You are on page 1of 80

Empowering What’s Next

Cisco
Customer
Education
Cisco Prime: Transform
Your Network with
Cisco

This session was recorded via Cisco WebEx! You can watch
the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=1cd1928b
b30445e5ba2bdd5712a74975
Thanks for your interest and participation!

Empowering What’s Next

Cisco
Customer
Education
Cisco Prime: Transform
Your Network with
Cisco

Connect using the audio conference
box or you can call into the meeting:
1.

Toll-Free: (866) 432-9903

2.

Enter Meeting ID: 209 534 281
and your attendee ID number.

3.

Press “1” to join the conference.

Welcome and Agenda
§

Welcome from Cisco!

§

A Brief History of Networking

§

Cisco Unified Access Overview
§ One Network
§

§

One Policy
§

§

§

Identity Services, MDM

One Management
§

§

Wired, Wireless, WAN

Cisco Prime Infrastructure

Brian J Avery
Territory Business Manager
Florida Territory Commercial
bravery@cisco.com
Priors:
Cisco Sales and Channels (10 yrs)
President and CEO (6 yrs)
Cisco Premier Partner

Network as Enforcer

Director of Sales (2 yrs)
Cisco Silver Partner

Conclusion, Call to Action

Financial Analyst (7 yrs)
Sprint Corporation

Who Is Cisco?

1984
Computer scientists,
Len Bosack and Sandy Lerner
found Cisco Systems

Bosack and Lerner run network
cables between two different
buildings on the
Stanford University campus
A technology has to be invented to deal
with disparate local area protocols;
the multi-protocol router is born
© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

5

Who Is Cisco?
• Dow Jones Industrial Average

Fortune 100 Company
• $145B Market Capitalization
• $48B in Revenue
• $8B in Annual Profits
• $33B More Cash than Debt

Chuck Robbins,
CEO, Cisco

• $5.9B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

6

Market Leadership Matters
No. 1

No. 1

Routing

No. 1

No. 1

Edge/Core/
Access

TelePresence

Wireless LAN

Modular/Fixed

Voice

45%

43%

50%

64%

39%

Switching

No. 1

No. 1

No. 2

No. 1

Web
Conferencing

x86 Blade
Servers

Storage Area
Networks

Security

41%

27%

47%

33%

No. 1

Q1CY14

What Is the Cisco Customer Education Series?
§

CCE is an educational session for current and
prospective Cisco customers

§

Designed to help you understand the capabilities and
business benefits of Cisco technologies

§

Allow you to interact directly with Cisco subject matter
experts and ask questions

§

Offer assistance if you need/want more information,
demonstrations, etc.

A Brief History
of Networking
Who Remembers When?

20 Years Ago:

Cubicles Office Space with different Networks

Wired Ethernet
and
Dedicated Phone
Lines
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

15 Years Ago:

Cisco introduced PoE and VoIP

Simplified wiring &
beginning of
infrastructure
consolidation

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

10 Years Ago:

WiFi with Trusted Wireless

Trusted Wireless
Enabled Mobility

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

5 Years Ago:

Bring Your Own Device (BYOD)

BYOD
Maximized
Flexibility

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Today:

Workspace Transformation, Ent IoT & more

Next Generation
Workspace and New
Services enabled by
the Network

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Ready for the Business and IT Transformation?

78%
New Connected
Experiences
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Optimal
Application
Experience

The network is
increasingly critical.

BYOD and
Mobility

Managed Cloud
Services

IT Simplicity and
Programmability
Cisco Confidential

15

Ready for the Business and IT Transformation?
Policy for employee
device access*

The network is not ready for
BYOD**

The network is not ready for
cloud**

50%

41%

38%

*2012 Cisco IBSG Horizons Study

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

**2013 Cisco Global IT Impact Survey

Cisco Confidential

16

Cisco
Unified Access
The Intelligent Platform for a Connected World

Calling all
Autobots!

