Cisco Unified Access Enables BYOD


Published on

Published in: Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • USER WANTSConsistent experience on multiple devicesSeamless transitions between devicesSeparation of work and personal dataKeep up with tech and social trends
  • IT WANTSProactive adoption of consumer/mobile devicesEmbrace BYOD without sacrificing security, management, business standardsLower organizational costsImproved agility
  • KEY MESSAGE:We are seeing the vision of the Borderless Networks come to life, with more and more employees demanding flexibility in the way they work, when and where they work and on what devices they work.Addressing BYOD is only the first step – allowing users to bring their own devices securely into the network.But companies must move beyond basic BYOD connectivitytoprovide an uncompromised experience in any workspace.Companies need to address the increased network usage, increased video usage, virtual desktops, etc. SOUND BITE: Therules of the game are changing, and companies mustmove beyond the basic first step of BYOD connectivity to meet employee expectationsCisco’s own CIO Rebecca Jacobi said that the challenge is more than just getting users on the network, it’s about what users can do once they are on the network.On March 20th Cisco is introducing a set of capabilities across the broad wireless infrastructure, security and policy, network management, and more to address these expectations.We are firing on all cylinders enhancing every aspect in the overall solution…
  • Technologies802.1X, ProfilingSolution ComponentsCisco Switches + WLCsISENCS PrimeCisco How (or Why) we implement or why we are better…High-performance 802.11n WLAN solutions by Cisco provide a foundation for enabling collaboration and deploying business-transformative applications that can’t be matched by pure-play vendors or other integrated network solution vendors.Cisco switches offer differentiated features such as monitor mode, FlexAuth and Security Group Access (SGA) enabling IT to enforce the business policy requirements for a secure BYOD deploymentCisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. A first-of-its-kind platform, Cisco Prime NCS is the only solution to deliver comprehensive visibility to wired, wireless, and policy metrics in a single, unified view, providing faster troubleshooting and more efficient network operations. This unified view is critical for any BYOD deployment as more devices are introduced to the network at an increasing rate. It also provides complete visibility into endpoint connectivity, regardless of device, network, or location.
  • Device Profiling + Device sensorSolution Components – ISE (Identity Services Engine) and Switch sensor (IOS SW that resides on 3k)Steps : Collection: A device (for example – a printer) gets plugged into a port on a switchSwitch detects a new device has been plugged inSwitch collects data related to the device (DHCP, LLDP, CDP, and MAC OUI data) by snooping on the traffic sent by the deviceSwitch sends collected data to ISE to aid ISE in device classification Classification :ISE uses rules engine to classify that device to be a printerISE provides a report of devices with  device types : device MAC addr, device IP addr, switch port, device type etc Authorization:If IT has defined a policy for that device type - “Printer”, ISE executes the policyIf Policy says  – put printer in a VLAN X, ISE tells the switch to place printer on VLAN XIf Policy says – don’t allow printer on the network, ISE tells the switch to block the portIf Policy says – provide restricted access to printer and limit it to ONLY talk to a Print server, ISE will ask the switch to enforce an ACL per the policyISE – can also collect “netflow” information from switchIf ISE notices that HP Printer is trying to talk to Internet (based on netflow data), it raises an alaram, as Printers are meant to be used for intranet usage only.  This eliminates data spoofing & improves security
  • Automated monitoring and troubleshootingIn this example:A call between two locations is established and has poor qualityMediatrace can trace the path the video stream has taken and collect statistics along the pathThis helps the network operator isolate the point of problemThis eliminates the need for: external sniffer collectors and hop by hop logging into the network devices to do forensic analysis after the problem has occurred. The customer will save time and resources ($$)
  • Cisco Unified Access Enables BYOD

    1. 1. Unified AccessEnables BYODVaibhav KatkadeProduct Manager, Catalyst 2K/3K/4K12th June 2012© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
    2. 2. The New Reality: Seamless Connection Across Networks, Devices, Workspaces © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Prime ISE Catalyst Aironet 3600 AnyConnect Cisco Confidential 2 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
    3. 3. Securing Managing Delivering Any Complexity High-Quality Access And Scale Experience© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
    4. 4. Uncompromised Experience for Any Workspace Device Onboarding and One One One Guest Access Policy Management NetworkBasic Connectivity Unified Access © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
    5. 5. Identity and Policy One Policy Wired, Wireless, and VPN -- Managed & BYOD assetsSINGLE BUSINESS POLICY With MDM integration Central access to authorize access based on who, what,CONTEXT-BASED CONTROL when, where – with advanced segmentation Self-service on-boarding, with lifecycle guest handlingUSER-SPECIFIC SERVICES and context-based monitoring © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
    6. 6. Management One Management Single management console for user/device-centric visibility acrossCOMPREHENSIVE VISIBILITY users, devices, location, postureOPERATIONAL EFFICIENCY Intuitive workflows LOWER TCO Simplified troubleshooting and service assurance © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
    7. 7. Core NetworkOne Network – Secure Access, Uncompromised User Experience CiscoPrime Unified Management ISE Unified Policy Context-aware Application Smart Security Optimization Operations • Profile devices, • Simulate application • Plug-n-play switches identify users traffic • Develop device, user, • Locate performance • Dynamically location, role & problems configure ports application context DESKTOP/NOTEBOOKS TABLETS • Apply policy based on • Analyze directly in the • Automatically context, everywhere network diagnose and report faults SMARTPHONES GAME/PRINTER THIN/VIRTUALCLIENTS • Segment user or • Store for trending and Scalable, Resilient Access • Program event based application groups capacity planning actions Unmatched Performance for Wired and Wireless Wireless Wired Unified Network© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
    8. 8. Core NetworkDevice Profiling Automated with Device Sensor DEVICE CLASSIFICATION Profiling for both wired and wireless devices ISE Access Point POLICY LAPTOP Video Phone Laptop Policy Video Phone Policy [place on VLAN X] [restricted access] CDP CDP LLDP LLDP DHCP DHCP MAC MAC The Solution Deployment Scenario with Cisco Device Sensor Device Profiling Collection—Switch Classification—ISE Authorization—ISE executes + Device Sensor collects device related classifies device, collects policy based on user and data and sends report to flow information and provides device device ISE usage report© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
    9. 9. Core Network Si ? Si ? MPLS Si Si ? ? ? ? ? IT MediaTrace Prime Diagnostics, Logs The Solution Deployment Scenario Automate Monitoring and Mediatrace Hop by hop statistics Allows easy recreation of problems Troubleshooting automatically traces collected to find the problem with built-in traffic simulator, the mediapath node; enabled remotely yielding time and resource savings© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
    10. 10. Core Network ISR or 3K (―Director‖), 4K, 6K Roadmap Access Switches Smart Install Auto Smart Ports Smart Call Home Zero Touch Deployments Plug and Play for End Devices Quickly Identify and and Maintenance Resolve Network Issues New Switch is Connected New Device Attached Anomaly Detected Software image downloaded; Configuration Port Configuration: Applied Proactive diagnostics automatically applied QoS Policy: Enforced Alert created in real-time Security Policy: Enforced Web-based reports Routed to correct TAC team Remediation initiated with EEM Cost Savings: $15,000 (or 230 Hours) per 100 Switches*© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
    11. 11. One Management Unified management for wired and wirelessOne Policy Centralized, context-aware policy platformOne Network Consistent, rich services across wired & wireless © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
    12. 12. Thank you.