cisco unified access roadshow - cisco - global home page€¦ · connection as the user changes...
TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Unified Access Roadshow Osama Rasoul
Sales Manager, Network Architectures
CCIE R&S # 10165
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Unified Access System
Introduction
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
1. Complete Device Visibility and Simplified Onboarding
2. Consistent Business Policy Enforcement
3. Extending Unified Access to VPN
One Policy ISE and AnyConnect
1. Converged Wired and Wireless
2. Consistent AVC
3. Consistent Resiliency
One Network Wired and Wireless
1. Simplified Visibility and Compliance
2. Simplified Deployment
3. Simplified Operations and Reduced OPEX
One Management Prime Infrastructure
Systematic Approach to Address Key Customer Concerns
Visibility | Availability | Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
1. Complete Device Visibility and Simplified Onboarding
2. Consistent Business Policy Enforcement
3. Extending Unified Access to VPN
One Policy ISE and AnyConnect
1. Converged Wired and Wireless
2. Consistent AVC
3. Consistent Resiliency
One Network Wired and Wireless
1. Simplified Visibility and Compliance
2. Simplified Deployment
3. Simplified Operations and Reduced OPEX
One Management Prime Infrastructure
Systematic Approach to Address Key Customer Concerns
Visibility | Availability | Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Auto-Install Updates: Over-the-air distribution of applications, data, OS and configuration settings for mobile devices that are registered (non-registered devices can not be managed by MDM)
• Remote Wipe: Of lost / stolen devices, protecting against data loss (in support of Data Loss Prevention—DLP)
• Cisco is uniquely partnered with these five MDM vendors, representing the market leaders
• Mobile Device Management (MDM): Software deployed across mobile operators, service providers and enterprises to secure, manage, monitor and support smart phones and tablets
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Centralized Security Management: All devices are verified by ISE before the access port allows connection; performs the role of a “security guard”—device/user must be “on the list” to get in
• Complete Visibility: Sees all devices regardless of how they connect (wired, wireless or VPN); provides visibility of devices not registered with MDM
• Cisco has most comprehensive offering in the market
• Competitors try to sell solutions that are missing functionality by presenting their solutions as simplified
• Start with guest access, then corporate owned versus employee owned, gradually over time introduce other levels of context
• Identity Services Engine (ISE): Policy Engine that interacts with Active Directory, Cisco devices, PRIME and several MDM platforms to provide granular policy creation and enforcement for wired, wireless and VPN connection
User
Fixed PC at office desk- user always works from this PC
Traditional Device / User Management
Context based Device / User management
Any where, Any time, Any thing (device)
= 10.1.2.3 =
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Complete Visibility: Utilizing ISE and MDM, ALL devices are seen and controlled, allowing IT to simplify MDM enrollment, fast adoption of employee owned devices as well as maintain consistent visibility of non-mobile devices such as wired PC or game consoles
• Cisco’s comprehensive ISE solution is a leader in the security segment; Good, MobileIron, Airwatch, Afaria/SAP and Citrix/Zenprise are leaders within the MDM segments; together; no other vendor(s) partnerships can equal this solution. Cisco completes the personal device security promise of MDM – by ensuring all devices are compliant before access
• Enforced Device Compliance: ISE catches non MDM compliant devices and forces them to comply with MDM policy
• Offers user options to accept MDM for full access, or reject MDM for restricted (Internet-only) or no access
Best Practice—Current
Best Practice—Future CY13Q2
MDM is network BLIND Cannot see non-MDM registered
devices, cannot enforce compliance
ISE “sees” all devices ISE BYOD enforces MDM device compliance
ISE and MDM Integrate
Enforced Mobile Device Compliance
Automates MDM registration
Quarantines non-compliant devices
Users can elect to not register
and be allowed guest services
= Complete Solution +
MDM
Mobile Device
Security Control
Device Security and
Compliance
Mobile Application
Management
Data Security
Controls
ISE
Device Access
Control
Device Identity
BYOD On-boarding
Device Access
Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Provisioning Portal: ISE provides a guest portal for employees to add/request guest access for visitors
• Automated Process: Device/User credentials are validated; users to follow prompts to add necessary apps, patches, register with MDM or choose a quarantined limited access network- gives users freedom to choose
• Cisco’s integrated solution allows wired, wireless and VPN users plus MDM and MS AD to interact in a way no other competitor allows
• Competition tries to piece together disjointed products and vendors to create a solution but the gaps are not addressed in a complete platform
• Onboarding: Process of adding users and BYOD devices to the enterprise network-Automated service to help workers securely use personal devices at work.
