Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BYOD Overview - Mobility - BYOD - Unified Access

3,142 views

Published on

Explore the benefits of Bring Your Own Device (BYOD). Discover how Cisco's CleanAir, ClientLink, BandSelect, Radio Resource Management, Video Stream, and AnyConnect can unify access.


By: George Nazarey

Published in: Technology, Education
  • Be the first to comment

BYOD Overview - Mobility - BYOD - Unified Access

  1. 1. George Nazarey Security Consulting System Engineer© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. • • • • • • • • • • • © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. BYOD / Unified Access BYOD / Unified Access Mobility / WLAN Mobility / WLAN Mobility / WLAN 1997 Trends 2014© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. Drivers•  Majority of new network devices will have no wired port•  Users are starting to bring in more than one Mobile/WLAN device•  Mobile devices have become an extension of our personality•  Users will change devices more frequently than in the past•  Users will want to access more than Mobilemail on their devices•  Guest access with accountability has become a business requirement•  Finance sees cost savings / productivity in subsidizing personal devices© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Assumptions•  Plug in any device that does not move (printer, smartboards, etc.)•  Plug in any device that requires fixed high bandwidth (telepresence, etc.)•  Users will have 3 or more Mobile/WLAN devices (laptop, tablet, phone)•  Users will expect Wireless to become as predictable as the Wired Network•  Users will expect to simply onboard any Mobile/WLAN device they want•  You have to apply security policy to every user and device•  Guest Access must be isolated and accounted for at all times© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Use Cases Basic Mobility Basic BYOD Advanced BYOD •  Guest Wi-Fi •  Guest Wi-Fi •  Guest Wi-Fi •  Corporate Wi-Fi •  Corporate Wi-Fi •  Corporate Wi-Fi •  Mobilemail •  Mobilemail only •  Mobilemail •  Personal Mobile Device •  Personal Mobile with Profiling and Device with Profiling Provisioning •  Restricted Corporate •  VPN Access resource access •  Unrestricted Corporate (HTTPS/ VLAN/ACL) resource access •  Wired BYOD •  Voice / Video everywhere •  VDI / VXI •  MDM© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Use Cases + Key FunctionalityAAAGuest ManagementWi-Fi ProfilingWi-Fi ProvisioningWired ProfilingWired Provisioning© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. Use Cases + Critical TasksScale Wi-Fi for CapacityScale DHCP, DNS, AAA, PP, Guest Servers /Services for CapacityImplement automatic Wi-Fi Interference MitigationTune Wi-Fi for Performance(Voice , Video, Location)Unify Wired and Wireless Policy andNetwork ManagementImplement ability to Manage and Troubleshootboth IPv4 and IPv6 devices© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. Example Walkthrough—Wireless Policy Engine Directory PKI CA My Device Page Corporate Resources Wireless LANPersonal Wireless SSID Internet Controller Capable Device© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. Example Walkthrough—Wired Policy Engine Directory PKI CA My Device Page Corporate Resources Switch Personal Wired Internet Capable Device© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. Example Walkthrough—Guest AccountSponsorship Approved Sponsor Creates Account. Policy / Guest Engine Captive Account Notification Portal Credentials Automatically Provided to Guest Via Email, SMS, or Printed Receipt ISE Web Browser Redirects to Login Screen User Can Manage Access for Their Own Device Anchor WLC Successful Authentication Access •  Isolated Guest Network on DMZ Internet •  Role Based Policy Applied Granted •  User granted access to Internet Internal DMZ Guest User WLC on DMZ© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. Checklist / Timeline for Success—driven by Use Case and Business NeedScale Wi-Fi for CapacityScale Servers / Services(DHCP, DNS, AAA, PP, Guest)Implement Wireless(AAA+Profiling+Guest)Tune Wi-Fi for Performance(Voice, Video, Location)Unify Wired+Wireless Policy andNetwork Management - IPv4+IPv6Implement Wireless(AAA+Profiling+Provisioning+Guest)Implement Wireless+Wired(AAA+Profiling+Provisioning+Guest)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. What is Success?•  Single pane of glass view of all Users and Devices by IT (Visibility)•  Unified Policy Management of all Users and Devices by IT (Control)•  Ability for a User to choose and simply get any device on the network (Choice)•  The Wireless experience is as reliable as the Wired experience (Predictability)•  Operational and economic balance between security and simplicity Guests easily get access and are isolated and accounted for, but do not consume too much bandwidth Personal devices access and use only what productivity demands and corporate policy permits•  Operational and economic balance between Wireless and Wired 1–2 Wired ports per user on average 20–25 users per Wireless radio on average© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. Cisco’s Mobility Architectures and Extended Mobility / BYOD / Unified Access Portfolio© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. Choice and Flexibility Cisco Prime-Network Control System Autonomous Access Point Cloud Controller •  Distributed (FlexConnect) Control Plane •  Distributed Data WLAN Controller Plane •  Central Control