cisco unified access roadshow - cisco - global home page€¦ · connection as the user changes...

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Unified Access Roadshow Osama Rasoul

Sales Manager, Network Architectures

CCIE R&S # 10165

[email protected]

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Unified Access System

Introduction

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

1. Complete Device Visibility and Simplified Onboarding

2. Consistent Business Policy Enforcement

3. Extending Unified Access to VPN

One Policy ISE and AnyConnect

1. Converged Wired and Wireless

2. Consistent AVC

3. Consistent Resiliency

One Network Wired and Wireless

1. Simplified Visibility and Compliance

2. Simplified Deployment

3. Simplified Operations and Reduced OPEX

One Management Prime Infrastructure

Systematic Approach to Address Key Customer Concerns

Visibility | Availability | Control







2. Consistent AVC










Competitive Comparison

Customer Problem / Impact / Benefit

Feature/Capabilities

• Auto-Install Updates: Over-the-air distribution of applications, data, OS and configuration settings for mobile devices that are registered (non-registered devices can not be managed by MDM)

• Remote Wipe: Of lost / stolen devices, protecting against data loss (in support of Data Loss Prevention—DLP)

• Cisco is uniquely partnered with these five MDM vendors, representing the market leaders

• Mobile Device Management (MDM): Software deployed across mobile operators, service providers and enterprises to secure, manage, monitor and support smart phones and tablets





• Centralized Security Management: All devices are verified by ISE before the access port allows connection; performs the role of a “security guard”—device/user must be “on the list” to get in

• Complete Visibility: Sees all devices regardless of how they connect (wired, wireless or VPN); provides visibility of devices not registered with MDM

• Cisco has most comprehensive offering in the market

• Competitors try to sell solutions that are missing functionality by presenting their solutions as simplified

• Start with guest access, then corporate owned versus employee owned, gradually over time introduce other levels of context

• Identity Services Engine (ISE): Policy Engine that interacts with Active Directory, Cisco devices, PRIME and several MDM platforms to provide granular policy creation and enforcement for wired, wireless and VPN connection

User

Fixed PC at office desk- user always works from this PC

Traditional Device / User Management

Context based Device / User management

Any where, Any time, Any thing (device)

= 10.1.2.3 =





• Complete Visibility: Utilizing ISE and MDM, ALL devices are seen and controlled, allowing IT to simplify MDM enrollment, fast adoption of employee owned devices as well as maintain consistent visibility of non-mobile devices such as wired PC or game consoles

• Cisco’s comprehensive ISE solution is a leader in the security segment; Good, MobileIron, Airwatch, Afaria/SAP and Citrix/Zenprise are leaders within the MDM segments; together; no other vendor(s) partnerships can equal this solution. Cisco completes the personal device security promise of MDM – by ensuring all devices are compliant before access

• Enforced Device Compliance: ISE catches non MDM compliant devices and forces them to comply with MDM policy

• Offers user options to accept MDM for full access, or reject MDM for restricted (Internet-only) or no access

Best Practice—Current

Best Practice—Future CY13Q2

MDM is network BLIND Cannot see non-MDM registered

devices, cannot enforce compliance

ISE “sees” all devices ISE BYOD enforces MDM device compliance

ISE and MDM Integrate

Enforced Mobile Device Compliance

Automates MDM registration

Quarantines non-compliant devices

Users can elect to not register

and be allowed guest services

= Complete Solution +

MDM

Mobile Device

Security Control

Device Security and

Compliance

Mobile Application

Management

Data Security

Controls

ISE

Device Access

Control

Device Identity

BYOD On-boarding

Device Access

Control





• Provisioning Portal: ISE provides a guest portal for employees to add/request guest access for visitors

• Automated Process: Device/User credentials are validated; users to follow prompts to add necessary apps, patches, register with MDM or choose a quarantined limited access network- gives users freedom to choose

• Cisco’s integrated solution allows wired, wireless and VPN users plus MDM and MS AD to interact in a way no other competitor allows

• Competition tries to piece together disjointed products and vendors to create a solution but the gaps are not addressed in a complete platform

• Onboarding: Process of adding users and BYOD devices to the enterprise network-Automated service to help workers securely use personal devices at work.

