empowered branch - cisco...provides size and scale ideal for remote offices (

Empowered Branch

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Branch

Cheng Jang Thye

Business Development Manager

[email protected]

Enterprises New Business Priorities

Globalization Collaboration, Web 2.0Data Center Consolidation

Number of Branches Average number branch Branch Bandwidth


Green Business Visual NetworkingVirtual Workers

Number of Branches Growing 11% per year

Average number branch devices decreased from 7 to 5

Branch Bandwidth Growth 50% per year

62% of Enterprises adding new branches

91% of employees work away from HQ

Video & Collaboration Tools Top Bandwidth Drivers

NowBranch

Fewer branch services

Then

Multi-services

Branch Transformation

Retail

Healthcare

Financial Services

Challenges

� End-end-QoS

� Saturated WAN

� Operational complexity

TDM VoIP


Point Security Self-Defending

Mobile

Government

Wired

� Reactive ��Proactive

� Compliance

� High Availability

� Services consistency

� App-network integration

Network only Network + Application

Introducing: Empowered Branch


Moving to an Integrated Network Model

Mobility

Switching

Voice


Network Analysisand Monitoring

WAN Optimization

Security

MobilityRouting

Security

PRODUCTS APPROACH SOLUTION APPROACH

Service Oriented Network Architecture

Applications

Business Applications Collaboration Applications

Application DeliveryApplication Oriented

Networking

Mg

mt. S

erv

ice

s

Security Services IntegratedUnified

Communications Services

Collaboration Applications

Application Delivery

Unified Communications

Services

Security Services

Places in the Network


Mg

mt. S

erv

ice

s

IntegratedNetwork Services

Services

Mobility Services Compute Services

Storage Services Identity Services

Network Infrastructure Virtualization

Network Systems

Branch-WAN Campus

Services

Datacenter

Anywhere, Anytime Network Access

Operational Challenges in the Branch

BusinessChallenges


Availability and Performance

Core vs Context

Scarce IT Talent

Network Complexity

Cisco Empowered Branch Innovations

UnitedNetworkServices

MobilityApplicationIntelligence

IntegratedSecurity

RoutingSwitching

Mgmt.

Mar ’07

Dec ’06Get VPN

Voice/Video Enhancements

3G, WLCM

1861

WAASNAM

3560-E

3750-E


Sep ’07

Apr ‘08

IEEE 802.11n

Messaging GW, SRST w/E-911,

UCME 4.2, CUE 3.0

AXP

1861 ISR

ISR 860, 880

WAAS, PfR,

ACNS

NAC Profiler

NM-NAC

IPS AIM

UCME 4.3

CUBE 1.2

WAAS Virtual Blade

Video Surveillance

Content Filtering

4500-E

2960, 3560

Integrated 802.11n,

3G

CCP

Integration Delivers Operational Efficiency

Overlay Appliances

Security Appliance

Router

Switch

Wireless LANCisco® ISR 3845

With voice, wireless, video,

Integrated Services Router

WAN/App Optimizationvs.

