Cisco Mobility UpdateMobility in DoD “I have a biggp g p p y push right now to provide mobile capability to our soldiers…This capability is based on smart phone technology, enabling

CiscoCisco Mobility UpdateStrengthening the Mission Through Mobility Solutions

Enhance, Extend & Enforce the New Edge

Tim St. Laurent, CISM, CISSPtim stlaurent@cisco com

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1

[email protected]) 703.484.0097

http://www.youtube.com/watch?v=HMUzQgqvaZw


Takeaways for TodayTakeaways for Today

Understanding of Mobility Solutions and Capabilities for DoD and How They Can Meet Mission Requirements

Wireless Technology Update Wireless Technology Update

Update on Cisco’s Mobility Portfolio and DoDCertificationsCertifications


Mobility in DoD

“I have a big push right now to provide mobile capability to our g p g p p ysoldiers…This capability is based on smart phone technology, enabling users to wirelessly access their AKO/DKO accounts…Go Mobile truly gives our soldiers the ability to take their office withMobile truly gives our soldiers the ability to take their office with them wherever they go.”

G i i Offi A O SGary Winkler, Program Executive Officer, Army PEO-IS Interview with Defense Systems


Is Mobility Mission Critical?Is Mobility Mission Critical?

Next Gen Wireless Video & Ubiquitous

Business applications have gone mobile Wireless is evolving to meet needs for high performance,

pervasive connectivity

Mobile Data Email

Business Ready Voice and Data

mobile computing pervasive connectivity

Point Applications Inventory Management Barcode Scanning

Web browsing

802.11n300Mbps

802.11b11Mbps

802.11ag54Mbps


p802.112Mbps

The Lines Are BlurringUsers Expect Consistent Application Performance

Wireless Network

Users Expect Consistent Application Performance

Ubiquitous FlexibleSimplep

Wired Network EstablishedReliableHigh Performing

User Connectivity Independent of Network Platform but with


y pConsistent Security Policy, Identity, and Authentication

Built for the Federal GovernmentBuilt for the Federal Government

Over 20 Wireless Product FIPS 140-2 CertifiedOver 20 Wireless Product FIPS 140 2 Certified Only Enterprise WLAN to be Common Criteria accredited against

the WLAN Access Protection Profile Full Commitment to future products Full Commitment to future products

Updating Common Criteria 5508 & Next Gen AP FIPS 140-2 Committed/In process Satisfy Applicable DISA STIGs

Scheduled for JITC testing in April


M bilitMobility Architecture to Support Advanced

Next Generation

WLAN

Working Smarter Through Advanced

ApplicationsWLAN g

Mobility


Advanced Applications on the WLANAdvanced Applications on the WLAN

Context Aware/Asset Tracking

Adaptive wIPS

Guest Access

UC

Physical Security

COOP

Mobile Video


Context AwareContext AwareandAsset Tracking


Location Tracking Options: RFID Tags Cisco 3300 MobilityS i E i

RAP

Services Engine

Wireless LANController Open API

Aeroscout Mobile View

Depot

Intelligent Network

MAPMAP

Cisco Wireless Control System

Wi‐Fi TDoA Receiver

TDoA TDoA

Wi‐Fi TDoAReceiver

Truck has Aeroscout RFID Tag

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11

Forklift has Aeroscout RFID Tag

Forklift has Aeroscout RFID Tag

Context AwareImprove Security EnforcementImprove Security Enforcement

Use contextual information to enforce security policies and improve user experience

Unsecure Area

Wireless Use enforcement

Secure Area

! ALERT


AeroScoutManagement Demo


Wi l I t i P tiWireless Intrusion Prevention and Detection


DoD Instruction 8420.01DoD Instruction 8420.01

Section 4.E – Policy“Unclassified and classified DoD wired and wireless LANs shall have a wireless i t i d t ti bilit th t bintrusion detection capability that can be used to monitor WLAN activity and identify WLAN-related policy violationsidentify WLAN-related policy violations, implemented in accordance with section 5 of Enclosure 3 of this Instruction.”