BYOD-Secure

BYOD-Open

Personal Asset

Access Point

ISE

Wireless LAN Controller

AD/LDAP

• User connects to Open SSID

• Redirected to

WebAuth portal

• User enters employee

or guest credentials

• Guest signs AUP and

gets Guest access

• Employee registers device

• Downloads Certificate

• Downloads Supplicant

Config

• Employee reconnects using

EAP-TLS





• Reduced Opex: SGA with ISE simplifies security policies, by No VLANs, and dramatically reduced firewall rule and ACL administration

• Increased Performance: SGA switching performed in hardware at line rate, allowing greater granularity without sacrificing performance

• Cisco innovation, “tagging” mechanism to identify and enforce network based policy

• TrustSec (Trusted Security): Architecture that provides a consistent approach to security

Secure Group Access (SGA): Tagging mechanism to enable simplified policy enforcement based on the “personality” of the user/device

Identity Services Engine (ISE) and PRIME for management

Secure Group Tag {SGT}

Secure Group ACL (Access Control List)

{SGACL}

Configured in ISE Managed in PRIME

Secure Group Access {SGA}





• Simple User Interface: User friendly interface, increases productivity

• Increased security posture beyond VPN tunnel, leveraging ScanSafe Web/Email security

• Cisco remains a leader in this space with largest install base

• Competitive products provide simple VPN connectivity only

• AnyConnect VPN Client: Next gen VPN client enhanced specifically for BYOD devices. Leverages capabilities of consumer devices including always on networking (persistent connection upon wake from sleep), seamless WiFi/Cellular transition, etc. Functionality is enabled via latest ASA concentrators

Corporate

Office Home

Office

Secure,

Consistent

Access

Wired Wi-Fi

Cellular

/Wi-Fi

Corporate

Headquarters

ASA

Mobile

User

Does the thinking

• Self installation and provisioning

• Finds and maintains best connection

Broadest Platform Support

• All major mobile devices, PCs, web browsers

Any Productivity App

• Voice, video, data, apps, VDI

Always On

• Rebuilds broken sessions

• Seamless network handoffs

Always Secure

• Verifies device compliance

• Stops malware and data loss


One Policy—ISE and AnyConnect

Competitive Position

Cisco’s comprehensive ISE solution is a leader in

the security segment, Good, MobileIron, Airwatch

and Zenprise are all leaders within their segments;

together no other vendors or vendor partnerships

can equal this solution

ISE provides end-to-end policy control point over wired/wireless/VPN networks, providing IT

visibility of every device, both employee and corporate owned assets. ISE delivers the most

effective and automated onboarding capability in the industry.

ISE is a highly capable and somewhat complex platform that is best introduced in

functional “steps”—typically starting with network visibility. ISE “sees everything”

even devices that MDM cannot. A deployment roadmap is required to step an

enterprise into the complete capabilities of the platform.

POSITIONING

Rigorous Identity Enforcement: Profiles

personal, IT, corporate and specialized devices. Now

includes device feeder service to keep profiler current

Automated Device Security: device security

posture checks and integration with MDM solutions

Cisco offers integrated MDM solutions with the

MDM market leaders: Airwatch, Good, MobileIron,

SAP/Afaria, Zenprise/Citrix



Feature, Function, Component

• Simplified AnyConnect VPN client for iOS

and Android

• Cisco ASA provides additional functionality

• ISE enables the automation of on-boarding

with AnyConnect (CY13Q2)


• Cisco remains a leader in this space with

largest install base.

• Competitive products provide simple VPN

connectivity only

Cisco AnyConnect—VPN client for user devices that maintains a secure and persistent VPN

connection as the user changes location—persistent connectivity without reconnecting

Increasingly relevant as users become more mobile. AnyConnect is a single, uniform

client easily downloaded and installed from the Apple AppStore and Droid Marketplace.

