivering Converged AccessIOS Based WLAN Controller• Consistent IOS and ASIC as Catalyst3850• Required to scale beyond 250 AP or 16Kclient domainsConverged Access Mode• Integrated wireless controller• Distributed wired/wireless data plane(CAPWAP termination on switch)New 5760One NetworkCatalyst 3850
  41. 41. • 802.11n• Clean Air• Video Stream• Radio ResourceManagement (RRM)• Wireless IntrusionPrevention System(WiPS)• 802.11ac ReadyFeatures:• Stacking, Stackpower• Trustsec/Identity• AVC/Medianet• Flexible Netflow• Granular QoS• Smart Operations• EnergyWise• VirtualizationFeatures:B e n e f i t s• Built on Doppler – Cisco’s InnovativeFlexparser ASIC technology• Eliminates operational complexity• Single Operating System for wired andwirelessSingle Platform for Wired and Wireless• 20+ Years of IOS Richness – Now on WirelessWIRELESS WIREDNote: All features may not be available onnew platforms at introduction but areexpected to be added within 12-18 months
  42. 42. Converged Wired/Wireless Access – BenefitsScale withdistributed wiredand wirelessdata plane480G stack bandwidth;40G wireless/switch; 16Kclients without separateWLC – future proofMaximumresiliency withfast statefulrecoveryLayered network highavailability design withstateful switchoverSingleplatform forwired andwirelessCommon IOS, sameadministration point,one releaseUnified Access - One Policy | One Management | One NetworkNetwork widevisibility forfastertroubleshootingWired and wirelesstraffic visible atevery hopConsistentsecurity andquality ofservice controlHierarchical bandwidthmanagement anddistributed policyenforcement
  43. 43. Virtual Controller200 APs3,000 ClientsFlex75006,000 Aps64,000 Clients5500500 APs7,000 ClientsWiSM21,000 APs15,000 Clients85006,000 APs64,000 Clients250075 APs1,000 Clients385050 APs2,000 Clients57601,000 APs12,000 ClientsConverged AccessFlexConnectConverged Access PortfolioCentralized and/orFlexConnect
  44. 44. How it worksConverged Access• Similar to Centralised Architecture• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement• Mobility Controller (MC) is responsible for:– Client Mobility– Radio Resource Management (RRM)– WiPS, Spectrum ManagementAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMACatalyst 3850
  45. 45. How it worksConverged Access• Similar to Centralised Architecture• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement• Mobility Controller (MC) is responsible for:– Client Mobility– Radio Resource Management (RRM)– WiPS, Spectrum ManagementAccess PointsISE PrimeInternalResourcesWANManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMACatalyst 3850MCMCMCMC
  46. 46. BenefitsConverged AccessAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMACatalyst 3850• Single platform for wired and wireless• Consistent security and quality of servicecontrol• Distributed control plane• Highly scalable• 802.11ac ready – no bottleneck• Centralized management and troubleshootingfor lowest TCO• Radio Resource Management (RRM)
  47. 47. BenefitsConverged AccessAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMACatalyst 3850• Highly customizable and advanced feature set• Advanced securityRogue detection and mitigationWIPSIdentity Networking / RADIUS CoA / ISE• High availability• Voice over WLAN (roaming)• Guest access• Location services• CleanAir
  48. 48. LimitationsConverged AccessAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMACatalyst 3850• More complex to deploy and manage• No full feature parity with AireOS controllersAVC - Application Visibility and ControlBonjour protocol optimisationMesh (indoor and outdoor)
  49. 49. Where / When to useConverged AccessAccess PointsISE PrimeMC Wireless LANControllerInternalResourcesCampusNetworkManagementToolsAP-Controller CAPWAP tunnel (Control and Data Planes)End-User Data TrafficMAMAMAMACatalyst 3850• Flexible architecture for campus and branchesEnterprise campusLarge manufacturing plantsHospitalsEducation campus / universities• Significant customization needs• For VoWLAN deployments / real timeapplications with roaming• Need / prefer on-premise management
  50. 50. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 51Cloud Manage
  51. 51. How It WorksCloud Managed• Cisco acquired Meraki in December 2012• Leader in cloud managed network solutions• AP connected to 802.1q trunk switch port• Local Authentication to RADIUS / AD• End-user is dropped in local VLAN on APVLAN can be dynamically assigned• End-user data traffic is locally switchedAccess PointsInternalResourcesLANMerakiDashboardInternetAP-Cloud management tunnel (Control Plane – 1 kbps)End-User Data Traffic
  52. 52. 100% cloud managed edge networksMeraki MSEthernet SwitchesMeraki SMMobile Device ManagementMeraki MRWireless LANMeraki MXSecurity Appliances
  53. 53. Cisco Unified Access100% Cloud ManagedUnparalleled Deployment FlexibilityCisco Enterprise Portfolio Cisco Cloud ManagedPrime ISECatalyst 2K/3K/4K/6KASA - FirewallISR - RoutingMS SwitchMX Series SecurityAppliancesAironet Access Points & ControllersDashboardCisco Networking PortfolioMR AP’sSystems Manager3rd Party MDM Integration
