如何用建構校園網絡迎接e-Learning時代v2.10
Upcoming SlideShare
Loading in...5
×
 

如何用建構校園網絡迎接e-Learning時代v2.10

on

  • 336 views

 

Statistics

Views

Total Views
336
Slideshare-icon Views on SlideShare
336
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    如何用建構校園網絡迎接e-Learning時代v2.10 如何用建構校園網絡迎接e-Learning時代v2.10 Presentation Transcript

    • Clement Tam How to build Campus Network to embrace e-Learning Era 2.10 UnifiedAccess for Education One Policy – One Management – One Network Andy Lam 15th June, 2013
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Internet Floor 4 Floor 3 Floor 2 Floor 1 Core Switch & Wireless Controller One Management Tool for Wired and Wireless Identity Services Engine Hall (High Density AP) Building / Classroom Playground (Outdoor AP) Application Firewall Perfect Campus Infrastructure Edge Switches Access Point (AP)
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Preparing students for success in the global economy Keeping students fully engaged – Adaptive Learning Obsoleting traditional textbooks for E-Textbooks Implementing mandated Online Testing Protecting student and school district data Providing safe learning environments BYOD for faculty, staff, students, and parents Tech savvy students
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Wish List Authentication Services I only want to allow the “right” users and devices on my network Authorization Services I want user and devices to receive appropriate network services Guest Lifecycle Management I want to allow guests into the network and control their behavior Profiling Services I need to allow/deny iPads in my network (BYOD) Posture Services I want to ensure that devices on my network are clean Secure Groups Access I need a scalable way of enforcing access policy across the network Identity Services Engine Simplified Policy Management
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Wired+Wireless+WAN Policy/Guest Management AFTER Unified Context-based Policy Management for Employees and Guests Across The Network Account for every device and block unwanted devices AAA + profiling, provisioning, and posturing = secure BYOD Simple | Unified | Automated Who? What? When? Where? How? Provides Unparalleled Control BEFORE Separate Policy And Guest Management Wired | Wireless | WAN Improved Control
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Policy Guest Student Faculty Personal Device Personal Device Faculty Device Personal Device Wireless Classrooms Captive Portal DMZ Guest Tunnel Faculty VLAN 5 Dimensions of Policy and Provisioning Anytime Anytime Student VLAN Student ACL Wired Wireless VPN Faculty ACL Guest VLAN M–S 8 am–6 pm TimeLocation Access Method DeviceUser Anywhere Anywhere Anytime Anytime Anytime Anywhere Anywhere Wired Wireless IF $Identity AND $Device AND $Access AND $Location AND $Time THEN $Policy Library
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Account Sponsorship Account Notification Credentials Automatically Provided to Guest Via Email, SMS, or Printed Receipt Web Browser Redirects to Login Screen User Can Manage Access for Their Own Device Successful Authentication • Isolated Guest Network on DMZ • Role Based Policy Applied • User granted access to Internet Example K-12 Education Walkthrough—Guest Approved Sponsor Creates Account. Captive Portal Access Granted ISE Policy / Guest Engine Internal WLC Anchor WLC Guest User on DMZ DMZ Internet
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Wish List Planning Services I want clear visibility in to the RF environment Discovery Services I want to discover and inventory any and all devices attached to the network Deployment Services I want flexible and easy to use templates and deployment tools Monitoring Services I want to monitor the LAN, WLAN, and WAN with a single application Troubleshooting Services I want to troubleshoot the LAN, WLAN, and WAN from a single application Compliance Services I need to monitor and audit system-wide configurations for compliance purposes Prime Infrastructure Simplified Network Management
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Single Pane of Glass View and Management of WLAN – LAN - WAN AFTER Comprehensive User and Unified Access Network Visibility and Advanced Troubleshooting Provides Unparalleled Visibility BEFORE Separated management Improved Visibility WLAN LAN WAN + Identity    Simple Improves IT efficiency Unified Single view of all user access data Advanced Troubleshooting Less time and resources consumed × × × Siloed Inefficient operational model Repetitive Manual correlation of data Error Prone Consumes time and resources WLAN LAN WAN
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 • You can use to column grid for laying out slides with more Grey: Disconnected AP Yellow: AP w/ unresolved non-critical alarms Red: AP w/ critical alarms Active rogue APs 802.11u location specific service Zoom & Pan controls Next-Gen Maps • Reduced Clutter • Faster Loading • Better Navigation • Scalable Vector Graphics • High quality images with zoom in/out