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

With Cisco, You Can

Have a Network That Drives Your Business
Making IT More Responsive to the Business
Less Time on IT Operations, More Time on IT Business Innovation

One Policy
Simple
Secure

One Management

Lower
TCO
One Network
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

One Network

Cisco Catalyst Switches – from Access to Backbone!
New products across the complete portfolio

Catalyst 3850/3650

Catalyst 4500E
with SUP8-E

Catalyst 2960

Advanced fixed
switching with
Unified Access

Smart, simple,
green & secure
wired access
LOWER
TCO

END-TO-END
SECURITY

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Catalyst 6500/6800

Flexible, scalable,
feature-rich
modular access

APPLICATION
VISIBILITY

INVESTMENT
PROTECTION

Enterprise
backbone
optimized for
10/40/100G
PERFORMANCE
21
Cisco Confidential
& SCALE

Catalyst Access Portfolio

From essential connectivity to Unified Access for next-generation workspaces
UNIFIED
WORKSPACE

BYOD

Video

Mobility

Converged Wired/Wireless Access

• Secure, reliable access

Features

• Low TCO & energy-efficient


Scale and performance
Resiliency & high availability


Application Visibility
Cisco TrustSec

Competitiv e Feature Set
at Compelling Prices

Scale

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Catalyst Converged Access Switching Portfolio

Industry-Leading Switching - Deployment Choices, Flexibility, Affordability
STACKABLE SWITCHES

Advanced Functionality

High-Performance Stackable Switch

Access points
supported
Base Stackable Switch

Stacking bandwidth

• 25 access points
• 160G stacking bandwidth
• Fixed uplink

Cisco® Catalyst® 3650

• Modular uplinks

Cisco Catalyst 3850

MODULAR SWITCHES
Highly Adopted Switching Platform

Bandwidth
(928 Gbps)
• Modular 8 x 1 and 10
Gigabit Ethernet Uplinks

Cisco Catalyst 4500E with
Supervisor 8-E

Performance and Investment Protection
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

UADP ASIC in Catalyst 3850/3650 Enables Convergence
Built on UADP
• Unified Access Data Plane
• Unique and powerful Cisco innovation

Hardware performance with
software flexibility

• Optimized Performance

CAPWAP encapsulation/de-capsulation,
Flexible Netflow, QoS happens in ASIC for
line rate performance

• Future Proofed and Programmable

Flexparser enables new software features
(like SDN) over the product lifetime

• UADP is used across multiple platforms

Catalyst 3850/3650, Sup 8E, WLC5760

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

Unified Access – Wired/Wireless on One Network
Cisco Wireless
LAN Controller
Internal
Resources

One Network
Corporate
Network
Cisco
Access Point

Internet
Cisco Firewall

Catalyst
Switch

C o n v e rge d A c c e s s M o d e

© 2013-2014

• Integrated wireless
controller
LAN Mgmt
• Distributed wired/wireless
Solution
data plane (CAPWAP
Wireless
Identity
OneControl
Policy ISE
termination
Cisco and/or its affiliates.
All rights reserved. on switch)
System

Mgmt

Access Control
Server

Guest
NAC
One Management
Prime
Cisco Confidential
Server
Profiler

25

NEXT GENERATION COMPACT

Extend the Network

Quiet but Capable

Flexibility in Deployment

Ideal for Retail Kiosks, Classrooms,
Conference Rooms, Hotel
Suites…outside the wiring closet

Fanless with full-size
capabilities, UpoE, Perpetual
PoE, Mgig, DC powered

Nbase-T, Copper/Fiber,
Standalone or Instant Access
Mode, PnP with APIC-EM

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26

Security

Segmentation with Cisco TrustSec
Business Policy:
• Who can talk to whom
• Who can talk to what systems
• What systems can talk to other systems




Simplifies policy implementation
Simplifies security operations
Accelerates business agility
Lowers network cost and
complexity

Aggregation Layer

Data Center Firewall

Data Tag
Supplier Tag
Guest Tag

Destination
Source

HR Database

Prod HRMS

Exec BYOD

X

X

Exec PC

X

HR Database

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Storage

Quarantine Tag

X

Access Layer

X
X

Voice

Data

Suppliers

Quarantine
GuestCisco Confidential
27

Smart Operations

APIC EM

Lower TCO

Sleep

Zero Touch Deployments
and Maintenance
NG Plug n Play
Sm art Install
Instant Access
• Softw are image &
Configuration dow nloaded
• Consistent for Devices &
PIN
• On-going Image Update
and Configuration Backup

