Ise Ebc


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • WHO: Identify users and provide differentiated access in a dynamic, borderless environmentWHAT: Enforcing compliance for proliferating consumer and network capable purpose-built devices WHERE:Traditional borders are blurred. Access is possible from anywhereHOW: Establish, monitor, and enforce consistent global access policies
  • The diagram you see here outlines the main components of the borderless network architecture – it links applications, users, and end-point devices with operational processes and the network.It serves as both a framework for our system and architecture roadmap, as well as the deployment blueprint for Borderless Organizations. Let me briefly walk through its main elements. There are key pillars of functionality that Cisco Borderless Networks delivers on – primarily video, green, security, mobility, and performance—on an end-to-end basis. For innovative organizations, these are key areas of investment and differentiation. The critical network services and proof-points of these pillars include Medianet, TrustSec and EnergyWise; they are delivered by the core infrastructure including routing, switching, mobility, security and WAN Optimization components. Equally important to the Borderless Network architecture is how the user experience is impacted by these network services—when mobile, when engaging with video, and in the workplace—however it’s defined. Network services integrate with endpoint technologies like AnyConnect, to deliver always-on, seamless, reliable, secure connectivity regardless of location or device.Meanwhile, Borderless Management and Policy are built into Network and User Services, offering a flexible and dynamic framework for policy definition and enforcement that spans across video, green, security, mobility, and performance. The focus here is to connect the right user, the right device, the right application at the right place, at the right time, to the right network. It enables organizations to offer different levels of access privileges or performance characteristics to users, devices and applications.In this framework, policy definition and administration are centralized while control, visibility and enforcement are distributed via the application of dynamic policy assignments.Finally, we have the end-point devices that Cisco extends intelligence and awareness to, including cameras, video terminals, IP Phones, and mobile devices so that the experience is seamless and end to end. It is this blended approach of technologies and new capabilities that will enable new business models and allow your organization to go Borderless. Let’s take a look now at each of those critical network services I mentioned.
  • Ise Ebc

    1. 1. Cisco Trustsec Solution: Identity Services Engine (ISE)Introduction and Overview<br />
    2. 2. Forward-Looking Statements<br />Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.<br /> <br />
    3. 3. What Exactly Is Your Network Policy?<br />Chief Information Officer<br />“We must be compliant with regulations, and be able to prove that we are compliant”<br />“Our business transactions need to be protected from malicious attack”<br />“I need to on board consumerized IT devices to reduce desktop computing costs”<br />“I need to support an organization that works globally”<br />The Network Policy is an Extension of Business Goals and Objectives<br />
    4. 4. Policy Evolving with Borderless Network<br />Borderless Networks<br />Anyone<br />The RIGHT Person<br />Any Device<br />An approved Device<br />Anywhere<br />In The Right Way<br />Anytime<br />
    5. 5. Cisco Borderless Network Architecture<br />Diverse Workforce<br />Always On Employees <br />Consumer IT Devices<br />Multi-Modal<br />Borderless End-Point/User Services<br />Infrastructure<br />WorkplaceExperience<br />Mobility<br />Video<br />Borderless Management and Policy<br />Switching<br />Secure, Reliable, Seamless, Collaborative <br />Cisco® Services for Borderless Network<br />Routing<br />Wireless<br />Mobility: Motion<br />Green:Cisco EnergyWise<br />Security:Cisco TrustSec Solutions<br />Application Performance<br />Video and Voice: Medianet<br />Security<br />WAAS<br />Cisco TrustSec® is what protects a borderless network<br />
    6. 6. Cisco TrustSec Solution<br />Cisco TrustSec® Securely Enables Your Business by Applying the Appropriate Policies Throughout the Network<br />I need to onboard consumerizedIT devices to enable new services while reducing our desktop computing costs”<br />Employees now get $1500 to buy Laptops and are responsible for updating but they can also get corporate issued smart phones to access corpdata anywhere any time”<br />“We need to monitor the real-time mapping of people to device for accountability and compliance”<br />
    7. 7. Cisco Trustsec: Identity Services Engine<br />ISE: Policies for people and devices<br />Guest Access<br />Non-User Devices<br />Authorized Access<br /><ul><li>Can I allow guests Internet-only access?
    8. 8. How do I manage guest access?
    9. 9. Can this work in wireless and wired?
    10. 10. How do I monitor guest activities?
    11. 11. How can I restrict access to my network?
    12. 12. Can I manage the risk of using personal PCs, tablets, smart-devices?
    13. 13. Access rights on-prem, at home, on the road?
    14. 14. Devices are healthy?
    15. 15. How do I discover non-user devices?
    16. 16. Can I determine what they are?
    17. 17. Can I control their access?