Plane •  Independent •  Centralized Control Plane •  Central Image •  Distributed Data Plane Operation Management •  Distributed Policy •  Centralized Data Plane •  Centralized IDS •  Centralized Policy •  Higher AP Scalability Management •  Central RF Management •  Survivability •  Guest Tunneling •  Central Config /Client Resiliency •  Survivability Management CAPWAP Plug & Play Access Points© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. Best in Class and Best of Breed Policy & Network Mobility Innovation (Reliability and Predictability) Management Chip level proactive and automatic CleanAir interference mitigation Who? What? Where? How? When? Chip level proactive and automatic ClientLink electronic beamforming Radio ISE Resource Simplified advanced RF management (Control) Management Proactive and automatic band steering BandSelect for 5GHz capable clients Chip level wired multicast over a VideoStream Wireless network AnyConnect Persistent context-aware VPN connectivity NCS (Visibility)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. Control and Visibility for IT / Device Choice and Reliability for Users Mobility Services Engine Access Points 3310 & 3355 Indoor Teleworker Physical or Virtual Wireless LAN Controllers 1040 Series 600 Series Branch Controller Outdoor 1140 Series 2500 Series WLC on SRE Identity and Policy Campus Controllers 3500i 1550 Series Data Integration Serie NCS 1260sSeries Density 5500 Series WiSM2 Cloud Controller Physical or Virtual ISE Flex 7500 35/3600e Series 3500p Series Distribution Switches Access Switches 3750-X/ 6500 Series Compact 2960-S 4500E 3560-X© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. Cisco’s Unified Policy and Network Management© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. Industry’s First Context-Based Wired+Wireless+VPN Policy/Guest Management BEFORE AFTER Unified context-based policy management Separate policy and guest management for employees and guests across the network Improved Control Who? What? When? Where? How? AAA + PP = Secure BYOD Wired | VPN | Wireless Simple | Unified | Automated Cisco ISE–Provides Unparalleled Control© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. 5 Dimensions of Policy and Provisioning Conference M–S Captive Portal Guest Personal Device Wireless Rooms 8 am–6 pm DMZ Guest Tunnel Guest VLAN Contractor Contractor Wired Anywhere Anytime Contractor VLAN Device M–S Contractor Personal Device Wireless Anywhere 8 am -6 pm ACL Employee Employee Corporate Device Wired Anywhere Anywhere VLAN Personal Device Employee Wireless Anywhere Anywhere ACL VPN Anywhere© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. Single Pane of Glass View and Management of Wired+Wireless+Identity BEFORE AFTER Comprehensive user and access Separated management visibility with advanced troubleshooting Wireless Improved Visibility Wireless Wired Wired Identity Identity Siloed Inefficient Operational Model Simple Improves IT efficiency Repetitive Manual correlation of data Unified Single view of all user access data Error Prone Consumes time and resources Advanced Troubleshooting Less time and resources consumed Cisco Prime NCS–Provides Unparalleled Visibility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  23. 23. Unified •  Extends visibility beyond the edge to both wired and wireless users Network •  Unifies wired, wireless and security visibility into a single view and Policy •  Aligns to how networks and organizations are evolving for efficient Management operations and faster troubleshootingComprehensive •  Comprehensive lifecycle management of 802.11n and 802.11a/b/g Wireless enterprise-class indoor and outdoor wireless networks Lifecycle •  Delivers a wide array of tools and resources for effective planning, Management deployment, monitoring and troubleshooting, remediation, and optimization •  Cisco Prime NCS retrieves information directly from clients: Wired,Integration with wireless and authenticated, unauthenticated Cisco Identity Services •  Enables client posture status and client profiled views Engine •  Directly links from Cisco Prime NCS to ISE •  Monitor thousands of switches and Manage hundreds of Cisco wireless LAN controllers and thousand of Aironet access points Highly Scalable •  Seamlessly integrates with Cisco context-aware software, Adaptive Wireless Intrusion Protections System (AWIPS), CleanAir, and the Cisco Integrated Services Router© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. Cisco’s Mobility Innovations© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. Industry’s First Chip Level Proactive and Automatic Interference Protection BEFORE AFTER Wireless interference decreases CleanAir mitigates RF interference reliability and performance improving reliability and performance Wireless Client Performance AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE Cisco CleanAir–Improves Performance and Predictability© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  26. 26. High Resolution Interference Detection, Classification, and Mitigation at Chip Level •  CleanAir Radio ASIC 100 •  Detect Wi-Fi and non-Wi-Fi interference 20 sources 63 •  Assess impact 97 to Wi-Fi performance •  Proactively change 35 90 channels when interference occurs •  Monitor air quality Detect | Classify | Locate | Mitigate© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. Advanced Beam Forming Technology Improves Wireless Client Performance BEFORE AFTER Beam not directed towards clients Beam directed towards client resulting in resulting inconsistent performance consistent experience and better performance 802.11a/g (ClientLink) 802.11a/g (ClientLink) 802.11a/g/n (ClientLink 2.0) Wireless Client 802.11a/g/n (ClientLink 2.0) Performance X Beam Strength 802.11n 802.11n Cisco ClientLink—Improves Predictability and Performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  28. 28. Reduces Coverage Holes/Improves both Upstream and DownstreamCisco ClientLink 2.0 —Improves Predictability and Performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