3G


Over 70% OpEx Reduction

Security ApplianceVoice Appliance

With voice, wireless, video, WAN optimization, switch

Total Cost of Ownership

Dir

ect

an

d In

dir

ect

Co

sts

$0

$10,000

$20,000

$30,000

$40,000

$50,000

$60,000

$70,000

$80,000

Cisco Integrated Services RouterCompetitive Overlay Appliances

Revenue Loss

Employee Productivity

Unplanned Downtime

Planned Downtime

Maintenance Contracts

Facilities (Space, Power, Cooling)Implementation Costs

NMS Costs

Routing and Switching in the Branch

� Industry-leading Routing and switching portfolio


� Gold standard Cisco IOS

� New innovations

Perf

orm

ance a

nd S

erv

ices D

ensity

Integrated Services Router Portfolio

High Density and

2800 Series

3800 SeriesService IntegrationScaled to Fit Every Size Branch Office

3200 Series


Perf

orm

ance a

nd S

erv

ices D

ensity

Embedded Wireless, Security, and Data

Density and Performance for

Concurrent Services

Embedded, Advanced Voice, Video, Data, and Security Services

800 Series

1800 Series

Rugged and Mobile

Applications

Small Office and Teleworker

Medium toLarge BranchSmall Branch

MediumBranch

Mobile/Rugged Branch

Pe

rfo

rma

nce

an

d S

erv

ice

s S

ca

lab

ility

Cisco Unified WAN Services Router Portfolio

ASR 1000 with ESP-5G

New ASR 1000 with ESP-20G

Secure WAN Aggregation

Integrated Threat Control

Application Optimization

Pe

rfo

rma

nce

an

d S

erv

ice

s S

ca

lab

ility


or ESP-10G


Modular software,

Consistent LAN/WAN services

Broadband,

Metro Ethernet services

Catalyst 6500 Series

Cisco 7600 Series


Pe

rfo

rma

nce

an

d S

erv

ice

s S

ca

lab

ility

Branch

Head Office / WAN Aggregation

Secure, Reliable, Concurrent WAN Services Aggregation

High-performance Embedded Services

Hardware/Software Resiliency, Modular Software

Pe

rfo

rma

nce

an

d S

erv

ice

s S

ca

lab

ility

or ESP-10G

7200 SeriesHighest Capacity, Highly Available,

Modular Services

LAN/WAN services services

Integrated Security

� Broad set of security services

� Regulatory compliance

� Single security architecture


� Single security architecture

� Protect against Day-zero threats

� New innovations: GET-VPN, NAC, IPS-AIM

Threat Threat

Branch Evolving Security Requirements � Compliance drivers for security:

PCI (Retail); HIPAA (Healthcare); Sarbanes-Oxley/GLBA (Finance)

� Vulnerabilities from public Internet resources (web and email)