Easy Configurations
for endpoints

Sleep

Monitor and troubleshoot

Auto Sm art Ports
Auto Conf
Interface Tem plates
• Port Configuration:
Applied
• QoS Policy:
Enforced
• Security Policy:
Enforced

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Sm art Call Hom e
IPSLA




Proactive diagnostics
Real time Alerts
Web-based reports
Routed to TAC team

Sleep

Program the network
EEM, XML
Program m ability

• Ability to take custom
actions based on
syslogs/triggers
• Enhanced Flexibility and
control

Reduce energy consumption
Energyw ise and EEE

• EEE ready
• Energyw ise – Time of the
day policy based on/off of
access devices
• 0 $ SKUs for energy
management
Cisco Confidential

28

High Availability

Protecting Business Continuity
StackPower

FlexStack+

Stateful SwitchOver

Physical Redundancy

Stateful Switchover

Network Resiliency

• Redundant Pow er
Supplies
• StackPow er w ith 3850
• Redundant Fan Trays for
Chassis Systems
• Redundant Supervisors
for Chassis Systems

• Stackable Support:
3850 and 3650
• Intra-chassis support:
6800, 6500 and 4500
• Inter-Chassis support:
w ith VSS

• NSF support for OSPF,
EIGRP, ISIS, BGP
• NSF reduces forw arding
table churn
• BGP PIC
• Graceful Restart for IPv4
& IPv6 w ith various
routing protocols
• OSPFv3 Non-Stop
Routing

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Virtual Switching System

Upgrade Management Infrastructure Redundancy
• ISSU for hitless softw are
upgrade
• EFSU for minimal
disruption during softw are
upgrade

• VSS
• Instant Access
• Multi-chassis
EtherChannel (MEC)
provides hardw are-based
failover
• VSS Quad-Sup SSO w ith
Sup2T

Cisco Confidential

29

Cisco Multigigabit Ethernet
Key Differentiators

Maintain Switch to AP Reach at Higher Speeds
Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à Future proofed for higher speeds

Infrastructure Investment Protection
Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield
Supports Cat6a cabling for Greenfield deployments for higher speeds

POE/POE+/UPOE
Cisco Innovation over 10GT Standard to support high end point power needs

Standards Compliant
1G and 10G BaseT IEEE standards, intermediate speeds WIP

Cisco Confidential

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

4500E Multigigabit Line Card

C3850 12 port and 24 port Multigigabit

30

Compact Multigigabit switch 3650CX

Cisco Multigigabit Ethernet Cabling Support
Maximum Investment Protection

§

Cable Type

1G

2.5G

5G

10G

Cat5e

100m

100m

100m *

N/A

Cat6

100m

100m

100m

55m

Cat6a

100m

100m

100m

100m

Auto-negotiation of cable type of speeds supported

*
§
§

0-55m: no restrictions
55-100m: based on customer cabling infrastructure and configuration, there are some corner cases in which customers
will experience less than 100m support. In these cases, the system will automatically default to 2.5G (post-FCS SW
release support)

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

31

This MUST be
Autobot
technology.

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

32

Gigabit Wi-Fi is Here…
Capturing the Potential
of 802.11ac

Market: Why Gigabit Wi-Fi / 802.11ac now…!!!

Wi-Fi as Primary –
Ethernet as Fallback
Connectivity

Wireless (53%) will
bypass Wired traffic
(40%) by 20171

1 Cisco VNI Global Mobile Data Forecast 2012-2017,

2 AVI Research

50% new devices will
be 802.11ac by end of
2014, 75% by 20152

3 Nemertes Research Global Mobile Research 2013

Wi-Fi Speed

6900**

Gigabit Wi-Fi as Primary

6900**

8
Spatial
Streams

3500**

4
Spatial
Streams

2340**

1300*

1730**

2
Spatial
Stream

870*

600
450
300

430*

802.11

1997

24

3X the Performance
802.11b
802.11a/g
over 802.11n

1999

2003

2 Gigabit
Ethernet Uplinks

Gigabit
Ethernet Uplink

54
11

Desktops

3SS

Desktops / Laptops

2SS

Laptops / Tablets

1SS

Tablets / Smartphones

1
Spatial
Stream

= Connect Rates (Mbps)