BYOD-Secure
BYOD-Open
Personal Asset
Access Point
ISE
Wireless LAN Controller
AD/LDAP
• User connects to Open SSID
• Redirected to
WebAuth portal
• User enters employee
or guest credentials
• Guest signs AUP and
gets Guest access
• Employee registers device
• Downloads Certificate
• Downloads Supplicant
Config
• Employee reconnects using
EAP-TLS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Reduced Opex: SGA with ISE simplifies security policies, by No VLANs, and dramatically reduced firewall rule and ACL administration
• Increased Performance: SGA switching performed in hardware at line rate, allowing greater granularity without sacrificing performance
• Cisco innovation, “tagging” mechanism to identify and enforce network based policy
• TrustSec (Trusted Security): Architecture that provides a consistent approach to security
Secure Group Access (SGA): Tagging mechanism to enable simplified policy enforcement based on the “personality” of the user/device
Identity Services Engine (ISE) and PRIME for management
Secure Group Tag {SGT}
Secure Group ACL (Access Control List)
{SGACL}
Configured in ISE Managed in PRIME
Secure Group Access {SGA}
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Simple User Interface: User friendly interface, increases productivity
• Increased security posture beyond VPN tunnel, leveraging ScanSafe Web/Email security
• Cisco remains a leader in this space with largest install base
• Competitive products provide simple VPN connectivity only
• AnyConnect VPN Client: Next gen VPN client enhanced specifically for BYOD devices. Leverages capabilities of consumer devices including always on networking (persistent connection upon wake from sleep), seamless WiFi/Cellular transition, etc. Functionality is enabled via latest ASA concentrators
Corporate
Office Home
Office
Secure,
Consistent
Access
Wired Wi-Fi
Cellular
/Wi-Fi
Corporate
Headquarters
ASA
Mobile
User
Does the thinking
• Self installation and provisioning
• Finds and maintains best connection
Broadest Platform Support
• All major mobile devices, PCs, web browsers
Any Productivity App
• Voice, video, data, apps, VDI
Always On
• Rebuilds broken sessions
• Seamless network handoffs
Always Secure
• Verifies device compliance
• Stops malware and data loss
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
One Policy—ISE and AnyConnect
Competitive Position
Cisco’s comprehensive ISE solution is a leader in
the security segment, Good, MobileIron, Airwatch
and Zenprise are all leaders within their segments;
together no other vendors or vendor partnerships
can equal this solution
ISE provides end-to-end policy control point over wired/wireless/VPN networks, providing IT
visibility of every device, both employee and corporate owned assets. ISE delivers the most
effective and automated onboarding capability in the industry.
ISE is a highly capable and somewhat complex platform that is best introduced in
functional “steps”—typically starting with network visibility. ISE “sees everything”
even devices that MDM cannot. A deployment roadmap is required to step an
enterprise into the complete capabilities of the platform.
POSITIONING
Rigorous Identity Enforcement: Profiles
personal, IT, corporate and specialized devices. Now
includes device feeder service to keep profiler current
Automated Device Security: device security
posture checks and integration with MDM solutions
Cisco offers integrated MDM solutions with the
MDM market leaders: Airwatch, Good, MobileIron,
SAP/Afaria, Zenprise/Citrix
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
One Policy—ISE and AnyConnect
Feature, Function, Component
• Simplified AnyConnect VPN client for iOS
and Android
• Cisco ASA provides additional functionality
• ISE enables the automation of on-boarding
with AnyConnect (CY13Q2)
Competitive Position
• Cisco remains a leader in this space with
largest install base.