Direct application to the CxO, which are the largest population of tablet users. POSITIONING




• TrustSec—Cisco’s Architecture for providing

Secure Mobility through embedded network

contexts

• Secure Group Tagging (SGT)—‘tagging’ traffic

based on context (as above), route and

prioritize accordingly

• Two-way Device Protection- governs inbound

and outbound traffic for every endpoint


• Cisco innovation—“tagging” mechanism to

identify and enforce network based policy

• Competitors try to create perception that they

have similar capability however many solutions

are based on older Access Control Lists (ACL)

strategies- these strategies have never been

widely adopted due to complexity and

performance impact

The Cisco Network is an INTELLIGENT network—it recognizes the user, device, application and

working with Active Directory, user job function, position and other profile info. With ISE, Cisco has

developed context-aware security, allowing IT to set security policy based on many parameters

Essential as users become increasingly mobile with more consumer devices. With Cisco

Unified Access, policy is set once and centrally deployed, in the same policy language as

Active Directory; policy is enforced, regardless of the access method; “identity-on-the go” POSITIONING







2. Consistent AVC













• Visibility: Allows for better budget planning for hardware and OS upgrades

• Reduced Risk: Customer knows impact of changes; simple check to verify still compliant

• Most comprehensive management toolset available

• Compliance assessment tool integrated within single pane of glass- competitive solutions are fragmented leaving gaps and risk

• Lifecycle Readiness Reports: Available for all managed devices: Automatically syncs with Cisco.com for latest info for EoX, PSIRT; all devices are polled based on assessment being performed; reports are local to customer and never need to be exchanged externally

PSIRT: Product Security Incident Response Team





• Visibility: 1st industry solution that allows easy identification

• All Devices- managed (router) through employee owned (Ipad)

• All Applications- not just HTTP video granular to YouTube versus Skype

• All Users- ISE and AD integration manage by user not IP

• Other vendors lack granularity {Cisco 1000’s of Apps seen competitors 100’s}

• Other vendors utilize multiple systems causing performance impact to infrastructure

• NBAR mechanisms within the infrastructure (switches, routers, AP, etc.) report to the Prime system. This system is integrated with platforms such as Active Directory and ISE allowing operations team to manage by user, device (router through tablet) and granular application views.





• Reduced Risk: Designs are validated against real customer requirements, allowing customers to deploy with a high level of certainty of success

• Accelerated Adoption: When combined with Prime workflows and templates deployment is accelerated with minimal staff adjustments

• No other competitor offers a validated program at this level; most offer only configuration guides and command references.

• CVD are tested and results are available; commands and configurations are organized into solutions

• CVD: Cisco Validated Design—program that tests, validates and recommends Cisco best practices for network and application design and deployment

• SBA: Smart Business Architecture—simplified best practice program targeted towards customers with <10K devices





• Rapid time to deploy- no wasted time identifying commands or configuration steps

• Reduced Risk- templates based on tested CVD recommendations

• Reduced OPEX- less expertise and man hours needed to deploy; reduces burden of deploying new technologies

• Power in the completeness of the solution; competitive solutions only cover portions leaving IT with additional challenges trying to maintain the management platform-most customers still deploy manually due to these gaps

• Workflow Templates- allow IT to leverage easy to configure templates to deploy new technologies

• CVD based, technology based or custom templates

• Templates can be scheduled and pushed from Prime or configuration files can be created and deployed via traditional methods





• Reduced OPEX: Largest growth of devices is at the access layer; Smart Install and Smart Ports automates the deployment of OS and device configuration

• Reduced Downtime: Smart Call Home and EEM allow for automated troubleshooting under defined conditions reducing reaction time and downtime

• Many customers enable less than 10% of available features in Cisco products therefore the adoption of these tools is not emphasized

• Sell to both infrastructure team AND network management team

• Smart Operations: Accelerates deployment, device management and problem resolution; includes Smart Install, Smart Ports, Smart Call Home and Embedded Event Manager

Access Switches

Port Configured

Image Downloaded


One Management—Prime Infrastructure


• Cisco Validated Designs (CVD) and Smart Business Architectures (SBA)-Surprise free networking; Cisco is 1st to deploy, assuming the risks with the system integration cycle saving customers time and money

• Prime Infrastructure LifeCycle Templates and Workflows


• Cisco invests Billions in R&D each year, developing technologies and products many years ahead of our customer demand

• Millions dedicated to building large scale build-outs to test actual customer environments before released as a product

• No other competitor invests at the same level

Cisco Prime Infrastructure Lifecycle provides guidance to leverage best practices in CVD/SBA templates to

deploy technologies according to tested configurations. Pre-defined and customizable workflow templates

ease the burden of deploying technologies that previously would have been delayed due to time consuming

manual configuration procedures.