  29. 29. Automatic Band Steering and Selection For 5GHz Capable Devices BEFORE AFTER All clients crowd the 2.4GHz 5GHz capable clients are automatically spectrum lowering performance moved to cleaner 5GHz spectrum Wireless Client Performance 2.4GHz 2.4GHz 2.4GHz 5 GHz 5 GHz 2.4GHz Speed Speed Speed Speed Speed Speed5GHz Capable 5GHz Capable 2.4GHz Capable 5GHz Capable 5GHz Capable 2.4GHz Capable Cisco BandSelect—Improves Predictability and Performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
  30. 30. Simplify IT Operations with Automatic/Dynamic RF Management BEFORE AFTER Manual RF management Dynamic RF management Simplify RF Performance Channels Power Coverage LWAPP LWAPP LWAPP Manual Channel Assignment Dynamic Channel Assignment Manual Transmit Power Adjustment Dynamic Transmit Power Adjustment Manual Coverage Hole Detection/Mitigation Dynamic Coverage Hole Detection/Mitigation Cisco RRM—Improves Predictability and Performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  31. 31. •  DCA—Dynamic Channel Assignment Changes in “channel / air quality” are monitored, and Access Point channel assignment is changed when deemed appropriate to preserve predictability•  TPC—Transmit Power Control Transmit Power is adjusted down or up based on radio to radio pathloss calculation when deemed appropriate to preserve predictability•  CHDM—Coverage Hole Detection and Mitigation Transmit Power is adjusted up on Access Points when coverage holes are detected and deemed appropriate to preserve predictability© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
  32. 32. Wired-Like Video Delivery over Wireless BEFORE AFTER Manual RF Management Dynamic RF Management Global Enterprise CEO M&A Sports CEO M&A Sports Meeting Negotiation Event Meeting Negotiation Event Cisco VideoStream—Improves Predictability and Performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  33. 33. We Optimize End-to-End Video Starting at the Access Point Multicast to Unicast Selectable Stream Resource Reservation Conversion at the AP Prioritization Prevents OversubscriptionMulticast Stream VIDEO NOT AVAILABLE AP AP WLC AP Tested for 30X Less Bandwidth Consumed and Double the Performance of Competitors © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  34. 34. Industry’s First Context-Based and Persistent VPN Connectivity BEFORE AFTER Unmanaged devices— Always-on VPN connectivity risk of data loss and lack of access Mobile Worker Acceptable Use Access Control Data Loss Prevention Cisco AnyConnect—Always On VPN Connectivity© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  35. 35. Cisco’s Leadership© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  36. 36. 802.11a/g (54Mb/s) 802.11n (>100Mb/s) 802.11ac (>1Gb/s) 802.11ad (60GHz) CONNECTIVITY  Wi-Fi 11a/g  Wi-Fi 11n  Wi-Fi VHT5G  WiGig 802.11h (DFS) SPECTRUM  Standard Wi-Fi 802.11j (Japan) 802.11y (3.6GHz) 802.11af (TVWS) 802.11k (Measure) 802.11v (Manage) 802.11ae (QoS MANAGEMENT  Voice-Enterprise  WNM for management) 802.11i (Security) 802.11w (MFP) SECURITY  WPA2  MFP Cisco Active Cisco Driven 802.11r (Roaming) 802.11u SEAMLESS  Voice-Enterprise  Hotspot 2.0 CCX Driven 802.11 amendment  Wi-Fi certification 802.11e (QoS) APPLICATIONS  WMM, WMM-AC 802.11aa (Video) Blue = complete Red = in development© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
  37. 37. •  Over 90% of the Mobility/WLAN industry silicon is CCX compatible •  Over seventy-five (75) Partners license CCX in the CDN Program •  Over 350 Devices and Tags are CCX Certified (“Cisco Compatible”) •  Over 730 Companies in the CDN Program across Cisco CDO© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  38. 38. World Congress Wireless Network—“V6 World Congress 2012”•  Cisco Provided the wireless network for IPv6 World Congress 2012 http://blogs.cisco.com/sp/touch-and-feel-ipv6-wi-fi/•  Network deployment–WLC 5508’s Aironet 1140’s, NCS 1.1 and ISE 1.1 providing unique device profiling NCS Prime Report Graphics: •  1068 Unique Clients •  46,09% Dual-Stack Clients •  Around 560 simultaneous Clients •  46,41% IPv4-Only Clients •  7.5% IPv6-Only Clients© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
  39. 39. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
  40. 40. Mobility / WLAN market credentials Mobility / WLAN industry credentials•  10+ years of market share leadership •  10+ years of Gartner MQ leadership•  $1.5+ Billion fast growth business •  Largest patent portfolio in the industry•  300,000+ enterprise customers •  Largest development team in the industry•  Most Access Points shipped in the industry •  Largest IEEE involvement in the industry•  Most Controllers shipped in the industry •  Co-founder of the Wi-Fi Alliance•  95% Fortune 1000 selected Cisco WLAN •  FIPS, Common Criteria, PCI certified© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
  41. 41. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

×