  54. 54. MR wireless access points55Featurehighlights5 models including indoor/outdoor, high performance and value-pricedEnterprise-class silicon including PoE, voice/video optimizationLifetime warranty on indoor APsBYOD policiesApplication traffic shapingGuest accessEnterprise securityWIDS / WIPSMesh routing
  55. 55. Intuitive Browser-Based DashboardUserfingerprints ClientlocationApplicationQoS Real-timecontrolInstantsearchWired +wireless
  56. 56. SaaS feature delivery, quarterly updatesWAN optimizationUser/device fingerprinting Application firewallMobile application deploymentContent filtering Network access control
  57. 57. Scalable cloud infrastructureTelmexNationwide hotspot and 3Goffload networkNext Retail550 retail stores across theUKMotel 670,000 hotel roomdeploymentJeffco School District 80,000student district with 100+schools
  58. 58. Systems Manager MDMFeaturehighlightsDevice Management controls iOS, Android, Mac, and Windows devicesCloud-based - no on-site appliances or software, works with any vendor’s network100% free - available at no cost to any organization, sign up at meraki.com/smCentralized app deploymentDevice securityRapid provisioningBackpack™ file sharingAsset management
  59. 59. BenefitsCloud Managed• It’s too easy!!!• Simple to buy (2 SKUs)• Easy to deploy and manage over the webAdd devices or sites in minutes• Out-of-the-box optimized feature set• Ongoing upgrades and enhancements• ReliableHighly available cloud with multiple datacentersNetwork functions even if connection to cloudis interruptedAccess PointsInternalResourcesLANMerakiDashboardInternetAP-Cloud management tunnel (Control Plane)End-User Data Traffic
  60. 60. BenefitsCloud Managed• SecureNo user traffic passes through cloudFully HIPAA / PCI compliant (level 1 certified)3rd party security audits, daily penetration testReliability and security information at meraki.com/trust• No bottlenecks• And… did I say it’s easy?Access PointsInternalResourcesLANMerakiDashboardInternetAP-Cloud management tunnel (Control Plane)End-User Data Traffic
  61. 61. LimitationsCloud Managed• Customer must embrace cloud services• Limited customisation capability (compared toon-premise controller based solutions)• Single architecture – less flexibility• No layer 3 roaming• Requires site wide VLAN for roaming(VoWLAN)• Limited integration with 3rd party solutionsAccess PointsInternalResourcesLANMerakiDashboardInternetAP-Cloud management tunnel (Control Plane)End-User Data Traffic
  62. 62. Where / When to UseCloud Managed• Mid-market businesses / distributed sites• Remote branches without on-site ITRetailProfessional servicesLawyers officesClinicsConstructionK-12 EducationHospitality• Lean IT• Cloud service users (salesforce, box.net, gmail)Access PointsInternalResourcesLANMerakiDashboardInternetAP-Cloud management tunnel (Control Plane)End-User Data Traffic
  63. 63. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 64Summary
  64. 64. Autonomous Centralized FlexConnectConvergedAccessCloudManagedBest of Breed RFOne Policy—ISEOne Management—PrimeSub-Second Failover N/A N/AAdvanced Features, Highly ScalableApplication Visibility and ControlTrustSec/SGACommon Policy Enforcement for LAN andWLANNetwork Wide Traffic VisibilityOne Operating System LAN and WLANUnified Access—Wireless Deployment ModesHighly Differentiated Value Across All Deployment Models
  65. 65. On-Premise and Cloud-Managed Networking PositioningEnterpriseMid-Market / CommercialCisco Enterprise PortfolioOn-Premise Managed- Deployment FlexibilityCisco Cloud Networking PortfolioCloud Managed- Lean, Generalist IT- Distributed small sitesNetwork Size (Sites, Density)Features/NetworkServicesSmall BusinessCisco Small BusinessSolutions
  66. 66. Cisco Unified Access: FlexibilityAutonomous AP Centralised FlexConnectConvergedAccessCloud Managed• Intended for static installations• Aironet Access Points• Catalyst Switches• Identity Services Engine• Prime Infrastructure• Premise-based Controller• Controller at every location• Optimized for campusdeployment• Aironet Access Points• Centralized Controllers• Catalyst Switches• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Data Center hosted Controller• No Controller at remote sites• Optimized for small branchdeployment• Aironet Access Points• Centralized Controllers• Catalyst Switches• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Common LAN & WLAN OS• LAN & WLAN featureconsistency• Optimized for high performance• Optimized for campus & branch• Aironet Access Points• Catalyst 3850 Switch• Identity Services Engine• Mobility Services Engine• Prime Infrastructure• Common LAN & WLAN OS• LAN & WLAN featureconsistency• No Controllers• Optimized for distributedenterprise• MR Access Points• MS Switches• MX Security• DashboardWANDashboardWAN Internet
  67. 67. Complete Your Paper“Session Evaluation”Give us your feedback and you could win1 of 2 fabulous prizes in a random draw.Complete and return your paperevaluation form to the room attendantas you leave this session.Winners will be announced today.You must be present to win!..visit them at BOOTH# 100
  68. 68. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 70Thank you.

×