empowering what’s next cisco customer education · empowering what’s next cisco customer ......
TRANSCRIPT
Empowering What’s Next
Cisco Customer Education
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=1cd1928bb30445e5ba2bdd5712a74975
Thanks for your interest and participation!
Cisco Prime: Transform Your Network with Cisco
Empowering What’s Next
Cisco Customer Education
Cisco Prime: Transform Your Network with Cisco
Connect using the audio conference box or you can call into the meeting:
1. Toll-Free: (866) 432-9903
2. Enter Meeting ID: 209 534 281 and your attendee ID number.
3. Press “1” to join the conference.
§ Welcome from Cisco!
§ A Brief History of Networking
§ Cisco Unified Access Overview § One Network § Wired, Wireless, WAN
§ One Policy § Identity Services, MDM
§ One Management § Cisco Prime Infrastructure
§ Network as Enforcer
§ Conclusion, Call to Action
Welcome and Agenda
Brian J Avery Territory Business Manager
Florida Territory Commercial
[email protected] Priors:
Cisco Sales and Channels (10 yrs)
President and CEO (6 yrs) Cisco Premier Partner
Director of Sales (2 yrs) Cisco Silver Partner
Financial Analyst (7 yrs) Sprint Corporation
Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.
Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
Cisco Confidential 6 © 2014 Cisco and/or its affiliates. All rights reserved.
Who Is Cisco?
Chuck Robbins, CEO, Cisco
• Dow Jones Industrial Average Fortune 100 Company
• $145B Market Capitalization
• $48B in Revenue
• $8B in Annual Profits
• $33B More Cash than Debt
• $5.9B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
Market Leadership Matters
No. 1
Voice
39%
No. 1
TelePresence
43%
No. 1
Web Conferencing
41%
No. 1
Wireless LAN
50%
No. 2
x86 Blade Servers
27%
No. 1
Routing Edge/Core/
Access
45%
No. 1
Security
33%
No. 1
Switching Modular/Fixed
64%
No. 1
Storage Area Networks
47%
Q1CY14
§ CCE is an educational session for current and prospective Cisco customers
§ Designed to help you understand the capabilities and business benefits of Cisco technologies
§ Allow you to interact directly with Cisco subject matter experts and ask questions
§ Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
20 Years Ago: Cubicles Office Space with different Networks
Wired Ethernet and Dedicated Phone Lines
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Simplified wiring & beginning of infrastructure consolidation
15 Years Ago: Cisco introduced PoE and VoIP
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Trusted Wireless Enabled Mobility
10 Years Ago: WiFi with Trusted Wireless
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
BYOD Maximized Flexibility
5 Years Ago: Bring Your Own Device (BYOD)
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Next Generation Workspace and New Services enabled by the Network
Today: Workspace Transformation, Ent IoT & more
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Ready for the Business and IT Transformation?
New Connected Experiences
IT Simplicity and Programmability
Managed Cloud Services
BYOD and Mobility
Optimal Application Experience
78% The network is increasingly critical.
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The network is not ready for cloud**
The network is not ready for BYOD**
Policy for employee device access*
Ready for the Business and IT Transformation?
50% 41% 38%
*2012 Cisco IBSG Horizons Study **2013 Cisco Global IT Impact Survey
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Calling all Autobots!