65

2

430*

4SS

2X the802.11ac
Battery Life
802.11ac
over
802.11n
Wave
1
Wave 2

802.11n

2007

2013

2016

SS = Spatial Streams

No Price
Premium
*Assuming 80 MHz
overand
802.11n
suitable

channel is available

**Assuming 160 MHz channel is
available and suitable

Wi-Fi as Primary Connectivity Changes Everything
Improve Customer Experience

Treat more Patients

Mobile Physicians and Staff
Enabling the “real-time” Physician


Improve Services Delivery

Reach more Students

Mobile Faculty and Students
Enabling the always connected student


Mobile Technicians and Engineers
Connecting the previously unconnected

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Mobile Staff and Services
Reach more of those you serve

Increase Sales

Increase Production

Mobile Insurance Agents
Enabling the “real-time” Agent


Mobile Sales Associates
Enabling the “real-time” in-store sale
Cisco Confidential

36

Mobile Devices as the
“Most Important” Technology

OF STUDENTS

OF EMPLOYEES

SAY A MOBILE DEVICE
(LAPTOP, SMARTPHONE, TABLET) IS
“THE MOST IMPORTANT
TECHNOLOGY IN THEIR LIVES.”

SMARTPHONES ARE POISED TO SURPASS DESKTOPS AS THE
MOST PREVALENT TOOL FROM A GLOBAL PERSPECTIVE

© 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

37

Changing People

OF COLLEGE
STUDENTS

COLLEGE STUDENTS AND
YOUNG PROFESSIONALS

Air
Water
Food
Shelter
WiFi/Internet
CONSIDER THE INTERNET TO BE A “FUNDAMENTAL”
HUMAN RESOURCE

© 2014 Cisco and/or its affiliates. All rights reserved.

AND
OF YOUNG
EMPLOYEES

SAY THEY COULD NOT LIVE WITHOUT
THE INTERNET
Cisco Confidential

38

Why Cisco for Gigabit Wi-Fi / 802.11ac

Only AP manufacturer
that built their own
Radio ASIC

Most CPU and
Memory per AP in
the industry

Suite of High Client
and Access Point
Density
capabilities

Only Modular and
Future Proofed Access
Point in the industry

Unique Gigabit Wi-Fi / 802.11ac Access Point Design

2.4GHZ Radio

THE CISCO ADVANTAGE
CPU

More onboard CPU Processing and
Memory than any other Access Point
design in the industry – with no price
premium over previous generations

DRAM (128)

5GHZ Radio

CPU

DRAM (128)

DRAM (512)
CPU

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

40

Cisco High Density Experience (HDX)

Turbo Performance
Improves the efficiency of airtime
utilization and channel capacity

Optimized Roaming
Intelligently determines the
optimum time to roam

Cisco CleanAir® 80Mhz
Mitigates interference and improves
channel capacity

Cisco ClientLink 3.0
Improves legacy and 802.11ac
Client performance

Noise Reduction*
Enables Dense Access Point
Coexistence / implementation
*Future

Industries Most Comprehensive Gigabit Wi-Fi Portfolio
Best in Class
Modular

Mission Critical

High-Performance
Fixed

Fixed
802.11ac with HDX

M R34
802.11ac

802.11ac with HDX

802.11n with 802.11ac Module

ON-PREMISE

CLOUD MANAGED

Cisco Unified Access:
The Foundation For Connected Mobile Experiences
How It Works

DETECT

CONNECT

ENGAGE

GUEST PRESENCE

GUEST ACCESS

GUEST EXPERIENCE

Mobile devices and characteristics
detected before they enter the
venue

• Seamless and secure Wi-Fi connectivity
• Preferences, profile, device, and roaming

credentials identified

Highly relevant content and services
based on user attributes and realtime location

LOCATION ANALYTICS
Insights into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density, etc.

