Upload
cisco-public-sector
View
291
Download
6
Tags:
Embed Size (px)
Citation preview
Local Edition
Cisco Unified Access
Corey Turner, Systems Engineer
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Agenda
• Introduction
• One Network – Cisco Switching Innovations
• One Policy – Cisco ISE
• One Management – Cisco Prime Infrastructure
• Conclusion
2
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
12,000+ Apple Macs
20,581 Apple iPhones 3.9% Growth
73 Million Online Meetings a Year
6700+ Linux Desktops
87,000+ Microsoft Windows PCs
12,290 RIM BlackBerry Devices
-1.6% Growth
2185 Other Devices -3.8% Growth
5234 Android Devices
9.5% Growth
8144 Apple iPads
2104 Cisco Cius™ Tablets
Why Unified Access? Cisco on Cisco Client Mix
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
*Cisco VNI Study 2012
of “things” are unconnected
Traffic Growth
Transition to Cloud*
Mobility
of Traffic (Video over Mobile Devices)*
Intelligent
Device Growth
BYOD
Programmable
Mobile and Cloud
Simple
We Are Entering the Age of the Internet of EverythingThe Network Is the Platform to Connect the Previously Unconnected
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Unified Access Uncompromised User Experience in a Simplified Environment
U n i f i e d A c c e s s
One Management
One Network
One Policy
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Cisco Unified Access
Cisco Unified Access Portfolio Robust Converged Wired and Wireless Solution
1600
Small-Mid Enterprise
2700
Feature-Optimized Enterprise
3600
Mid-Large Enterprise
3700 W/ HDX
High-Density Enterprise
1530
Low Profile
1550
Larger Deployments
8500, 5760, 5508
Wireless Controllers
Backbone Switches
Catalyst 4500
Converged Access Switches
Catalyst 3650
Catalyst 3850
One Network Controllers & Access Switches
Access Points
Catalyst 6800 Catalyst 6500 Catalyst 2960-X
Access Switch
Identity Services Engine (ISE)
Prime Infrastructure
One Policy
One Management
MDM/MAM SIEM
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Agenda
7
• Introduction
• One Network – Cisco Switching Innovations
• One Policy – Cisco ISE
• One Management – Cisco Prime Infrastructure
• Conclusion
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cisco Switching Innovations: Innovative, Intelligent Services
Application Visibility & Control
Energy Management
Catalyst SmartOperations Advanced Security
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Innovation: Cisco Application Visibility & Control
NetFlow Ecosystem
End-to-end Visibility
Flexible NetFlow
Medianet
Wireshark Integration
MSI/MSP+ CDP/LLDP
- Smart network and smart media services - Faster troubleshooting for cost savings - High quality user experience
Metadata Database
10.4.5.3 10.3.4.5 1200 2000 Telepresence
20.1.1.1 30.1.1.1 1500 1600 Surveillance
Packet Drops
Core
- Better planning with customized traffic monitoring - Extensive visibility, scalable from layer 2 to 7 - Enhanced anomaly and security detection
- Deep dive network traffic analysis - Accelerated problem resolution - Built-in IOS capability for OpEx savings
- Source - Destination - Timing - Application/user profiling
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Innovation: Energy Management
EnergyWise Ecosystem Partners
Building Management
Systems
Energy Management Applications
MANAGEMENT APPLICATIONS
EnergyWise SDK devices Building Protocols
EnergyWise Management API
Network Management Applications
POE / POE+ / UPOE devices without SDK
IT Devices Building Devices
Cisco Catalyst Switching Network
POE / POE+ / UPOE Support Gateways
Management API
SDK
EnergyWise POE/POE+/UPOE EEE
- Open approach for both IT and building devices - Industry leading solution - Lower TCO
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Auto Smartports Plug and Play
for Endpoint Devices
Smart Call Home Intelligent Network Issue
Resolution
Innovation: Cisco Catalyst SmartOperations
Smart Install Zero Touch Deployments
and Maintenance
New Switch Installed Software image: automatically downloaded Switch configuration: automatically applied
Endpoint Device Plugged In Port Configuration: Applied QoS Policy: Enforced Security Policy: Enforced
Anomaly Detected Proactive diagnostics: Finished Real-time alert: Created Web-based reports: Generated Responsible TAC team: Routed to Remediation: Completed
Director
Switches
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Innovation: Advanced Security
Switch-level Security - Layer 2 security: Port security, Dynamic ARP inspection … - Layer 3 security: Dynamic ACLs, 802.1X … - Device Sensor … End-to-end Network Security - ISE Integration: consistent policy - TrustSec/Security Group Tag: context-aware security - MACsec: network-wide encryption
Identity Services Engine (ISE)
What
Where
How Who
IDENTITY
When
Context-aware decisions
Resource Switch Switch User
IP source guard
uRPF
Device Sensor Dynamic ARP Inspection