The CVD/SBA program when aligned with assessments, templates and workflows provide the

customer a way to reduce OPEX costs by requiring minimal staff to deploy complex solutions. POSITIONING




• Readiness Reports -prepare for technology deployments {TrustSec, AVC/Medianet, etc}

• Inventory management reports- Contract Status, EoX status and Security Vulnerabilities (PSIRT)

• Compliance Readiness Reports for PCI, HIPAA, SOX, DISA, ISO27002

• Visibility into ALL devices, ALL traffic & applications and ALL Users across wired and wireless through a single console


• Competitors utilize a disparate collection of tools

• Decreases efficiency of Ops staff

• Increased licensing and platform costs

• Greater burden on production systems to have multiple systems all utilizing resources such as critical CPU cycle of switch

• Prime eliminates the above issues, reduces both CAPEX and OPEX and increases performance and efficiency through a single pane of glass

Cisco Prime Infrastructure allows you to easily gain visibility into all aspects of traffic, users and devices.

Assessments are built in to determine the state of your environment at anytime from determining if you are

ready to implement a certain technology or ensuring you maintain compliance levels through managing

device specific info such as maintenance contracts and security alerts.

EoX reports allows for improved budgeting cycles and visibility. Other Readiness and

Compliance Reports when combined with workflow templates directly reduce OPEX required

to install, deploy and operate a Cisco Network with advanced features. Faster time to deploy. POSITIONING




• Smart Install—“plug and play” – new switches are connected to the network, OS is downloaded and configured automatically

• Smart Ports—allows the switch to configure a port’s VLAN, QoS and security parameters based on the type of device connected (e.g., phone, laptop, etc.)

• Smart Call Home—allows the switch to open it’s own TAC case during troubleshooting

• Embedded Event Manager (EEM)—simple and comprehensive scripting to customize operational tasks


• Most comprehensive set of macros in industry; competitors lack complete coverage of QoS, Security and device specific parameters

• Open communities where people share scripting advise and actual scripts to automate many activities

• Integrated with Prime templates to further automate many processes

Catalyst Switches integrate features that directly reduce both OPEX and the complexity to

deploy and operate them. Smart Install and Smart Ports allow for automated configuration.

Smart Call Home and EEM allow for advanced customization and troubleshooting.

These features simplify installation and operation of the infrastructure, resulting

in OPEX savings POSITIONING







2. Consistent AVC










Bui l t on C isco ’s Innova t ive “ UADP: Un i f ied Access Data Plane” ASIC

The In te l l i gen t Swi tch fo r the Wor ld Connec ted

* Roadmap

Wireless CAPWAP Termination Lifetime Warranty

40 Gbps Uplink Bandwidth

Line Rate on All Ports

FRU Fans, Power Supplies

Granular

QoS/Flexible NetFlow

Up to 50 APs/2000 clients per stack, and 40G per switch

480 Gbps Stacking Bandwidth

Stackpower

SGT/SGACL*

Full POE+





• Reduced OPEX: Simplified management, single maintenance contract, eliminate points of failure and management overhead

• Increased Capabilities: Feature roadmap aligned to both wired and wireless; brings wireless infrastructure into critical enterprise environment

• Industry’s FIRST integrated wired and wireless device

• Will take ~18 months for wired and wireless feature set to normalize-certain situations will drive existing product lines during this time- see ..http://iwe.cisco.com/ws#web/cisco-unified-access/catalyst-3850

• Common CLI syntax for both Wired and Wireless

• Common code train provides consistent feature roadmap for end-to-end capabilities including QoS, Trustsec, etc.

Features:

• 802.11n

• Clean Air

• Video Stream

• Radio Resource Management (RRM)

• Wireless Intrusion Prevention System (WiPS)

• 802.11ac Ready

Features:

• Stacking, Stackpower

• Trustsec/Identity

• AVC/Medianet

• Flexible Netflow

• Granular QoS

• Smart Operations

• EnergyWise

• Virtualization

Benefits

• Built on UADP– Cisco’s Innovative Flexparser ASIC technology

• Eliminates operational complexity

• Single Operating System for wired and wireless

20+ Years of IOS Richness Now on Wireless

WIRELESS WIRED

http://iwe.cisco.com/ws











• Granular Application Management: Hierarchical QoS provides rich granularity allowing for consistent prioritization of both wired and wireless traffic

• Decrease risks within Wireless: Existing wired features designed to “harden” access ports available directly at the AP’s connectivity point in the infrastructure

• Competitive solutions lack the maturity to offer a solution that can match ours in granularity and performance.

