USER WANTSConsistent experience on multiple devicesSeamless transitions between devicesSeparation of work and personal dataKeep up with tech and social trends
IT WANTSProactive adoption of consumer/mobile devicesEmbrace BYOD without sacrificing security, management, business standardsLower organizational costsImproved agility
KEY MESSAGE:We are seeing the vision of the Borderless Networks come to life, with more and more employees demanding flexibility in the way they work, when and where they work and on what devices they work.Addressing BYOD is only the first step – allowing users to bring their own devices securely into the network.But companies must move beyond basic BYOD connectivitytoprovide an uncompromised experience in any workspace.Companies need to address the increased network usage, increased video usage, virtual desktops, etc. SOUND BITE: Therules of the game are changing, and companies mustmove beyond the basic first step of BYOD connectivity to meet employee expectationsCisco’s own CIO Rebecca Jacobi said that the challenge is more than just getting users on the network, it’s about what users can do once they are on the network.On March 20th Cisco is introducing a set of capabilities across the broad wireless infrastructure, security and policy, network management, and more to address these expectations.We are firing on all cylinders enhancing every aspect in the overall solution…
Technologies802.1X, ProfilingSolution ComponentsCisco Switches + WLCsISENCS PrimeCisco How (or Why) we implement or why we are better…High-performance 802.11n WLAN solutions by Cisco provide a foundation for enabling collaboration and deploying business-transformative applications that can’t be matched by pure-play vendors or other integrated network solution vendors.Cisco switches offer differentiated features such as monitor mode, FlexAuth and Security Group Access (SGA) enabling IT to enforce the business policy requirements for a secure BYOD deploymentCisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. A first-of-its-kind platform, Cisco Prime NCS is the only solution to deliver comprehensive visibility to wired, wireless, and policy metrics in a single, unified view, providing faster troubleshooting and more efficient network operations. This unified view is critical for any BYOD deployment as more devices are introduced to the network at an increasing rate. It also provides complete visibility into endpoint connectivity, regardless of device, network, or location.
Device Profiling + Device sensorSolution Components – ISE (Identity Services Engine) and Switch sensor (IOS SW that resides on 3k)Steps : Collection: A device (for example – a printer) gets plugged into a port on a switchSwitch detects a new device has been plugged inSwitch collects data related to the device (DHCP, LLDP, CDP, and MAC OUI data) by snooping on the traffic sent by the deviceSwitch sends collected data to ISE to aid ISE in device classification Classification :ISE uses rules engine to classify that device to be a printerISE provides a report of devices with device types : device MAC addr, device IP addr, switch port, device type etc Authorization:If IT has defined a policy for that device type - “Printer”, ISE executes the policyIf Policy says – put printer in a VLAN X, ISE tells the switch to place printer on VLAN XIf Policy says – don’t allow printer on the network, ISE tells the switch to block the portIf Policy says – provide restricted access to printer and limit it to ONLY talk to a Print server, ISE will ask the switch to enforce an ACL per the policyISE – can also collect “netflow” information from switchIf ISE notices that HP Printer is trying to talk to Internet (based on netflow data), it raises an alaram, as Printers are meant to be used for intranet usage only. This eliminates data spoofing & improves security
Automated monitoring and troubleshootingIn this example:A call between two locations is established and has poor qualityMediatrace can trace the path the video stream has taken and collect statistics along the pathThis helps the network operator isolate the point of problemThis eliminates the need for: external sniffer collectors and hop by hop logging into the network devices to do forensic analysis after the problem has occurred. The customer will save time and resources ($$)