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
With Cisco, You Can Have a Network That Drives Your Business
Making IT More Responsive to the Business Less Time on IT Operations, More Time on IT Business Innovation
One Management
One Network
One Policy
Simple
Secure
Lower TCO
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Catalyst Switches – from Access to Backbone! New products across the complete portfolio
Flexible, scalable, feature-rich
modular access
Enterprise backbone
optimized for 10/40/100G
LOWER TCO
END-TO-END SECURITY
APPLICATION VISIBILITY
INVESTMENT PROTECTION
PERFORMANCE & SCALE
Smart, simple, green & secure wired access
Catalyst 2960
Advanced fixed switching with
Unified Access
Catalyst 3850/3650 Catalyst 4500E with SUP8-E
Catalyst 6500/6800
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst Access Portfolio From essential connectivity to Unified Access for next-generation workspaces
UNIFIED WORKSPACE
• Secure, reliable access
• Low TCO & energy-eff icient
Competitiv e Feature Set at Compelling Prices
BYOD Video Mobility
Converged Wired/Wireless Access
• Scale and performance • Resiliency & high availability
• Application Visibility • Cisco TrustSec
Feat
ures
Scale
Cisco Confidential 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
STACKABLE SWITCHES
Catalyst Converged Access Switching Portfolio Industry-Leading Switching - Deployment Choices, Flexibility, Affordability
High-Performance Stackable Switch
Cisco Catalyst 3850
Access points supported
• Modular uplinks
Stacking bandwidth
MODULAR SWITCHES
Highly Adopted Switching Platform
Cisco Catalyst 4500E with Supervisor 8-E
• Modular 8 x 1 and 10 Gigabit Ethernet Uplinks
(928 Gbps)
Bandwidth Base Stackable Switch
Cisco® Catalyst® 3650
• 25 access points • 160G stacking bandwidth • Fixed uplink
Performance and Investment Protection
Adv
ance
d Fu
nctio
nalit
y
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
UADP ASIC in Catalyst 3850/3650 Enables Convergence
Built on UADP • Unified Access Data Plane • Unique and powerful Cisco innovation
• Hardware performance with software flexibility
• Optimized Performance • CAPWAP encapsulation/de-capsulation,
Flexible Netflow, QoS happens in ASIC for line rate performance
• Future Proofed and Programmable • Flexparser enables new software features
(like SDN) over the product lifetime • UADP is used across multiple platforms
• Catalyst 3850/3650, Sup 8E, WLC5760
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Wireless Control
System
Access Control Server
LAN Mgmt Solution
Identity Mgmt
NAC Profiler
Guest Server
Cisco Wireless LAN Controller
Cisco Firewall Cisco Access Point
Catalyst Switch
Corporate Network Internet
One Management Prime One Policy ISE
Conv erged Access Mode • Integrated wireless
controller • Distributed wired/wireless
data plane (CAPWAP termination on switch)
One Network
Internal Resources
Unified Access – Wired/Wireless on One Network
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NEXT GENERATION COMPACT
Extend the NetworkIdeal for Retail Kiosks, Classrooms, Conference Rooms, Hotel Suites…outside the wiring closet
Quiet but Capable Fanless with full-size capabilities, UpoE, Perpetual PoE, Mgig, DC powered
Flexibility in Deployment Nbase-T, Copper/Fiber, Standalone or Instant Access Mode, PnP with APIC-EM
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security Segmentation with Cisco TrustSec
Data Center Firewall
Voice Data Suppliers Guest Quarantine
Access Layer
Data Tag
Supplier Tag
Guest Tag
Quarantine Tag
Aggregation Layer
Business Policy:
Source Destination
Exec PC
HR Database
HR Database Prod HRMS Storage
Exec BYOD X X X X X
X
• Who can talk to whom • Who can talk to what systems • What systems can talk to other systems
• Simplifies policy implementation • Simplifies security operations • Accelerates business agility • Lowers network cost and
complexity
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart Operations Lower TCO
Zero Touch Deployments and Maintenance
NG Plug n Play Smart Install
Instant Access
• Softw are image & Configuration dow nloaded
• Consistent for Devices & PIN
• On-going Image Update and Configuration Backup
Easy Configurations for endpoints
Auto Smart Ports Auto Conf
Interface Templates
• Port Configuration: Applied
• QoS Policy: Enforced
• Security Policy: Enforced