• Competitive products provide simple VPN
connectivity only
Cisco AnyConnect—VPN client for user devices that maintains a secure and persistent VPN
connection as the user changes location—persistent connectivity without reconnecting
Increasingly relevant as users become more mobile. AnyConnect is a single, uniform
client easily downloaded and installed from the Apple AppStore and Droid Marketplace.
Direct application to the CxO, which are the largest population of tablet users. POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
One Policy—ISE and AnyConnect
Feature, Function, Component
• TrustSec—Cisco’s Architecture for providing
Secure Mobility through embedded network
contexts
• Secure Group Tagging (SGT)—‘tagging’ traffic
based on context (as above), route and
prioritize accordingly
• Two-way Device Protection- governs inbound
and outbound traffic for every endpoint
Competitive Position
• Cisco innovation—“tagging” mechanism to
identify and enforce network based policy
• Competitors try to create perception that they
have similar capability however many solutions
are based on older Access Control Lists (ACL)
strategies- these strategies have never been
widely adopted due to complexity and
performance impact
The Cisco Network is an INTELLIGENT network—it recognizes the user, device, application and
working with Active Directory, user job function, position and other profile info. With ISE, Cisco has
developed context-aware security, allowing IT to set security policy based on many parameters
Essential as users become increasingly mobile with more consumer devices. With Cisco
Unified Access, policy is set once and centrally deployed, in the same policy language as
Active Directory; policy is enforced, regardless of the access method; “identity-on-the go” POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
1. Complete Device Visibility and Simplified Onboarding
2. Consistent Business Policy Enforcement
3. Extending Unified Access to VPN
One Policy ISE and AnyConnect
1. Converged Wired and Wireless
2. Consistent AVC
3. Consistent Resiliency
One Network Wired and Wireless
1. Simplified Visibility and Compliance
2. Simplified Deployment
3. Simplified Operations and Reduced OPEX
One Management Prime Infrastructure
Systematic Approach to Address Key Customer Concerns
Visibility | Availability | Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Visibility: Allows for better budget planning for hardware and OS upgrades
• Reduced Risk: Customer knows impact of changes; simple check to verify still compliant
• Most comprehensive management toolset available
• Compliance assessment tool integrated within single pane of glass- competitive solutions are fragmented leaving gaps and risk
• Lifecycle Readiness Reports: Available for all managed devices: Automatically syncs with Cisco.com for latest info for EoX, PSIRT; all devices are polled based on assessment being performed; reports are local to customer and never need to be exchanged externally
PSIRT: Product Security Incident Response Team
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Visibility: 1st industry solution that allows easy identification
• All Devices- managed (router) through employee owned (Ipad)
• All Applications- not just HTTP video granular to YouTube versus Skype
• All Users- ISE and AD integration manage by user not IP
• Other vendors lack granularity {Cisco 1000’s of Apps seen competitors 100’s}
• Other vendors utilize multiple systems causing performance impact to infrastructure
• NBAR mechanisms within the infrastructure (switches, routers, AP, etc.) report to the Prime system. This system is integrated with platforms such as Active Directory and ISE allowing operations team to manage by user, device (router through tablet) and granular application views.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Reduced Risk: Designs are validated against real customer requirements, allowing customers to deploy with a high level of certainty of success
• Accelerated Adoption: When combined with Prime workflows and templates deployment is accelerated with minimal staff adjustments
• No other competitor offers a validated program at this level; most offer only configuration guides and command references.