• HP has solid QoS & Security but lacks in wireless

• Aruba has strong wireless but lacks in switching (QoS and Security)

• Quality of Service (QoS) and Security: Features are now available in the wireless infrastructure by leveraging wired IOS feature sets

Per AP

Per Radio

Per SSID

Per Client

Per Application

Hierarchical QoS

802.11n ac

SSID

1

SSID

2

SSID

1

SSID

2

Jabber

Security

• Identity

• Device Profiling

• SGT/SGACL*

• Control Plane Policing

• MACSec

• Port Security

• DHCP Snooping and IP Source Guard

• Wireless Intrusion Prevention System (WiPS)





• Improved Performance: 480G stack bandwidth; 40G wireless/switch; 2K clients without separate WLC; 50 APs

• Distributed Model: CAP/WAP {tunnel} traffic terminated at access layer—providing TBps capability within campus networks

• Industry’s FIRST integrated wired/wireless pltaform

• Cisco is the clear leader in BOTH wired and wireless— no other competitor can currently match this capability

• Similar solution from Aruba limited to <10 Aps, stacking capability is much lower

• UADP {Unified Access Data Plane} ASIC: A complete wireless controller on a chip, in addition to advanced wireless traffic management capabilities; provides massive wireless scalability

3850

Sup 8 for 4500E

5760 WLC





• Application Visibility: Beyond classifying voice, video and data; moving into multiple video applications within the “video” bucket (HTTP versus YouTube)

• Only solution across wired and wireless campus- Only Single Console management system- others require multiple- OPEX impact

• Platform Hardware and Resources are greater- allowing far better performance while increasing granularity- others are limited by switching and routing performance

• NBAR: Mechanism enabled within the wired and wireless infrastructure that identifies and interacts with traffic at the application level- visibility into 1000’s of APPS

• Prime Assurance: User Interface and platform utilized to manage the granular visibility

• NBAR enables AVC; Medianet is Video implementation of AVC; MediaTrace is a tool in the Medianet system- MORE APPS COMING

Device/Application ID

Exported to FnF

Netflix = 50%

YouTube = 15%

WebEx = 10%

Citrix = 9%

Exchange= 8%

Uniform

Application-

Based QoS

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ





• Application Visibility: In-depth Rich Media tools reduce outage times and ensure consistent performance

• Mission Critical/Drop sensitive environments (BYOD, Video, VDI)—provide high availability

• Cisco innovation, “tagging” mechanism to identify, troubleshoot, monitor and prioritize video based traffic

• Cisco is the clear leader in the business video market

• MediaTrace with Prime: Provides advanced, real-time video troubleshooting capabilities managed via Cisco Prime

Cisco Prime





• CAPEX Investment: Minimize with pay-as-you-grow

• Mission Critical/Drop sensitive environments (BYOD, Video, VDI): Provide high availability

• Simplified Configuration and Device Management: Multiple switches “seen as one”

• Cisco Design Methodology NOT another feature; integral part of Catalyst switches for over a decade

• All components, devices and connections can be redundant

• Similar capability within all Cisco Product Lines

• Stackwise+: Stack up to 9 switches

• Stackpower: Share power within 4 switches

• Redundancy: Fan, power supply, supervisor, ASIC

Simplify and Scale with StackWise+

Fan Redundancy

Maximize Power Redundancy with StackPower

In-Chassis FRU Redundant PSU

Redundant Fans

Redundant Supervisor

Redundant Uplinks

4K 6K Redundant Power Supply

3K





• Double Switching Capacity: Utilize all paths all the time -better return on Investment

• Reduced OPEX: Single Simplified Configuration, eliminate configuration tasks and protocols- no longer 2 switches/configuration files now 1 switch, 1 file and less lines

• Safe and Efficient Layer 2 topologies: Safely deploy larger layer 2 domains without increasing risks

• Consistent strategy across campus (Access-Distribution-Core)

• Similar solution within Datacenter using VPC

• Most Competitors have similar approaches however failover times are drastically longer- causing greater loss of revenue

• Virtual Switching System (VSS): Virtualizes chassis’ to greatly simplify and improve performance in redundant configurations

• Enhances traditional redundancy models (Spanning Tree Protocol) enables better utilization of redundant resources during steady state