Monitor and troubleshoot
Smart Call Home IPSLA
• Proactive diagnostics • Real time Alerts • Web-based reports • Routed to TAC team
Program the network
EEM, XML Programmability
• Ability to take custom actions based on syslogs/triggers
• Enhanced Flexibility and control
Reduce energy consumption
Energywise and EEE
• EEE ready • Energyw ise – Time of the
day policy based on/off of access devices
• 0 $ SKUs for energy management
APIC EM
Sleep Sleep Sleep
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
High Availability Protecting Business Continuity
StackPower Stateful SwitchOver Virtual Switching System
Physical Redundancy
• Redundant Pow er Supplies
• StackPower w ith 3850 • Redundant Fan Trays for
Chassis Systems • Redundant Supervisors
for Chassis Systems
Stateful Switchover
• Stackable Support: 3850 and 3650
• Intra-chassis support: 6800, 6500 and 4500
• Inter-Chassis support: w ith VSS
Network Resiliency
• NSF support for OSPF, EIGRP, ISIS, BGP
• NSF reduces forw arding table churn
• BGP PIC • Graceful Restart for IPv4
& IPv6 w ith various routing protocols
• OSPFv3 Non-Stop Routing
Upgrade Management
• ISSU for hitless softw are upgrade
• EFSU for minimal disruption during softw are upgrade
Infrastructure Redundancy
• VSS • Instant Access • Multi-chassis
EtherChannel (MEC) provides hardw are-based failover
• VSS Quad-Sup SSO w ith Sup2T
FlexStack+
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Multigigabit Ethernet Key Differentiators
Maintain Switch to AP Reach at Higher Speeds Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à Future proofed for higher speeds
Infrastructure Investment Protection Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield Supports Cat6a cabling for Greenfield deployments for higher speeds
POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs
Standards Compliant 1G and 10G BaseT IEEE standards, intermediate speeds WIP
4500E Multigigabit Line Card C3850 12 port and 24 port Multigigabit Compact Multigigabit switch 3650CX
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Auto-negotiation of cable type of speeds supported * § 0-55m: no restrictions § 55-100m: based on customer cabling infrastructure and configuration, there are some corner cases in which customers
will experience less than 100m support. In these cases, the system will automatically default to 2.5G (post-FCS SW release support)
Cisco Multigigabit Ethernet Cabling Support Maximum Investment Protection
Cable Type 1G 2.5G 5G 10G
Cat5e 100m 100m 100m * N/A
Cat6 100m 100m 100m 55m
Cat6a 100m 100m 100m 100m
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
This MUST be Autobot
technology.
Market: Why Gigabit Wi-Fi / 802.11ac now…!!!
Wi-Fi as Primary – Ethernet as Fallback
Connectivity
Wireless (53%) will bypass Wired traffic
(40%) by 20171
50% new devices will be 802.11ac by end of
2014, 75% by 20152
1 Cisco VNI Global Mobile Data Forecast 2012-2017, 2 AVI Research 3 Nemertes Research Global Mobile Research 2013
Wi-Fi Speed Gigabit Wi-Fi as Primary
No Price Premium over 802.11n
3X the Performance over 802.11n
2X the Battery Life over 802.11n
4SS Desktops
3SS Desktops / Laptops
2SS Laptops / Tablets
1SS Tablets / Smartphones
*Assuming 80 MHz channel is available and suitable
**Assuming 160 MHz channel is available and suitable
802.11 802.11n 802.11b 802.11a/g 802.11ac Wave 1
802.11ac Wave 2
2 11
24
54 65
600
450
300
6900** 6900**
3500**
2340**
1730** 1300*
430* 430*
= Connect Rates (Mbps)
= Spatial Streams SS
1997 1999 2003 2007 2013 2016 G
igab
it
Eth
erne
t Upl
ink
2 G
igab
it
Eth
erne
t Upl
inks
1 Spatial Stream
8 Spatial
Streams
2 Spatial Stream
4 Spatial
Streams
870*
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Improve Customer Experience • Mobile Insurance Agents • Enabling the “real-time” Agent
Improve Services Delivery • Mobile Staff and Services • Reach more of those you serve
Increase Sales • Mobile Sales Associates • Enabling the “real-time” in-store sale
Increase Production • Mobile Technicians and Engineers • Connecting the previously unconnected
Reach more Students • Mobile Faculty and Students • Enabling the always connected student
Treat more Patients • Mobile Physicians and Staff • Enabling the “real-time” Physician
Wi-Fi as Primary Connectivity Changes Everything
Cisco Confidential 37 © 2014 Cisco and/or its affiliates. All rights reserved.