Location-Aware SecurityPlotting Rogues on Building Map

Accurate Leverages both wIPS APs and data

APs for high-fidelity location

Informative Rogue icons indicate severity of

d iti ti t trogue and mitigation state

Cost-EffectiveL ll th AP i Leverages all the APs in your network – no need for additional/separate APs


Secure Guest Access


Guest Access Drivers

Source: Infonetics


Types of Network UsersTypes of Network Users

Department Contractors/ Guests/TransientDepartmentEmployees

• Need restricted

Contractors/Consultants

Guests/TransientUsers

• Need internal network access

• Can be role

• Need restricted internal access

• Printers

Fil h

• Internet access only

• No need to based to allow granular access if needs require

• File shares

• Specific applications

access internal systems

• Segment access • Device support completely

F ll I t t


FullAccess

InternetOnlyCisco Guest Access gives you control

Components of a Guest Access SolutionComponents of a Guest Access Solution

NETWORKNETWORK InternalInternal •Tunnels or VLANs•Tunnels or VLANs

IT Admin FunctionsNETWORKNETWORK

SEGMENTATIONSEGMENTATION

USER POLICYUSER POLICY

GuestGuest•Tunnels or VLANs•Tunnels or VLANs

• Differentiated access and resourcesb

• Differentiated access and resourcesb

E l F tiUSERUSER

USER POLICY USER POLICY MANAGEMENTMANAGEMENT

by user• Provisioning rules by user

• Provisioning rules

Guest provisioningGuest provisioningEmployee FunctionUSERUSERPROVISIONINGPROVISIONING

• Guest provisioning web portal

• Guest provisioning web portal

G t i t tG t i t tGuest User FunctionUSERUSERLOGIN PORTALLOGIN PORTAL

• Guest user intercept web auth portal

• Guest user intercept web auth portal


IT Admin FunctionREPORTING, REPORTING, BILLINGBILLING

• Audit trails• Billing integration• Audit trails• Billing integration

Physical Security


Leveraging IP InfrastructureEnd User Desk

Security Operations Center

Depot Intelligent IP Network

Depot Surveillance

Network Operations Center


Missing Truck

http://www.youtube.com/watch?v=O3wTxgaS5SI

Intermec/Cisco Demo

p y g


Unified Communications


Unified CommunicationsUser ExperienceUser Experience

• Single Number Rings all phones• Seamless transfer to Mobile phone• One Voicemail box with Message Waiting Indicator for all devices• Follow me phone profile, secure phone logon• Soft client escalation from chat, to voice, to video, to conferencing


• Unified Directory

COOP/Remote Access


OfficeExtend for COOP - Solution Highlights g g

Features Scalable up to 250 APs per

Office Extend Scalable up to 250 APs per

Wireless Controller WCS provisioning for mass

deployment y Personal SSID for non-

corporate use Ease of deployment with no Key Benefits

special configuration needed on the Wireless Controller

Encryption of data at line rate, no encryption module needed

Secure, convenient, cost-effective tele-worker solution enabling a consistent mobility experience no encryption module needed

Supports UC wireless phones experience

Ease of deployment for IT; plug and play for end user

802 11 d 1140 AP d 1130


802.11n ready 1140 AP and 1130 AP supported

Office Extend Solution for COOP

AgencyOffice

Take the agency network with you

Home, Remote DR

location Take the agency network with youseamlessly and securely

S E ti

Internet

Secure Encryption

WirelessController

with WPLUS

Internet

OfficeExtend AP

SecureSimpleC t Eff ti

Secure DTLS VPN between AP and Agency network over the WANAP can call home to automatically set up secure DTLS tunnelReduce costs through telecommuting, reduced cell phone


Cost Effective Reduce costs through telecommuting, reduced cell phone charges, and lower OpEx

Mobile Video


Mobile VideoTraditional Wireless Not Optimized for VideoTraditional Wireless Not Optimized for Video

The typical employee is expected to view more than 9.8 hours per month of enterprise video in the next two years:

Can’t deliver multicast video at scaleVideo overloads network and degrades other application performance

month of enterprise video in the next two years:

Video Streaming Without Reliable Multicast

WLC SWITCH

2 MBPS

WLC SWITCH

AP APAP AP


POOR PERFORMANCE

POOR PERFORMANCE

Mobile Video Traditional Wireless Not Optimized for VideoTraditional Wireless Not Optimized for Video

Reaching employees, partners and customers with critical information wherever they may be improves user experiencewherever they may be, improves user experience

CRITICALITY LEVEL:HIGH

Video Streaming With Reliable Multicast

WLC SWITCHWLC SWITCH

ADMISSIONCONTROL

APAP APAP


VIDEONOT

AVAILABLE

GREAT PERFORMANCE

GREATPERFORMANCE

GREATPERFORMANCE

Mobility Architecture to Support Advanced

Next Generation

WLAN

Working Smarter ThroughAdvanced

ApplicationsWLAN Through

Mobility


Cisco Unified Wireless NetworkArchitecture OverviewArchitecture Overview

802.11n and 802.11a/g Highly scalable

Wireless Control System (WCS)

Mobility Services Engine (MSE)

Highly scalable Real-time RF visibility

and control Monitor and migrate

standalone accessWireless

LAN Controller

System (WCS) standalone access points

Easily configure– WLAN controllers

using SNMP– Access points

using CAPWAP

Built-in support for Mobility Services

Conte t A are802.11n

St d l

Lightweight Access Points

– Context–Aware Services (Location)