� Security threats from contaminated laptops, guest and rogue users

� Targeted attacks aimed at sensitive information in the data center


Threat

Employees Data Center

Threat

Wireless Guests

Threat

Web and Email

Threat

IPSec Tunnel

Corporate OfficeBranch

Infrastructure Internet

Complete Security Architecture

� Flexibility—mix and match integrated and appliance security

� Guidelines for secure deployments

� Leverages best-in-class Cisco technologies

� Rapid response to emerging security threats


Network Admission

Control

Advanced Firewall

Intrusion Prevention

Router Integrated Security

URL Filtering

802.1x

Network Foundation Protection

Flexible Packet

Matching

011111101010101011111101010101

VPN

Unified Threat Management Self-Defending Network

Network Admission

Control

Advanced Firewall

Intrusion Prevention

Content Security

VPN NetworkIntelligence

Flexible Packet

Matching

App Security Malware

Defense

011111101010101011111101010101

Secure Voice

Compliance

Secure Mobility

Business Continuity

Integrated Security

IOS Firewall, IPSec VPN, SSL VPN, IOS-IDS, NAC, IPS, GET VPN

Branch Security Solutions Portfolio

ASA, IPS 4200,

Security Appliances

� Integration ensures availability of technology

� Hardware flexibility and feature parity

� Common management interfaces

Add Physical Security


Security Design Guide

Cisco Security Center

Cisco Security Manager

CS-MARS, Cisco ACS

Cisco SDM, ADSM

ASA, IPS 4200,

NAC Appliance

Security Management� Management for large enterprises/many branches

� Centralized security alerts, signatures, and patches

� Self-Defending network – adaptive, intelligent defense

� Moving from defensive to proactive security

Best Practices

Cisco NAC Appliance Portfolio

SuperManager

Manages up to 40

Enterprise andBranch Servers

Enterprise andBranch Servers

StandardManager

Manages up to 20

� NME-NAC for 50 and 100 users, integrates CAS

Now Extending to Cisco Integrated Services Router


3500 Users Each

Branch Servers

1500 Users Each

Branch Office, SMB Servers or Cisco ISR Network Modules

100 Users 250 Users 500 Users

ManagerLite

Manages up to 3

50/100Users

CAS functionality

� Supports Cisco 2811, 2821, 2851, 3825, 3845 Integrated Services Routers

Intrusion Prevention System (IPS) Advanced Integration and Network Modules

Incorporates Network Admission Control (NAC) appliance server

� Enforces security policies,

Scans for latest anti-virus software

Prevents unauthorized access and spread of viruses on the network

Supports wired, wireless and guest NAC

Integrated Threat Control for Cisco ISR

� Enables Inline Intrusion Prevention (IPS)

� Runs same software (CIPS 6.0) and enables same features as Cisco IPS 4200

Performance Improvement by Hardware Acceleration.

AIM-IPS-K9



Integrated into Cisco ISRs

� Provides size and scale ideal for remote offices (<100 users)

Works with NAC appliances at headquarters in a network system

� Benefits of router integration

Systems Integration

Lower Operating Costs

Cisco IOS Advanced Security & above AIM – Cisco 1841, 2800, 3800NME –Cisco 2800 and 3800

�Dedicated CPU and DRAM to offload host CPU

AIM – Up to 45 Mbps

NME – Up to 75 Mbps

Management by both Routing and IPS software

Cisco IPS Device Manager (IDM)

Cisco Configuration Professional (CCP) (Device)

Cisco Security Manager (CSM) (Network wide)

IPS Manager Express (IME) and CS-MARS (event monitoring and correlation)AIM-IPS

NME-IPS-K9

NME-IPS

Cisco IOS® Content Filtering for ISRwith Trend Micro

Incorporates Network Admission Control (NAC) appliance server

� Enforces security policies,

Scans for latest anti-virus software

Prevents unauthorized access and spread of viruses on the network


Control spyware and malware at the remote site; conserve WAN bandwidth

Block malicious sites and enforce corporate policies

�Offer category-based security and productivity ratings

�Enforce HIPAA, FISMA, CIPA (Children’s Categories: Porn,

InternetTrend Micro

Rating Server



Integrated into Cisco ISRs

� Provides size and scale ideal for remote offices (<100 users)

Works with NAC appliances at headquarters in a network system

� Benefits of router integration

Systems Integration

Lower Operating Costs

For Cisco 800, 1800, 2800, and 3800 Integrated Services Routers

�Enforce HIPAA, FISMA, CIPA (Children’s Internet Protection Act)

Enforce with latest information, hassle-free

�Trend Micro maintains and updates the security and productivity database 24x7

�No local database is required on the router

Enable Registration and Configuration through

Cisco Configuration Professional® (CCP)

Categories: Porn, Violence, Gambling,

Sports,…

Cisco Integrated Services Router (ISR) Portfolio for Video Surveillance

Cisco

Cisco 3825

Cisco 3845

Analog Video Encoding Module

Cisco IP Video Surveillance Solution

New


Enterprise Branch Office

Cisco

2821

Cisco 2851

High-Density Services

Encoding Module

Extended Modular Connectivity

Multiple Services Modularity with Performance Optimized for “All-in-one” Solution