Mobile Devices as the “Most Important” Technology
OF STUDENTS
OF EMPLOYEES
SAY A MOBILE DEVICE (LAPTOP, SMARTPHONE, TABLET) IS “THE MOST IMPORTANT TECHNOLOGY IN THEIR LIVES.”
SMARTPHONES ARE POISED TO SURPASS DESKTOPS AS THE MOST PREVALENT TOOL FROM A GLOBAL PERSPECTIVE
Cisco Confidential 38 © 2014 Cisco and/or its affiliates. All rights reserved.
Changing People
COLLEGE STUDENTS AND YOUNG PROFESSIONALS
CONSIDER THE INTERNET TO BE A “FUNDAMENTAL” HUMAN RESOURCE
OF COLLEGE STUDENTS
OF YOUNG EMPLOYEES
AND
SAY THEY COULD NOT LIVE WITHOUT THE INTERNET
Air Water Food Shelter WiFi/Internet
Why Cisco for Gigabit Wi-Fi / 802.11ac
Only AP manufacturer that built their own
Radio ASIC
Most CPU and Memory per AP in
the industry
Suite of High Client and Access Point
Density capabilities
Only Modular and Future Proofed Access
Point in the industry
Cisco Confidential 40 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Unique Gigabit Wi-Fi / 802.11ac Access Point Design
DRAM (512)
5GHZ Radio
CPU
DRAM (128) CPU
DRAM (128) CPU
2.4GHZ Radio
THE CISCO ADVANTAGE
More onboard CPU Processing and Memory than any other Access Point design in the industry – with no price premium over previous generations
Cisco High Density Experience (HDX)
*Future
Cisco CleanAir® 80Mhz Mitigates interference and improves channel capacity
Optimized Roaming Intelligently determines the optimum time to roam
Turbo Performance Improves the efficiency of airtime utilization and channel capacity
Cisco ClientLink 3.0 Improves legacy and 802.11ac Client performance
Noise Reduction* Enables Dense Access Point Coexistence / implementation
Industries Most Comprehensive Gigabit Wi-Fi Portfolio
Best in ClassMission Critical
802.11ac with HDX
802.11ac with HDX
802.11n with 802.11ac Module
ON-PREMISE
Fixed
Modular
CLOUD MANAGED
High-Performance
M R34 802.11ac
Fixed
Cisco Unified Access: The Foundation For Connected Mobile Experiences How It Works
GUEST PRESENCE GUEST EXPERIENCE
LOCATION ANALYTICS Insights into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density, etc.
GUEST ACCESS • Seamless and secure Wi-Fi connectivity
• Preferences, profile, device, and roaming credentials identif ied
Mobile devices and characteristics detected before they enter the venue
Highly relevant content and services based on user attributes and real- time location
ENGAGE CONNECT DETECT
RETAIL
CONNECTED CONSUMERS
Imagine The Possibilities Industry Use Cases
• Context-rich notifications
• Use of loyalty app encouraged
• In-venue high-value shopper engagement
• Indoor maps with featured attractions
• Personalized third-party advertising
• Special promotions
• Better planning for high-traffic areas
• Transportation updates, indoor directions
• Third-party advertising opportunities
• Café and gift shop orders and delivery
• Maps and wayfinding integrated into patient apps
• Nearby services notifications
• Campus maps and directions
• Stadium sales and athletic event experience
• Real-time bus maps
HOSPITALITY
CONNECTED GUESTS
TRANSPORTATION
CONNECTED TRAVELERS
HEALTHCARE
CONNECTED PATIENTS
EDUCATION
CONNECTED STUDENTS
Analytics That Aid Business Decisions
What Were the Peak Times in the Venue?