• CVD are tested and results are available; commands and configurations are organized into solutions
• CVD: Cisco Validated Design—program that tests, validates and recommends Cisco best practices for network and application design and deployment
• SBA: Smart Business Architecture—simplified best practice program targeted towards customers with <10K devices
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Rapid time to deploy- no wasted time identifying commands or configuration steps
• Reduced Risk- templates based on tested CVD recommendations
• Reduced OPEX- less expertise and man hours needed to deploy; reduces burden of deploying new technologies
• Power in the completeness of the solution; competitive solutions only cover portions leaving IT with additional challenges trying to maintain the management platform-most customers still deploy manually due to these gaps
• Workflow Templates- allow IT to leverage easy to configure templates to deploy new technologies
• CVD based, technology based or custom templates
• Templates can be scheduled and pushed from Prime or configuration files can be created and deployed via traditional methods
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Reduced OPEX: Largest growth of devices is at the access layer; Smart Install and Smart Ports automates the deployment of OS and device configuration
• Reduced Downtime: Smart Call Home and EEM allow for automated troubleshooting under defined conditions reducing reaction time and downtime
• Many customers enable less than 10% of available features in Cisco products therefore the adoption of these tools is not emphasized
• Sell to both infrastructure team AND network management team
• Smart Operations: Accelerates deployment, device management and problem resolution; includes Smart Install, Smart Ports, Smart Call Home and Embedded Event Manager
Access Switches
Port Configured
Image Downloaded
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
One Management—Prime Infrastructure
Feature, Function, Component
• Cisco Validated Designs (CVD) and Smart Business Architectures (SBA)-Surprise free networking; Cisco is 1st to deploy, assuming the risks with the system integration cycle saving customers time and money
• Prime Infrastructure LifeCycle Templates and Workflows
Competitive Position
• Cisco invests Billions in R&D each year, developing technologies and products many years ahead of our customer demand
• Millions dedicated to building large scale build-outs to test actual customer environments before released as a product
• No other competitor invests at the same level
Cisco Prime Infrastructure Lifecycle provides guidance to leverage best practices in CVD/SBA templates to
deploy technologies according to tested configurations. Pre-defined and customizable workflow templates
ease the burden of deploying technologies that previously would have been delayed due to time consuming
manual configuration procedures.
The CVD/SBA program when aligned with assessments, templates and workflows provide the
customer a way to reduce OPEX costs by requiring minimal staff to deploy complex solutions. POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
One Management—Prime Infrastructure
Feature, Function, Component
• Readiness Reports -prepare for technology deployments {TrustSec, AVC/Medianet, etc}
• Inventory management reports- Contract Status, EoX status and Security Vulnerabilities (PSIRT)
• Compliance Readiness Reports for PCI, HIPAA, SOX, DISA, ISO27002
• Visibility into ALL devices, ALL traffic & applications and ALL Users across wired and wireless through a single console
Competitive Position
• Competitors utilize a disparate collection of tools
• Decreases efficiency of Ops staff
• Increased licensing and platform costs
• Greater burden on production systems to have multiple systems all utilizing resources such as critical CPU cycle of switch
• Prime eliminates the above issues, reduces both CAPEX and OPEX and increases performance and efficiency through a single pane of glass
Cisco Prime Infrastructure allows you to easily gain visibility into all aspects of traffic, users and devices.
Assessments are built in to determine the state of your environment at anytime from determining if you are
ready to implement a certain technology or ensuring you maintain compliance levels through managing
device specific info such as maintenance contracts and security alerts.
EoX reports allows for improved budgeting cycles and visibility. Other Readiness and
Compliance Reports when combined with workflow templates directly reduce OPEX required
to install, deploy and operate a Cisco Network with advanced features. Faster time to deploy. POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
One Management—Prime Infrastructure
Feature, Function, Component
• Smart Install—“plug and play” – new switches are connected to the network, OS is downloaded and configured automatically
• Smart Ports—allows the switch to configure a port’s VLAN, QoS and security parameters based on the type of device connected (e.g., phone, laptop, etc.)
• Smart Call Home—allows the switch to open it’s own TAC case during troubleshooting
• Embedded Event Manager (EEM)—simple and comprehensive scripting to customize operational tasks
Competitive Position
• Most comprehensive set of macros in industry; competitors lack complete coverage of QoS, Security and device specific parameters
• Open communities where people share scripting advise and actual scripts to automate many activities
• Integrated with Prime templates to further automate many processes
Catalyst Switches integrate features that directly reduce both OPEX and the complexity to
deploy and operate them. Smart Install and Smart Ports allow for automated configuration.