Video Management and Storage System

New

“Router-Integrated” Video Surveillance

The network is the platform reinvents safety and security

Easier to deploy new and extend existing sites

Greater monitoring flexibility, anywhere anytime

Tighter linkage between video

Unified Communications

IP Video SurveillanceCisco ISR


Investment Protection

Tighter linkage between video surveillance and other branch applications

� Leverages existing IP network

� Smooth analog to IP transition

� Leverages installed base of ISRs

Operational Efficiency

� Fewer devices at the branch

� Converged UC-VS platform

� One management system

� Simplified troubleshooting

� Lower TCO

Best in Class Network Security

Branch Application Performance

� Improve application response times

� Increase network availability


� Increase network availability

� Service level guarantees

� Recent innovations: Application eXtension Platform (AxP) WAAS, PfR

The Network is the PlatformO

pe

ratio

na

l E

ffic

ien

cy

A Few Years Ago

Integrated Services Routers

Integrated Application Platform


Op

era

tio

na

l E

ffic

ien

cy

Network IntegrationMultiple Overlay

ProductsApp and Server

Integration

WAN Optimization

Security

MobilityRouting

Network Analysis/

Monitoring

Voice

Switching � Service Integration

� Survivability

� 50–70% Opex reduction

� Applications and network integration

� New business models

� Optimized branch footprint

Application eXtension Platform

AIM-102

NME-302/522512MB-2GB RAM80-160GB storageIntel Pentium M

SDK (IOS APIs)

AXP Development

Portal

Complete Ecosystem

� Linux-based

� IOS APIs (AXP SDK)

� Supports multiple

concurrent applications


AIM-1021GB RAM256MB FlashIntel CeleronAXP

Partner Program

AXP Development and Advanced

Services

Ecosystemconcurrent applications

� 1841, 2800, 3800 ISRs

� Optimized, open branch architecture

� Tight Network-Application linkage

� A new business architecture

� Anything you need in the branch

� Applications are designed to work well on LAN’s

High bandwidth

Low latency

Reliability

� WANs have opposite

The WAN is the Barrier to Branch Application Performance

Round Trip Time (RTT) ~ 0mS

ClientLAN

SwitchServer

Round Trip Time (RTT) ~ many many milliseconds


� WANs have opposite characteristics

Low bandwidth

High latency

Packet Loss

Round Trip Time (RTT) ~ many many milliseconds

ServerClient LAN Switch

LAN Switch

Routed Network

WAN Packet Loss and Latency = Slow Application Performance =

Keep and manage servers in branch offices ($$$)

Cisco WAAS and Performance Routing

Application Optimization Solutions

� Choice of router integrated solutions

� WAAS Appliance / Integrated solution consistency

� Maximizes branch bandwidth, minimizes latency

� Maximize value of WAN investment


IOS Application Intelligence

� Enhances performance of business critical applications

� Transparent service interoperability

� Network visibility minimizes operational overhead

� Maximize value of WAN investment

IPSLA

NetFlow

QoS

PfR

A solution approach to Application Acceleration

Monitor and Provision

IP SLAs

Cisco NME-NAMVoice

Storage

IP

IP

UDP

TCP

Preserves Queuing, Shaping, Policing, and PfR

Transactional

QoS and Control

Inspect


IP SLAs

NetFlow

Wide Area File Services

WAN Optimization

Routing

QoS IPS

Firewall

Encryption

2X–100X

Integrated NME-WAE

Preserve Network Services Accelerate Applications

NME-WAE-302/K9 NME-WAE-502/K9

NME-WAE-522/K9

Traffic from Any Mix of Applications Can Coexist and Be Optimally Delivered on Converged IP Networks

Web content� Browsing

� Shopping

Real-Time Traffic� Voice over IP (VoIP)

� Videoconferencing Transactional Traffic� Order Processing & Billing

� Inventory & Shipping

� Accounting & Reporting

Streaming Traffic� Video on Demand (VoD)

� Movies

Bulk traffic� Email

� Data Backups

� Print Files


Convergence

All Traffic Is Not Alike => Need QoS

Converged IP Networks

Converged IP Networks

Cisco Empowered Branch

Largest Set of ServicesLower Barriers to Entry for Branch

Service Adoption


Complete and Integrated Branch Solution

Service Integration and Interoperability

Choice of Integrated or Separate Appliance

Consistent Services, Flexible

Performance/Pricing

Continuous Innovation

empowered branch - cisco...provides size and scale ideal for remote offices (

Documents