Wi-Fi Stats: Associated vs. Nonassociated Devices Most Frequently Used Paths in the Venue
Which Area Did People Spend Time In? Are They New or Repeat Customers?
Not All Gigabit Wi-Fi Solutions are Created Equal
802.11ac
All Gigabit Wi-Fi
Vendors
Improved Device Power Efficiency
Support More Devices Than 802.11n
Support Bandwidth Intensive Apps.
Increased Scale and Coverage
Improved Experience on ALL Devices
Optimized Wi-Fi Network
Cisco is the ONLY SOLUTION with High-Definition Experience
Technology (HDX)
802.11ac with HDX
Cisco Confidential 47 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Transform Your Network!
Cisco Confidential 49 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Digital Innovation Overwhelming the Branch
80%
30%
20-50%
BRANCH
OS Updates
HD Video
Omni-channel Apps
Mobile Apps
Online Training
SaaS Enterprise Apps
Social Media
Guest WiFi
Digital Displays
MORE USERS
MORE APPS
MORE THREATS
Of employee and customers are served in branch offices*
Increase in Enterprise bandwidth per year through 2018**
Of advanced threats will target branch offices by 2016 (up from 5%) **
*Tech Target, Branch Office Growth Demands New Devices., 2013 **Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2014 Update *** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
Cisco Confidential 50 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Branch Strategy
BRANCH
WAN LAN
Users Data Centers/ Cloud
Cisco Unified Access (UA) Connected Mobile Experiences
Cisco Intelligent WAN (IWAN) Converged Branch Infrastructure
Cisco ACI Automation, Orchestration,
Programmability
SECURITY
Cisco Confidential 51 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Strategy for Accelerating Branch Innovation
BRANCH
WAN LAN
Users Data Centers/ Cloud
Cisco Unified Access (UA) Connected Mobile Experiences
Cisco Intelligent WAN (IWAN) Converged Branch Infrastructure
Cisco ACI Automation, Orchestration,
Programmability
SECURITY
Cisco Confidential 52 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Intelligent WAN Vision
UNCOMPROMISED EXPERIENCE OVER ANY CONNECTION
Lower Costs
Application Experience
IT Simplicity
Private Cloud
Hybrid Cloud
Public Cloud
Secure Access
Any Application
Align Infrastructure to Better Business Outcomes
Any User
Cisco Confidential 53 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
High Performance Hybrid WAN
App-aware services with high performance; low cost
3G/4G
Internet
MPLS
Introducing New IWAN Innovations Elevating to an Application-Centric WAN
Secure Direct Internet Access
Automate WAN Provisioning
Purpose-Built Branch Infrastructure: Cisco ISR 4000 Series with Cisco ONE Software purchase options
Threat-centric services elevate branch defense
Centralized policy with distributed enforcement
APP
Public Cloud 365
NEW Intelligent Path Selection Akamai Connect NEW
Sourcefire IDS CloudWeb Security NEW
IWAN App with APIC Open Ecosystem
Cisco Confidential 54 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application-Aware Services Maximize Apps Experience and Bandwidth Use
Intelligent Path Selection (PfRv3) Akamai Connect
High Quality Experience Over Any Connection
Simple application-based policies One-touch, hub-only configuration
Enabling New Digital Experiences
Intelligent web caching Content prepositioning
Dramatically offloads WAN
Now Shipping Now Shipping
3G/4G
Internet
MPLS
ISR-AX
NEW
Cisco Confidential 55 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Threat-Aware Services Comprehensive Branch Threat Defense
Sourcefire IDS on UCS-E Cloud Web Security with Advanced Malware Protection
Delivers Branch Defense 99% protection against attacks
Most powerful detection software
Secure Internet Access Scale Internet edge to the branch
Address full attack continuum
Limited Availability 2HCY2014
Available 1HCY15 NEW NEW
Cisco Confidential 56 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4000