Port Security
802.1X, web/MAC authentication
RADIUS/TACACS+ IP source guard
IPv6 First-Hop Security
Private VLANs
Switched Port Analyzer
Bridge Protocol Data Unit Guard
Secure Shell, Kerberos
SNMPv3
ISE Integration Security Group Tag
MACsec
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Catalyst 2960-X/XR Series Access Switches Next Generation Catalyst 2960 Access Switches
Doubling Everything At Same Price
Application Visibility and Control
Layer 3 Routing
Investment Protection
Most Deployed Switch In the World
Greenest Switch Ever
Stack units, Bandwidth and more
Now with NetFlow Lite
RIP, OSPF, EIGRP Stack with Existing 2960-S/SF
Up to 80% Savings
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Cisco Catalyst 3850 Series Switch
Best-in-class fixed, stackable switch - High performance 24/48 port GE switch with 480 G stacking - Granular, hierarchical bandwidth management
Converged wired + wireless - Single platform with built-in wireless controller - Up to 40 G wireless throughput - Support for 802.11ac
Distributed intelligent services - Flexible NetFlow on all ports - TrustSec and MediaNet - Resiliency (Stateful Switch Over) - SmartOperations
Foundation for Cisco Open Network Environment - Unified Access Data Plane (UADP) ASIC - OnePk for wired and wireless service
The Intelligent Platform for a Connected World
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cisco Unified Access for Catalyst 4500E
Catalyst 4500E Supervisor 8E Wired and Wireless Convergence for Chassis Switches
INVESTMENT PROTECTION Existing Chassis and Line Cards
INNOVATION UADP ASIC
SIMPLICITY UNIFIED ACCESS
One Network, One Policy One Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Reinventing the Backbone with Catalyst 6800 Built on Catalyst 6500 DNA
Catalyst 6500 DNA Most Deployed Campus Backbone Switch
800,000+ Chassis & Counting 120+ Million Ports & Counting
20x Deployment Than the Nearest Competitor
Built for NextGen Services Built for Simplicity and Programmability
Built for NG Scale, Performance & Services Built for Unified Access
Built to Preserve Catalyst 6500 DNA
Best of Both Worlds | Full Investment Protection Cisco Catalyst 6800
Catalyst 6807-XL Catalyst 6880-X
Catalyst 6880ia
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Agenda
• Introduction
• One Network – Cisco Switching Innovations
• One Policy – Cisco ISE
• One Management – Cisco Prime Infrastructure
• Conclusion
17
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Prime Infrastructure
Cisco WLC
3rd Party MDM Appliance
MDM Manager
Wired Network Devices
Cisco Catalyst Switches
Office Wired Access
Office Wireless Access
ISE
Remote Access
ASA Firewall
PrSM / ASDM
Cisco Identity Services Engine and Cisco Prime: Enabling Network Policy & Configuration Management
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Putting the End User in Control Simplified On-Boarding for BYOD
• Reduced Burden on IT Staff – Device On-Boarding – Self Registration – Supplicant Provisioning – Certificate Provisioning
• Self Service Model – myDevice Portal for registration – Guest Sponsorship Portal
• Device Black Listing – User initiated control their devices, black-listing, re-instate
device, etc) • Support for:
– iOS – MAC OSX – Android – Windows
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Guest Policy
Context Awareness: Guest Management
Guests
Web Authen,ca,on
Wireless or Wired Access
Internet-‐Only Access
Provision: Guest Accounts via Sponsor Portal
No+fy: Guests of Account Details by Print, Email, or SMS
Manage: Sponsor Privileges,
Guest Accounts and Policies, Guest Portal
Report: On All Aspects of Guest Accounts
Internet
ISE Guest Service for Managing Guests
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Personal iPad Policy
[restricted access]
Access Point Printer Policy
[place on VLAN X]
Context Awareness: Device Profiling
DEPLOYMENT SCENARIO WITH CISCO IOS SENSOR COLLECTION Switch Collects Device Related Data and Sends Report to ISE
CLASSIFICATION ISE Classifies Device, Collects Flow Information and Provides Device Usage Report
AUTHORIZATION ISE Executes Policy Based on User and Device
Efficient Device Classification Leveraging Infrastructure
CDP LLDP DHCP MAC
Printer Personal iPad ISE
CDP LLDP DHCP MAC
DEVICE CLASSIFICATION Profiling for both wired and wireless devices
POLICY
Access Point
The Solution
Automated Device Classification Using Cisco Infrastructure
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Cisco Identity Services Engine
• Identity Services Engine for Advanced Policy Management
IDENTITY PROFILING
VLAN 10 VLAN 20
Wireless LAN Controller
DHCP RADIUS
SNMP NETFLOW
HTTP
DNS
ISE
Unified Access Management
Access Point
802.1x EAP User
Authentication
HQ
2:38pm
Profiling to identify device
Full or partial access granted
Personal asset
Company asset
Posture of the device
Policy Decision
4
5