– Adaptive Wireless Intrusion Prevention System (wIPS)

Wi d d i l

Standalone Access Points


Wired and wireless guest accessClient Devices

and Wi-Fi Tags

Cisco Next-Generation PortfolioB t f B d P f R li bilit d M bilitBest-of-Breed Performance, Reliability, and Manageability

5500 Series Wi l C t ll

Aironet 1140 and 1250 S i A P i t

Simplified Operations—WCSWireless ControllerSeries Access Points

Scalability for 250 APs; thousands

802.11n performance with standard PoE

Operations WCS Management

Consistent, flexible user interfaceAPs; thousands

clients

Flexibility for any network topology

with standard PoE

Simple deployment for offices

user interface

Historical trending and reporting


What Painpoints Does 802 11n Solve?What Painpoints Does 802.11n Solve?

Better end-user experience for data, voice and

Throughput—Up to 6 times greater than existing networks Reliability—Fewer packet retries

video

Reliability Fewer packet retries Predictability—Consistent coverage and throughput Compatibility—Backwards support for 802.11a/b/g clients

F P fi G d I bili T d/V lid d Future-Proofing—Guaranteed Interoperability –Tested/Validated


Existing 802.11n Solutions Beam Strength Not Directed to Client

802 11 / Beam StrengthX

Beam Strength Not Directed to Client

802.11a/g Beam StrengthX

802.11n


802.11a/g Client Connection Not Optimized, Creates Coverage Hole

Cisco M-Drive with ClientLinkCisco Innovation: Beam Forming Intelligence

802.11a/g

Cisco Innovation: Beam Forming Intelligence

Beam Forming

802.11n

Innovation delivered from Cisco AP silicon

Not available in off-the-shelf access points


ClientLink uses Beam Forming to Direct Signal to Improve Performance and Coverage for 802.11a/g Devices

Reduced Coverage Holes

ClientLink Disabled ClientLink Enabled

Lower Data Higher Data


Lower Data Rates

Higher Data Rates

Source: Miercom; AirMagnet 6.0 Iperf Survey

Cisco 5500 Series Wireless ControllerOptimized for 802 11nOptimized for 802.11n

Integrates seamlessly into the Cisco Unified Wireless Network

Optimized for 802.11n

Combines with the Aironet 1140 and 1250 Series and WCS 6.0 to deliver the industry’s leading 802 11 l i802.11n solution

Supports Cisco M-Drive technology including BandSelect

Specifications At-a-Glance

Access Points 12 - 250technology including BandSelectand ClientLink

New licensing allows for scale-d f t

Devices > 7,000

Mobility Scale 18,000 APs in Mobility Domain

Form 1 RU Appliance


as-you-grow and feature flexibility

Form 1 RU Appliance

Interfaces 8 GigE Ports

Cisco Wireless Control System (WCS)Comprehensive WLAN Life-Cycle Managementp y g

Features

Wireless Control System

Easy-to-use intuitive GUI Suite of design and coverage assessment

tools Wide array of customizable configuration

t l t

PLANNINGREPORTING

templates Hierarchical maps of all locations

Search and security tools ever-present Built-in client troubleshooting tools

Fl ibl tiTROUBLESHOOTING DEPLOYMENT

Flexible reporting

Benefits Lower OPEX and CAPEX

Complete visibility and control of theMONITORING Complete visibility and control of the RF environment

Consolidate life-cycle management into a single platform

Easy trending, capacity planning and troubleshooting

MONITORING


troubleshooting

Introducing A Practical ApproachCentralized Scalable Mobility ServicesCentralized, Scalable Mobility Services

Unified API enabling Enterprise 3.0 Services and Applications Platform

3300 Series Mobility g papplications

Common Framework for Multiple Service

S yServices Engine

Ease of deployment and efficientallocation of CapEx

Common Framework for Multiple Service

Allows Transport and Applicationsto evolve independently

Abstraction layer with CAPWAP/NMSP

Accelerate development andEco-system of Application Partners


Accelerate development and deployment of customized solutions

MobilitMobility Architecture to Support Advanced

Working Smarter Through

Next Generation

WLANAdvanced Applications

gMobility

WLAN


Evolving TrendsPlace New Pressures on IT ResourcesPlace New Pressures on IT Resources

IT Consumerization/Device Growth

Device Management

Troubleshooting

Bandwidth DemandBandwidth Demand

Ubiquitous Access

Applications Anywhere

Ubiquitous Access

Security Policy

Services Delivery

Distributed Networks


“Work” as a Function, Not as a Place Distance Constraints

User Expectations

Simple Intuitive ManagementC t li d RF d S t M tCentralized RF and System Management

Can I see how good my wirelessCan I see how good my wireless coverage is?