Smart Call Home and EEM allow for advanced customization and troubleshooting.
These features simplify installation and operation of the infrastructure, resulting
in OPEX savings POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
1. Complete Device Visibility and Simplified Onboarding
2. Consistent Business Policy Enforcement
3. Extending Unified Access to VPN
One Policy ISE and AnyConnect
1. Converged Wired and Wireless
2. Consistent AVC
3. Consistent Resiliency
One Network Wired and Wireless
1. Simplified Visibility and Compliance
2. Simplified Deployment
3. Simplified Operations and Reduced OPEX
One Management Prime Infrastructure
Systematic Approach to Address Key Customer Concerns
Visibility | Availability | Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Bui l t on C isco ’s Innova t ive “ UADP: Un i f ied Access Data Plane” ASIC
The In te l l i gen t Swi tch fo r the Wor ld Connec ted
* Roadmap
Wireless CAPWAP Termination Lifetime Warranty
40 Gbps Uplink Bandwidth
Line Rate on All Ports
FRU Fans, Power Supplies
Granular
QoS/Flexible NetFlow
Up to 50 APs/2000 clients per stack, and 40G per switch
480 Gbps Stacking Bandwidth
Stackpower
SGT/SGACL*
Full POE+
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Reduced OPEX: Simplified management, single maintenance contract, eliminate points of failure and management overhead
• Increased Capabilities: Feature roadmap aligned to both wired and wireless; brings wireless infrastructure into critical enterprise environment
• Industry’s FIRST integrated wired and wireless device
• Will take ~18 months for wired and wireless feature set to normalize-certain situations will drive existing product lines during this time- see ..http://iwe.cisco.com/ws#web/cisco-unified-access/catalyst-3850
• Common CLI syntax for both Wired and Wireless
• Common code train provides consistent feature roadmap for end-to-end capabilities including QoS, Trustsec, etc.
Features:
• 802.11n
• Clean Air
• Video Stream
• Radio Resource Management (RRM)
• Wireless Intrusion Prevention System (WiPS)
• 802.11ac Ready
Features:
• Stacking, Stackpower
• Trustsec/Identity
• AVC/Medianet
• Flexible Netflow
• Granular QoS
• Smart Operations
• EnergyWise
• Virtualization
Benefits
• Built on UADP– Cisco’s Innovative Flexparser ASIC technology
• Eliminates operational complexity
• Single Operating System for wired and wireless
20+ Years of IOS Richness Now on Wireless
WIRELESS WIRED
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Granular Application Management: Hierarchical QoS provides rich granularity allowing for consistent prioritization of both wired and wireless traffic
• Decrease risks within Wireless: Existing wired features designed to “harden” access ports available directly at the AP’s connectivity point in the infrastructure
• Competitive solutions lack the maturity to offer a solution that can match ours in granularity and performance.