6 Enforce policy in the network
Corporate Resources
Internet Only
1
2
3
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Agenda
• Introduction
• One Network – Cisco Switching Innovations
• One Policy – Cisco ISE
• One Management – Cisco Prime Infrastructure
• Conclusion
23
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Cisco Prime Infrastructure Integrated Wired and Wireless Lifecycle and Assurance Management • Provides complete wired and wireless lifecycle
management – Discovery, inventory, configuration, monitoring,
troubleshooting
• Delivers end-to-end network visibility for application and end-user assurance – Uses Cisco® device instrumentation to reveal the
performance of the underlying delivery infrastructure
• Uses granular flow and packet-based analytics from the Cisco Prime™ NAM – Permits deep visibility for rapid resolution of
application and network issues
Single pane of glass for wired and wireless management Lower TCO with intuitive user experience and workflows Speeds troubleshooting, improves network availability
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Realizing One Management
• Regulatory and best practice policies • Automated audit and reporting • Centralized remediation
Cisco Prime Infrastructure User
Productivity
Regulatory and Operational Compliance
Operational Productivity
User, Site & App Experience • App performance visibility • User & site-level visibility • Proactive monitoring • Real-time troubleshooting • Prime 360 Views
Automated Best Practices • Wired/wireless, Branch/WAN • Integrated lifecycle • Cisco best practices built-in • PnP automated deployment • Day 1 Device Support
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Best Practices Ensure Corporate and Regulatory Compliance
• Enables IT organizations assess their network and devices for out-of-policy configurations, security and risk vulnerabilities
• Robust out-of-the-box compliance rules engine for customizable compliance auditing based on Cisco and industry best practice rules Ø Analysis against EOL and PSIRT notifications
• Optional - regulatory compliance reporting against specific industry initiatives such as PCI DSS
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Troubleshoot Wired and Wireless Access Using Cisco Prime Infrastructure for Converged Client Devices
1. Search on user name
2. Identify wired and wireless devices associated with the user
3. Display associated and disassociated devices
4. Use automated client troubleshooting workflow to resolve the issue
5. Issue resolved
USE CASE: User calls in to help center because she cannot get access to financial data on the network. IT determines if she is authorized to access this area.
Troubleshoot user and access issues based on identity Speed resolution with intuitive guided workflows
Cisco Prime™ Infrastructure
Step-by-Step Recommendations
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Isolate Rich Media Issues at a Branch Improved Troubleshooting and Visibility
1. End user experience dashboard identifies source of the issue server/network/endpoint
2. Determine if other users at the same branch are also experiencing degradation
3. Navigate from end user to branch device to determine the interface serving RTP applications
4. Analyze interface dashboard to determine application mix patterns
5. Isolate the issue to wrong classification done by class-based QoS policies on the interface
USE CASE: End user calls about issues with rich media sessions.
Reduce expertise needed by normalizing and correlating performance data
Quickly identify the source of the problem
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Speed Problem Resolution Using Cisco Smart Interactions
1. Fault notification on core switch
2. Operator engages support community
3. Validates issue and opens service request with contextual information about the problem
USE CASE: Help desk operator sees a problem with a gateway router and uses Cisco® smart interactions to help quickly isolate and solve the problem
Seamless access to Cisco support communities Significantly reduces time required to resolve problems
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Agenda
• Introduction
• One Network – Cisco Switching Innovations
• One Policy – Cisco ISE
• One Management – Cisco Prime Infrastructure
• Conclusion
30
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Cisco Unified Access Solutions
• Cisco recognized as industry leader
• Catalyst Innovations bring significant value to IT teams
• ISE and Prime Infrastructure bring unprecedented visibility and control to campus networks
• Gartner Magic Quadrant for Wired and Wireless Access LAN for 2 consecutive years
31
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition
Register for CiscoLive! – San Francisco
32
CiscoLive! – San Francisco May 18 – 22, 2014 www.ciscolive.com/us
Local Edition