SlideShare a Scribd company logo

Kela v2cs -_final

W
wbrewin
Technology
1 of 3
Download to read offline
Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 15,000 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960, 3750, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960 Series Switches •• Cisco Catalyst 3750 Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Beyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any WorkspaceBeyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any WorkspaceCisco Mobility
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
Beyond BYOD
Beyond BYODBeyond BYOD
Beyond BYODCisco Mobility
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Growth – learning to scale an organisation
Growth – learning to scale an organisationGrowth – learning to scale an organisation
Growth – learning to scale an organisationImpactHubBerlin
 
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21 Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21 Pino Ciampolillo
 

More Related Content

What's hot

Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Beyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any WorkspaceBeyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any WorkspaceCisco Mobility
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 

What's hot (20)

Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For You
 
Beyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any WorkspaceBeyond BYOD: Uncompromised Experience for Any Workspace
Beyond BYOD: Uncompromised Experience for Any Workspace
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
 
Beyond BYOD
Beyond BYODBeyond BYOD
Beyond BYOD
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoT
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed Networking
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it management
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILE
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and Software
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for Change
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 

Viewers also liked

Growth – learning to scale an organisation
Growth – learning to scale an organisationGrowth – learning to scale an organisation
Growth – learning to scale an organisationImpactHubBerlin
 
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21 Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21 Pino Ciampolillo
 
Bm a4-2016-final-fra20160119131529
Bm a4-2016-final-fra20160119131529Bm a4-2016-final-fra20160119131529
Bm a4-2016-final-fra20160119131529Fabrice Carlier
 
葉士瑜 我的閱讀履歷
葉士瑜 我的閱讀履歷葉士瑜 我的閱讀履歷
葉士瑜 我的閱讀履歷fxcatw
 
Operativni sistemi
Operativni sistemiOperativni sistemi
Operativni sistemijuranci99
 
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...MedicReS
 

Viewers also liked (11)

Growth – learning to scale an organisation
Growth – learning to scale an organisationGrowth – learning to scale an organisation
Growth – learning to scale an organisation
 
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21 Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
Piano aria sicilia capitolo 1 prog plurin sinanet agenda 21
 
logo
logologo
logo
 
Bm a4-2016-final-fra20160119131529
Bm a4-2016-final-fra20160119131529Bm a4-2016-final-fra20160119131529
Bm a4-2016-final-fra20160119131529
 
Music to the Ears
Music to the EarsMusic to the Ears
Music to the Ears
 
CV_gaurab
CV_gaurabCV_gaurab
CV_gaurab
 
葉士瑜 我的閱讀履歷
葉士瑜 我的閱讀履歷葉士瑜 我的閱讀履歷
葉士瑜 我的閱讀履歷
 
Иванов. Автоматизация построения предметных указателей
Иванов. Автоматизация построения предметных указателейИванов. Автоматизация построения предметных указателей
Иванов. Автоматизация построения предметных указателей
 
C
CC
C
 
Operativni sistemi
Operativni sistemiOperativni sistemi
Operativni sistemi
 
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...
FDA 2013 Clinical Investigator Training Course: Pharmacology/Toxicology in th...
 

Similar to Kela v2cs -_final

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copyLee Millington
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONERobb Boyd
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesBilly jones Monarquia
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingAmazon Web Services
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionAbdulrahmanRahmani4
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco routerIT Tech
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionCisco Mobility
 

Similar to Kela v2cs -_final (20)

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
 
Bellevue Group
Bellevue GroupBellevue Group
Bellevue Group
 
Ukrtransgaz
UkrtransgazUkrtransgaz
Ukrtransgaz
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONE
 
Telecom Italia
Telecom ItaliaTelecom Italia
Telecom Italia
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjones
 
OMV Petrom
OMV PetromOMV Petrom
OMV Petrom
 
SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
Enea wytwarzanie
Enea wytwarzanieEnea wytwarzanie
Enea wytwarzanie
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone Solution
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco router
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
Vitra AG
Vitra AGVitra AG
Vitra AG
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
Daisy communications
Daisy communications Daisy communications
Daisy communications
 

More from wbrewin

Ucs 5th-anniversary infographic EMEAR
Ucs 5th-anniversary infographic EMEARUcs 5th-anniversary infographic EMEAR
Ucs 5th-anniversary infographic EMEARwbrewin
 
Setting New Wireless Venue Benchmark
Setting New Wireless Venue BenchmarkSetting New Wireless Venue Benchmark
Setting New Wireless Venue Benchmarkwbrewin
 
Trinity Leeds Launches Next - Generation Shopping Center
Trinity Leeds Launches Next - Generation Shopping Center Trinity Leeds Launches Next - Generation Shopping Center
Trinity Leeds Launches Next - Generation Shopping Center wbrewin
 
Telenor arena v3cs_final(1)
Telenor arena v3cs_final(1)Telenor arena v3cs_final(1)
Telenor arena v3cs_final(1)wbrewin
 
Aplus v4cs -_final
Aplus v4cs -_finalAplus v4cs -_final
Aplus v4cs -_finalwbrewin
 
Tfl v2cs
Tfl v2csTfl v2cs
Tfl v2cswbrewin
 
St georges hospital
St georges hospitalSt georges hospital
St georges hospitalwbrewin
 

More from wbrewin (7)

Ucs 5th-anniversary infographic EMEAR
Ucs 5th-anniversary infographic EMEARUcs 5th-anniversary infographic EMEAR
Ucs 5th-anniversary infographic EMEAR
 
Setting New Wireless Venue Benchmark
Setting New Wireless Venue BenchmarkSetting New Wireless Venue Benchmark
Setting New Wireless Venue Benchmark
 
Trinity Leeds Launches Next - Generation Shopping Center
Trinity Leeds Launches Next - Generation Shopping Center Trinity Leeds Launches Next - Generation Shopping Center
Trinity Leeds Launches Next - Generation Shopping Center
 
Telenor arena v3cs_final(1)
Telenor arena v3cs_final(1)Telenor arena v3cs_final(1)
Telenor arena v3cs_final(1)
 
Aplus v4cs -_final
Aplus v4cs -_finalAplus v4cs -_final
Aplus v4cs -_final
 
Tfl v2cs
Tfl v2csTfl v2cs
Tfl v2cs
 
St georges hospital
St georges hospitalSt georges hospital
St georges hospital
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Kela v2cs -_final

  • 1. Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 15,000 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
  • 2. Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960, 3750, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
  • 3. Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960 Series Switches •• Cisco Catalyst 3750 Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3