    18. 18. Are they being spoofed?</li></li></ul><li>A Practical Example of Policies<br />“Employees should be able to access everything but have limited access on personal devices”<br />Internet<br />“Everyone’s traffic should be encrypted”<br />Internal Resources<br />Campus Network<br />“Printers should only ever communicate internally”<br />Cisco Switch<br />Cisco® Identity Services Engine<br />Cisco Access<br />Point<br />Cisco Wireless<br />LAN Controller<br />Cisco Switch<br />
    19. 19. Advantages of Identity Services Engine<br />Consolidated Services, Software Packages<br />Session Directory<br />Flexible Service Deployment<br />ACS<br />Access Rights<br />User ID<br />NAC Manager<br />M&T<br />Admin<br />Console<br />All-in-One HA Pair<br />NAC Profiler<br />NAC Server<br />Distributed PDPs<br />NAC Guest<br />Location<br />Device (& IP/MAC)<br />Simplify Deployment & Admin<br />Tracks Active Users & Devices<br />Optimize Where Services Run<br />ISE<br />Manage Security Group Access<br />System-wide Monitoring & Troubleshooting<br />Policy Extensibility<br />SGT<br />Public<br />Private<br />Permit<br />Permit<br />Staff<br />Guest<br />Deny<br />Permit<br />Keep Existing Logical Design<br />Consolidate Data, Three-Click Drill-In<br />Link in Policy Information Points<br />
    20. 20. ISE Packaging and Licensing<br />Base Feature Set<br />Perpetual Licensing<br />Advanced Feature Set<br />Term Licensing<br /><ul><li>Device Profiling
    21. 21. Host Posture
    22. 22. Security Group Access
    23. 23. Authentication / Authorization
    24. 24. Guest Provisioning
    25. 25. Link Encryption Policies</li></ul>Appliance Platforms<br />Small 3315/1121 | Medium 3355 | Large 3395 | Virtual Appliance<br />
    26. 26. Upgrades and Migrations<br />ACS<br />NAC Guest<br />NAC Manager<br />NAC Profiler<br />NAC Server<br /><ul><li>Current hardware is software upgradeable (1121/3315/3355/3395)
    27. 27. Migration program for older hardware at large discount levels
    28. 28. License migration program for all software licenses
    29. 29. Data and Configurations migration tools available*</li></ul>*Available over future releases<br />Identity Services Engine<br />Existing Investments Protected<br />
    30. 30.  Two-Year Roadmap Outlook<br />Converged Policy Platform<br />Unified Agent<br />Identity BasedFirewall<br />NAC ACS<br />Guest<br />Profiler<br />ISE<br />User group enforcement<br />UK Employees<br /><ul><li>Offers Cisco AnyConnect™ technology: On- and off-premises security
    31. 31. Extends 802.1x & VPN client + NAC
    32. 32. Extends management to Positron
    33. 33. AAA, 802.1x, guest, profiler, posture
    34. 34. System monitor & diagnosis
    35. 35. “ISE”: Next-generation ACS + NAC
    36. 36. User, group, device based policy
    37. 37. ASA & Positron platforms</li></ul>Sales<br />Network Infection Containment<br />System-wide Monitoring & Troubleshooting<br />Simplified DeviceProfiling<br />Identity Policy<br />Network Device Provisioning<br />Cisco Security Intelligence Ops<br />Client Management<br />Monitoring & Troubleshooting<br />HR<br /><ul><li>Cisco delivered device template feed
    38. 38. Switches collect & forward device fingerprint, no traffic re-engineering
    39. 39. Streamline the locate, contain, & remediation process
    40. 40. Leverage reputation & NIPS feeds
    41. 41. Single admin pane-of-glass
    42. 42. Wired & wireless infrastructure</li></li></ul><li>ISE: Looking to the Future<br />Policy Enablement Platform<br />Today<br />Tomorrow<br />Cisco TrustSec<br />Policy Governed Networks<br />Policy Governed Networks<br />Visibility & Control <br />Full<br />Context Awareness<br />Policy Management<br />Guests<br />ISE<br />Internet<br />Policy Enabled Services<br />Quarantine<br />Business Relevance<br />Policy Based on Business Objects<br />Device<br />Business Relevant Policies<br />Context Awareness<br />Visibility & Control<br />
    43. 43. Cisco SecureX Architecture<br />Cisco SIO<br />Threat Intelligence<br />Secure Endpoint<br />AnyConnect<br />Secure Virtual and Cloud<br />Nexus 1K and Cloud Connected Network<br />Cisco Infrastructure<br />Access Control<br />TrustSec<br />Access Control<br />TrustSec<br />Network<br />Context Aware Enforcement<br />Context Aware Policy<br />Application Programming Interfaces<br />Control<br />Visibility<br />Context<br />Cloud<br />Integrated<br />Overlay<br />Management<br />Services<br />Partners<br />