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 ExperienceAnalysis Server
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Control and Visibility for IT—Predictability for Users Access Switches Compact 3750-X/3560-X2960-S 4500E Core Switches 6500 Series Access Points 600 Series Teleworker 3600 Series Density 1550 Series Outdoor 1600 2600 2600e 3600 Indoor Mobility Services Engine 3310 and 3355 Physical or Virtual Wireless LAN Controllers 2500 Series WLC on SRE 5500 Series WiSM2 7500 Identity and Policy Data Integration ISE PI Physical or Virtual 8500
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 BEFORE Wireless Interference Decreases Reliability and Performance AFTER Cleanair Mitigates RF Interference Improving Reliability and Performance Wireless Client Performance Chip Level Proactive and Automatic Interference Protection Improves Performance and Predictability Air Quality Performance Air Quality Performance
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 High Resolution Interference Detection, Classification, and Mitigation at Chip Level Detect | Classify | Locate | Mitigate • CleanAir radio ASIC • Detect Wi-Fi and non-Wi-Fi interference sources • Assess impact to Wi-Fi performance • Proactively change channels when interference occurs • Monitor air quality 35 100 63 97 2090
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Identify, Analyze, and Optimize Application Traffic AFTER Network Based Application Recognition – NBAR2 Deep Packet Inspection and App ID Provides Unparalleled Visibility and Control BEFORE Application View and ControL Based On L4 Firewall Sessions NBAR2 LIBRARY Deep Packet Inspection Real Time Interactive Non-Real Time Background POLICY Packet Mark and Drop First Generation Firewall Visibility to the port level interaction but not the applications running within the port View, Control and Troubleshoot – End User Application ExperienceFW L4 Session Visibility and Control HTTP = 75% SMTP = 15% FTP = 2% Telnet = 1% SNMP = 3% Wireless LAN Controller Traffic Improved Visibility and Control
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Reduces Coverage Holes/Improves Both Upstream and Downstream Improves Predictability and Performance ClientLink Disabled ClientLink Enabled 450 Mbps 300 Mbps 150 Mbps 65 Mbps 6 Mbps 450 Mbps 300 Mbps 150 Mbps 65 Mbps 6 MbpsBeacon Rate Connection Rate
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 600 Mbps 450 Mbps 802.11 1999 2003 2007 2 Mbps 11 Mbps 802.11b 54 Mbps 802.11ag 24 Mbps 300 Mbps 65 Mbps 802.11n 6900 Mbps 1300 Mbps 870 Mbps 290 Mbps 6900 Mbps 3500* Mbps 1730* Mbps 290 Mbps 2013 Wave 1 802.11ac 2014 Wave 2 802.11ac * Assumes 160MHz channel width is available and usable 802.11ac = game changer 802.11n 802.11ac Band 2.4GHz & 5.0GHz 5.0GHz only PHY Rate 65 Mbps – 600 Mbps 290 Mbps – 6.9 Gbps MAC Throughput 45 Mbps – 420 Mbps 194 Mbps – 4.8 Gbps Spatial Streams 4 8 Modulation 64 QAM 256 QAM Channel Width 20 or 40 MHz 20, 40, 80, *80+80, 160 MHz 1 Spatial Streams 3 Spatial Streams 8 Spatial Streams Key benefits: • Increased speed • Improved battery life GigabitEthernetUplink 2GigabitEthernetUplinks
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Wired-Like Video Delivery over Wireless AFTER Dynamic RF Management Improves Predictability and Performance BEFORE Manual RF Management High School Superintendent | Classroom | K12Superintendent | Classroom | K12
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Apple Bonjour and other consumer protocol service gateway. BEFORE Isolated Apple Bonjour Network AFTER Bonjour Discovery, Advertisement & Policy Bonjour Services Directory Apple Bonjour discovery, advertisement and policy Enterprise / Higher Education / K-12 Isolated Services No Network Policy L2 Only Service Cache and advertise VLAN and WLAN Policy Enforcement Services Across L3 boundary Routed Network Apple TV Apple TV Printer WLAN X mDNS & Bonjour Services NOT Routed Routed Network Apple TV Apple TV Printer WLAN WLAN Controller mDNS Profiles Policy & Control
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Sub Second Recovery / Convergence for Both WLAN and LAN AFTER WLAN and LAN Recovery / Convergence Times Are Both Sub Second Improves Predictability BEFORE WLAN and LAN Recovery / Convergence Times Significantly Different ×  WLAN 30+ second recovery / convergence LAN Sub second recovery / convergence AP State Sync AP Failover N+1 Redundancy   WLAN Sub second recovery / convergence LAN Sub second recovery / convergence AP Resiliency High AvailabilityProvide Mission Critical Support
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Simplify IT Operations with One Policy – One Management – One Network Visualize and control what applications are running on the network Make sure that policy follows the user wherever they go on the network?” Easily manage onboarding and access rights for students, faculty, staff and guests Enables you to “say yes” to BYOD without increasing your IT staff Delivers the most predictable user experience in the industry
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Thank You