Can I detect interference from cordless phones and microwaves?

Can I ensure my network is voiceready?

Can I locate rogue access points?g p

Can I centrally control all aspects of my WLAN?

C I WLAN ti fiCan I ensure my WLAN satisfies Security Policy?

Predictive Floor Maps

CleanAir TechnologyVoice Planning ToolsWireless Intrusion Prevention

Centralized Command & Control

Security Dashboard


Floor MapsPreventionCommand & ControlDashboard

Simplify Spectrum ManagmentTo Optimize the User ExperienceTo Optimize the User Experience

User Has Poor Application Experience

Calls IT Support InterferenceDetected Classifying… Item: Microwave Move Microwave

Only Cisco Wireless Offers Integrated RF Management Tools

Spectrum Expert


Only Cisco Wireless Offers Integrated RF Management Tools That Help Reduce Trouble Tickets due to RF Interference,

Without Dedicated RF Expertise In-House

Simplify Security – Meet PolicyEasily Track and Defend Against AttacksEasily Track and Defend Against Attacks

Integrated Security—No Overlay Network RequiredComprehensive Threat Detection Classification Mitigation

Rogue AP[Low Severity]

Comprehensive Threat Detection, Classification, MitigationSatisfies DoD Policy

[High Severity]

Rogue AP Location Detected Remove Rogue

ClientClient

Client


Authorized APClient

Partnership with Intel… (http://www.youtube.com/watch?v=8WPBMBz9n7A)


AssureWave Established 2007 in San Jose, CA

– To harden Cisco software for our

Provides cross vertical benefits– Focused on the features most

l d i k i d tcustomers– Provides an additional layer of customer

focused testing on targeted releasesAssureWave Certification above and

commonly used in key industry verticals

– Solutions Test initiative in the Wireless networking BU at Cisco focused on certifying releases for real– AssureWave Certification—above and

beyond what pre-FCS testing groups execute

Internal and external collaboration

focused on certifying releases for real business solutions

– Enable Partners within Wireless Ecosystem vendors to certify wireless solutions

– Internal test teams (Regression/ Development/ Systems)

– Customer focused test teams (Safe H b / G ld b id / NSITE)

solutions– Testing is continually updated to

reflect changes in customer’s networks by interaction with customers and account teamsHarbor/ Golden bridge/ NSITE)

– Customer Advocacy (CAPs / TAC / AS) – Direct customer meetings

customers and account teams


– Account teams (SE/ AM)– CMO Team– EBCs / TABs / SEVTs

www.cisco.com/go/assurewave

Customer – BenefitsCustomer Benefits

Increase customer confidence in new systems/solutions deploymentdeployment

Certified releases provide safe-landing for customers averse to risk

Definitive source for proven network configurations and software versions (ecosystem partners)

Interoperability issues found with wireless eco-system partners & fixed before they become major issues in the fieldthe field

Accelerate customer deployment


AssureWave PartnersAssureWave Partners

Solution Vertical Partners Solution Vertical Partners


Proven Wireless Track Record

WLAN Market Leader in Gartner Magic Quadrant 2008Quadrant 2008

65% WLAN Market sharePubic company with 8 times revenues of next p ycompetitor

Over 6 million access points sold

Use Cisco WLAN Solutions:96% of the Fortune 10009 of 10 Fortune 100 Financial Services98% of Fortune 100 Retail9 of 10 Fortune 100 Manufacturing8 of 10 Fortune 100 Energy


8 of 10 Fortune 100 Energy9 of 10 Top 300 Hospitals

Cisco on Cisco – Experience Deploying an Enterprise Class Wireless Architecture

• Comprehensive Entitlement• 65 000+ employees contractors vendors & temp employees65,000+ employees, contractors, vendors & temp employees• 100,000+ Wireless Devices• Dual Mode Phones Services

L ti B d S i• Location Based Services

• Ubiquitous Coverage• All Cisco sites 400+ have pervasive WLAN coverage• 100% of floor-space covered, including stair-wells and rest rooms• Complete Coverage for Wireless Voice• Guest Access Coverage for Any FacilityGuest Access Coverage for Any Facility

• Extensive Adoption• 97% of Cisco Employees Use the WLAN on a Daily Basis


• 75% of Cisco Employees See the WLAN as “Critical” for their Daily Business

Call to ActionCall to Action and Q&A


© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 54

www.cisco.com/yourideasinmotion

Documents

Cisco Mobility UpdateMobility in DoD “I have a biggp g p p y push right now to provide mobile capability to our soldiers…This capability is based on smart phone technology, enabling