NO VSS VSS

Traffic Capacity

NO VSS VSS

MGMT





• Mission Critical/Drop sensitive environments (BYOD, Video, VDI): Provide zero downtime availability

Wireless now critical enterprise infrastructure

Sub-second seamless failover

“Backup” licensing model for 2nd controller

• First Introduced in switching in mid-90’s with Cat5K: Stable and well known approach

• Closest competitor has >30 sec failover times: Interrupts voice and video streams in BYOD scenarios

• Stateful Switch Over (SSO): Feature that allows sub-second failover of layer two switching tables

• Wireless SSO allows dual controllers, AP’s tunnels are mapped to both controllers, controller failure does not interrupt traffic flow

5508 or WISM2 with SW Upgrade or new 5760

ISE Prime

Access Points

AP

State Sync AP Resiliency

High Availability

http://www.cisco.com/en/US/products/ps10315/index.html

http://www.cisco.com/en/US/products/ps10315/index.html





• Minimize Lost Revenue due to maintenance windows

• Decreased risks associated with OS upgrades; more switches in shorter windows due automated process

• Increased reaction time to bugs, vulnerabilities, etc.

• Similar approach on majority of Cisco portfolio

• Most Competitors have similar approaches however failover times are drastically longer- causing greater loss of revenue

• In-Service Software Upgrade (ISSU): Leverages a secondary supervisor for seamless OS upgrades without interrupting traffic

• Secondary Supervisor is upgraded, reloaded and then a supervisor failover is initialized (sub-second), process is then performed on the primary supervisor

Dual Supervisors

Active

Standby


One Network—Wired and Wireless


• Converged Software- single device performs wired

and wireless functionality

• Enhanced QoS & Security – IOS features available

within wireless configurations now

• Scale- Distributed controller model—Tunnels are

now terminated on the first hop access switch—

dramatically improves scalability, eliminates

backhaul controller traffic


• Cisco is the market leader in Wired

AND wireless

• Cisco is leading the market in converging

wired and wireless into single platforms.

• Closest competitor (Aruba) is a fraction of the

scale and performance limiting their support of

rapidly growing speeds such as 802.1ac

The Catalyst 3850 provides both wired and wireless access. Along with ISE, IT is now able to

guarantee consistent access, policy, security and functionality regardless of access method

Whether a user is accessing the network via wired or wireless, their experience is the same!

IT can provide a consistent user experience with the deployment of a single switch

rather than two discrete (wired and wireless) access networks POSITIONING




• High Visibility into actual Applications across

infrastructure—including video

• Gives IT visibility of all apps being accessed by

ALL devices (including guest and consumer

devices) on their network, even when IT doesn’t

own the device

• Control: Allows (consumer) applications to

be blocked


• Industry’s First integrated system to easily

identify applications

• Can SEE over 1000 unique applications-

closest competitor <100

• Only vendor with consistent capability across

wired and wireless campus

The Cisco network ‘sees’ not just traffic, but also the application being accessed by the

user. This gives IT the ability to then control the access, performance and prioritization of

that application according to their policy.

With BYOD, IT is less able to control application usage and performance from

end-user devices, therefore integrated wired/wireless functionality becomes

increasingly relevant, especially with the high adoption of video POSITIONING




• Stackwise, StackPower: Redundant components supervisors, ports, fans, power supplies, etc. Up to 9 in stack; share power between four

• VSS: Virtual Switching System—Combine two switches to create one logical switch = Simplified configuration

• SSO & APSSO: Stateful Switch Over wired and wireless – failover happens with minimal interruption

• ISSU: In-Service Software Upgrade—gives the ability to upgrade software without interrupting traffic


• First Introduced in switching in mid-90’s with Cat5K—stable and well known; Cisco Design Methodology NOT another feature; integral part of Catalyst switches for over a decade

• Closest wireless competitor has >30 sec failover times—interrupts video and voice streams in BYOD scenarios

• Cisco has consistently lead innovation in this area producing the lowest failover times within the industry

Industry-leading Resiliency functionality available on BOTH WIRED AND WIRELESS platforms.

Mission Critical aspects of the infrastructure are increasingly strained with BYOD

and Business Video—wireless is transforming from “nice to have” to “Mission

Critical”. Downtime will not be tolerated POSITIONING







2. Consistent AVC









cisco unified access roadshow - cisco - global home page€¦ · connection as the user changes...

Documents