• HP has solid QoS & Security but lacks in wireless
• Aruba has strong wireless but lacks in switching (QoS and Security)
• Quality of Service (QoS) and Security: Features are now available in the wireless infrastructure by leveraging wired IOS feature sets
Per AP
Per Radio
Per SSID
Per Client
Per Application
Hierarchical QoS
802.11n ac
SSID
1
SSID
2
SSID
1
SSID
2
Jabber
Security
• Identity
• Device Profiling
• SGT/SGACL*
• Control Plane Policing
• MACSec
• Port Security
• DHCP Snooping and IP Source Guard
• Wireless Intrusion Prevention System (WiPS)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Improved Performance: 480G stack bandwidth; 40G wireless/switch; 2K clients without separate WLC; 50 APs
• Distributed Model: CAP/WAP {tunnel} traffic terminated at access layer—providing TBps capability within campus networks
• Industry’s FIRST integrated wired/wireless pltaform
• Cisco is the clear leader in BOTH wired and wireless— no other competitor can currently match this capability
• Similar solution from Aruba limited to <10 Aps, stacking capability is much lower
• UADP {Unified Access Data Plane} ASIC: A complete wireless controller on a chip, in addition to advanced wireless traffic management capabilities; provides massive wireless scalability
3850
Sup 8 for 4500E
5760 WLC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Application Visibility: Beyond classifying voice, video and data; moving into multiple video applications within the “video” bucket (HTTP versus YouTube)
• Only solution across wired and wireless campus- Only Single Console management system- others require multiple- OPEX impact
• Platform Hardware and Resources are greater- allowing far better performance while increasing granularity- others are limited by switching and routing performance
• NBAR: Mechanism enabled within the wired and wireless infrastructure that identifies and interacts with traffic at the application level- visibility into 1000’s of APPS
• Prime Assurance: User Interface and platform utilized to manage the granular visibility
• NBAR enables AVC; Medianet is Video implementation of AVC; MediaTrace is a tool in the Medianet system- MORE APPS COMING
Device/Application ID
Exported to FnF
Netflix = 50%
YouTube = 15%
WebEx = 10%
Citrix = 9%
Exchange= 8%
Uniform
Application-
Based QoS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Application Visibility: In-depth Rich Media tools reduce outage times and ensure consistent performance
• Mission Critical/Drop sensitive environments (BYOD, Video, VDI)—provide high availability
• Cisco innovation, “tagging” mechanism to identify, troubleshoot, monitor and prioritize video based traffic
• Cisco is the clear leader in the business video market
• MediaTrace with Prime: Provides advanced, real-time video troubleshooting capabilities managed via Cisco Prime
Cisco Prime
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• CAPEX Investment: Minimize with pay-as-you-grow
• Mission Critical/Drop sensitive environments (BYOD, Video, VDI): Provide high availability
• Simplified Configuration and Device Management: Multiple switches “seen as one”
• Cisco Design Methodology NOT another feature; integral part of Catalyst switches for over a decade
• All components, devices and connections can be redundant
• Similar capability within all Cisco Product Lines
• Stackwise+: Stack up to 9 switches
• Stackpower: Share power within 4 switches
• Redundancy: Fan, power supply, supervisor, ASIC
Simplify and Scale with StackWise+
Fan Redundancy
Maximize Power Redundancy with StackPower
In-Chassis FRU Redundant PSU
Redundant Fans
Redundant Supervisor
Redundant Uplinks
4K 6K Redundant Power Supply
3K
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Double Switching Capacity: Utilize all paths all the time -better return on Investment
• Reduced OPEX: Single Simplified Configuration, eliminate configuration tasks and protocols- no longer 2 switches/configuration files now 1 switch, 1 file and less lines
• Safe and Efficient Layer 2 topologies: Safely deploy larger layer 2 domains without increasing risks
• Consistent strategy across campus (Access-Distribution-Core)
• Similar solution within Datacenter using VPC
• Most Competitors have similar approaches however failover times are drastically longer- causing greater loss of revenue
• Virtual Switching System (VSS): Virtualizes chassis’ to greatly simplify and improve performance in redundant configurations
• Enhances traditional redundancy models (Spanning Tree Protocol) enables better utilization of redundant resources during steady state
NO VSS VSS
Traffic Capacity
NO VSS VSS
MGMT
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Mission Critical/Drop sensitive environments (BYOD, Video, VDI): Provide zero downtime availability
Wireless now critical enterprise infrastructure
Sub-second seamless failover
“Backup” licensing model for 2nd controller
• First Introduced in switching in mid-90’s with Cat5K: Stable and well known approach
• Closest competitor has >30 sec failover times: Interrupts voice and video streams in BYOD scenarios
• Stateful Switch Over (SSO): Feature that allows sub-second failover of layer two switching tables
• Wireless SSO allows dual controllers, AP’s tunnels are mapped to both controllers, controller failure does not interrupt traffic flow
5508 or WISM2 with SW Upgrade or new 5760
ISE Prime
Access Points
AP
State Sync AP Resiliency
High Availability
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Competitive Comparison
Customer Problem / Impact / Benefit
Feature/Capabilities
• Minimize Lost Revenue due to maintenance windows
• Decreased risks associated with OS upgrades; more switches in shorter windows due automated process
• Increased reaction time to bugs, vulnerabilities, etc.