Service Aware Data Plane for Efficient traffic handling
Converged Branch with UCS E-Series Integrated network, compute, storage
Virtualized Services Framework Flexible virtualized application services
Pay-as-You-Grow Performance and services on demand
Re-designed Architecture For Branch Agility
Cisco Confidential 58 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Identity Services Engine (ISE)
NETWORK / USER CONTEXT
How
What Who
Where When
Access Policy Compromised
Device CXO Level
Secure Access
BYOD Employee
User
Guest Visitor
INTEGRATED PARTNER ECOSYSTEM
ü MINIMIZE NETWORK UNKNOWNS ü REDUCE YOUR ATTACK SURFACE
ü ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL ü CONTAIN MALICIOUS NETWORK THREATS
Role-Based Secure Access with ISE Confidential
Patient Records
Internal Employee Intranet
Internet
ü Acquires Important Context & Identity from the Network ü Implements Context-Aware Classification & Policy ü Provides Differentiated Access to the Network
Who: Guest What: iPad Where: Office
Who: Doctor What: Laptop Where: Office
Who: Doctor What: iPad Where: Office
Cisco Confidential 60 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enterprise Mobility Management Integrations Enforce True Device Compliance for All Mobile Devices
Sees ALL devices on the network
Requires devices to comply with EMM policy
Provides guest access to non-EMM devices
Sees unregistered devices on the network?
Forces EMM Policy Compliance?
Keeps noncompliant devices off network?
ISE + EMM Together
EMM Secures Actual Device
Cisco ISE Secures Network Access
SOLUTION
Cisco Confidential 63 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Prime Infrastructure Realizing the Vision of One Management
Campus Branch to DC Day 0 to Day N Application-Centric
Data Center Assurance
Lifecycle Converged management with integrated best practices
Simplified operations management
End-to-end application experience and visibility
Cisco Confidential 64 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless Management Get Comprehensive Configuration and Operational Productivity
§ Discovery, inventory, SWIM, compliance – PSIRT
§ Controller and access point deployment, configuration audit
§ Network configuration, guest access, RRM
§ Integration with Cisco® MSE and ISE
§ Maps-based planning for access point placement
§ Sites and virtual domains
§ Rogue, security, voice audit, mesh
§ Performance reporting and fault management
§ End-user troubleshooting – authentication and access
§ Users and devices, and applications
§ Client tracking
§ Visualization of users, rogues, interferers through maps
Network Configuration Network Health Troubleshooting
Cisco Confidential 65 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network and Application Assurance
Switch Management with Cisco Prime Infrastructure
Plug and Play (New device in network)
Discovery and
Inventory
Configuration
Archive and SWIM
Fault Managem
ent (Syslog
and Trap Processing
)
Performance
Management
Configuration
(Features: ACL, VLAN, etc)
CAT2960
CAT 3560, 3650, 3750, 3850
CAT4500 CAT 6500,
CAT6800
EEM Trustsec
Work Center
Wireshark Quality of Service
User Tracking
EoL/EoS Reports
Lifecycle Management
Platforms Supported
Network Configuration and Health
Cisco Confidential 66 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network and Application Assurance
Router Management with Cisco Prime Infrastructure
Plug and Play (New device in network)
Discovery and
Inventory
Configuration Archive and SWIM
Fault Management (Syslog and Trap
Processing)
Performance
Management
Configuration
(Features: VPN, ACL, VLAN, etc)
ISR 800
Series ISR G1 Series
ISR G2 1900 2900 3900
ISR 4300 4400
ASR 1000
Series
DM-VPN
AVC –Visibility
and Performanc
e
Performance Routing
Quality of Service
Zone based firewall WAAS
Lifecycle Management
IWAN Management
Platforms Supported
Network Configuration and Health