• Similar approach on majority of Cisco portfolio
• Most Competitors have similar approaches however failover times are drastically longer- causing greater loss of revenue
• In-Service Software Upgrade (ISSU): Leverages a secondary supervisor for seamless OS upgrades without interrupting traffic
• Secondary Supervisor is upgraded, reloaded and then a supervisor failover is initialized (sub-second), process is then performed on the primary supervisor
Dual Supervisors
Active
Standby
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
One Network—Wired and Wireless
Feature, Function, Component
• Converged Software- single device performs wired
and wireless functionality
• Enhanced QoS & Security – IOS features available
within wireless configurations now
• Scale- Distributed controller model—Tunnels are
now terminated on the first hop access switch—
dramatically improves scalability, eliminates
backhaul controller traffic
Competitive Position
• Cisco is the market leader in Wired
AND wireless
• Cisco is leading the market in converging
wired and wireless into single platforms.
• Closest competitor (Aruba) is a fraction of the
scale and performance limiting their support of
rapidly growing speeds such as 802.1ac
The Catalyst 3850 provides both wired and wireless access. Along with ISE, IT is now able to
guarantee consistent access, policy, security and functionality regardless of access method
Whether a user is accessing the network via wired or wireless, their experience is the same!
IT can provide a consistent user experience with the deployment of a single switch
rather than two discrete (wired and wireless) access networks POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
One Network—Wired and Wireless
Feature, Function, Component
• High Visibility into actual Applications across
infrastructure—including video
• Gives IT visibility of all apps being accessed by
ALL devices (including guest and consumer
devices) on their network, even when IT doesn’t
own the device
• Control: Allows (consumer) applications to
be blocked
Competitive Position
• Industry’s First integrated system to easily
identify applications
• Can SEE over 1000 unique applications-
closest competitor <100
• Only vendor with consistent capability across
wired and wireless campus
The Cisco network ‘sees’ not just traffic, but also the application being accessed by the
user. This gives IT the ability to then control the access, performance and prioritization of
that application according to their policy.
With BYOD, IT is less able to control application usage and performance from
end-user devices, therefore integrated wired/wireless functionality becomes
increasingly relevant, especially with the high adoption of video POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
One Network—Wired and Wireless
Feature, Function, Component
• Stackwise, StackPower: Redundant components supervisors, ports, fans, power supplies, etc. Up to 9 in stack; share power between four
• VSS: Virtual Switching System—Combine two switches to create one logical switch = Simplified configuration
• SSO & APSSO: Stateful Switch Over wired and wireless – failover happens with minimal interruption
• ISSU: In-Service Software Upgrade—gives the ability to upgrade software without interrupting traffic
Competitive Position
• First Introduced in switching in mid-90’s with Cat5K—stable and well known; Cisco Design Methodology NOT another feature; integral part of Catalyst switches for over a decade
• Closest wireless competitor has >30 sec failover times—interrupts video and voice streams in BYOD scenarios
• Cisco has consistently lead innovation in this area producing the lowest failover times within the industry
Industry-leading Resiliency functionality available on BOTH WIRED AND WIRELESS platforms.
Mission Critical aspects of the infrastructure are increasingly strained with BYOD
and Business Video—wireless is transforming from “nice to have” to “Mission
Critical”. Downtime will not be tolerated POSITIONING
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
1. Complete Device Visibility and Simplified Onboarding
2. Consistent Business Policy Enforcement
3. Extending Unified Access to VPN
One Policy ISE and AnyConnect
1. Converged Wired and Wireless
2. Consistent AVC
3. Consistent Resiliency
One Network Wired and Wireless
1. Simplified Visibility and Compliance
2. Simplified Deployment
3. Simplified Operations and Reduced OPEX
One Management Prime Infrastructure
Systematic Approach to Address Key Customer Concerns
Visibility | Availability | Control