Cisco Confidential 67 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Simplified IWAN Management
Guided Workflow to help design and deploy IWAN on your branch
or hub
Cisco Confidential 68 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Highlights – Application Experience Service Health Dashboard for Sites, Users and Applications
• Automated Baselining
• Proactive Performance Troubleshooting
• Service Health Dashboard
• AVC Configuration for ISR/ASR
• One-click AVC Configuration
• AVC Monitoring Customization
• NBAR2 Custom Applications
• Embedded Packet Capture for ASR
• Top URL/Domain Views
Cisco Confidential 70 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
You Can’t Protect What You Can’t See The Network Gives Deep and Broad Visibility
010101001011
010101001011
010101001011
010101001011
Cisco Confidential 71 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NetFlow – The Heart of Network as a Sensor Example: NetFlow Alerts With Lancope StealthWatch
Denial of Service SYN Half Open; ICMP/UDP/Port Flood
Worm Propagation Worm Infected Host Scans and Connects to the Same Port Across Multiple Subnets, Other Hosts Imitate the Same Above Behavior
Fragmentation Attack Host Sending Abnormal # Malformed Fragments.
Botnet Detection When Inside Host Talks to Outside C&C Server
for an Extended Period of Time
Host Reputation Change Inside Host Potentially Compromised or
Received Abnormal Scans or Other Malicious Attacks
Network Scanning TCP, UDP, Port Scanning Across Multiple Hosts
Data Exfiltration Large Outbound File Transfer VS. Baseline
Cisco Confidential 72 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ The StealthWatch System . . . § Collects and analyzes NetFlow data and brings it together with user
information, application awareness, and other security context to provide pervasive visibility and security intelligence across the network.
§ StealthWatch helps organizations: § Accelerate incident identification and response. § Improves forensic investigations. § Reduces overall enterprise risk.
What is the StealthWatch System?
72 1/30/2
Cisco Confidential 73 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Use Case – Defense against Data Breaches Anatomy of a Data Breach Network as Enforcer
enterprise network Attacker
Perimeter (Inbound)
Perimeter (Outbound)
Infiltration and Backdoor establishment 1
C2 Server
Admin Node
Reconnaissance and Network Traversal 2
Exploitation and Privilege Elevation 3
Staging and Persistence (Repeat 2,3,4) 4
Data Exfiltration
5
Cisco Confidential 74 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What Can the Network Do for You? Network as Sensor
Detect Anomalous Traffic Flows, Malware e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration
Detect App Usage, User Access Policy Violations e.g. Maintenance Contractor Accessing Financial Data
Detect Rogue Devices, APs and More e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach
Cisco Unified Access Portfolio Robust Converged Wired And Wireless Solution
Cisco Unified Access
One Policy
Cisco® Identity Services Engine (ISE)
Cisco Prime™ Infrastructure
One Management
One Network
2960X/XR
En try-level S witches
S witching Platform
4500-E w/Sup. 8-E
S tackable Switches
3850 3650
Co ntrollers and Converged Access Switches: Common OS, UADP ASIC
Access Points
1600
S mall to Midsize En terprise
2600
Fe ature-Optimized En terprise
3600
M idsize to Large En terprise
3700 w/HDX
H igh-Density En terprise
1530
Lo w P rofile
1550
Larger De ployments
MDM SIEM
Thank You and Next Steps
Brian Avery [email protected]
Contact Your Cisco Partner https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
www.
Learn more at: http://www.cisco.com/go/unifiedaccess
• CCE sessions are held weekly on a variety of topics
• CCE sessions can help you understand the capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event