Imagine The Possibilities
Industry Use Cases

HOSPITALITY

RETAIL

Context-rich
notifications
• Use of loyalty app
encouraged
• In-venue high-value
shopper engagement

CONNECTED
TRAVELERS

CONNECTED
GUESTS

CONNECTED
CONSUMERS

TRANSPORTATION

Indoor maps with
featured attractions
• Personalized thirdparty advertising
• Special promotions

CONNECTED
PATIENTS

Better planning for high- • Café and gift shop
orders and delivery
traffic areas
• Transportation updates, • Maps and wayfinding
integrated into
indoor directions
patient apps
• Third-party advertising
• Nearby services
opportunities
notifications

EDUCATION

HEALTHCARE

CONNECTED
STUDENTS
Campus maps and
directions
• Stadium sales and
athletic event
experience
• Real-time bus maps

Analytics That Aid Business Decisions
Which Area Did People Spend Tim e In?

What Were the Peak Tim es
in the Venue?

Most Frequently Used Paths in the Venue

Are They New or Repeat
Custom ers?

Wi-Fi Stats:
Associated vs. Nonassociated Devices

Not All Gigabit Wi-Fi Solutions are Created Equal
802.11ac
with HDX

Optimized Wi-Fi Network
Improved Experience on ALL Devices
Cisco is the ONLY SOLUTION
with High-Definition Experience
Technology (HDX)

Increased Scale and Coverage
Support Bandwidth Intensive Apps.
Support More Devices Than 802.11n
Improved Device Power Efficiency

All Gigabit
Wi-Fi
Vendors

802.11ac

Transform Your
Network!

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

47

Branch and WAN Opportunity

Digital Innovation Overwhelming the Branch
MORE
USERS
Digital
Displays

Guest
WiFi

Omni-channel
Apps

SaaS Enterprise
Apps

HD
Video

MORE
APPS

Online
Training

80%
Of employee and
customers are served in
branch offices*

20-50%
Increase in Enterprise
bandwidth per year
through 2018**

BRANCH
Social
Media

OS
Updates

Mobile
Apps

*Tech Target, Branch Office Growth Demands New Devices., 2013
**Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2014 Update
*** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

MORE
THREATS

30%
Of advanced threats will
target branch offices by
2016 (up from 5%) **
Cisco Confidential

49

Cisco Branch Strategy
SECURITY

Cisco Unified Access (UA)

Cisco Intelligent WAN (IWAN)

Connected Mobile Experiences

Converged Branch Infrastructure

LAN
Users

WAN

BRANCH

Data Centers/
Cloud

Cisco ACI

Automation, Orchestration,
Programmability

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

50

Cisco Strategy for Accelerating Branch Innovation
SECURITY

Cisco Unified Access (UA)

Cisco Intelligent WAN (IWAN)

LAN

WAN

Connected Mobile Experiences

Users

Converged Branch Infrastructure

BRANCH

Data Centers/
Cloud

Cisco ACI

Automation, Orchestration,
Programmability

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

51

Cisco Intelligent WAN Vision
UNCOMPROMISED EXPERIENCE OVER ANY CONNECTION

Any
User

Private
Cloud
Hybrid
Cloud

Any
Application

Public
Cloud

Align Infrastructure to Better Business Outcomes
Application
Experience
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Secure
Access

Lower
Costs

IT
Simplicity
Cisco Confidential

52

Introducing New IWAN Innovations
Elevating to an Application-Centric WAN
High Performance
Hybrid WAN

Secure Direct
Internet Access

Automate
WAN Provisioning

Internet
MPLS

3G/4
G

APP

Public
Cloud

App-aware services with
high performance; low cost
NEW

Intelligent Path Selection
Akamai Connect

365

Threat-centric services
elevate branch defense
NEW

Sourcefire IDS
CloudWeb Security

Centralized policy with
distributed enforcement
NEW

IWAN App with APIC
Open Ecosystem

Purpose-Built Branch Infrastructure: Cisco ISR 4000 Series
with Cisco ONE Software purchase options
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

53

Application-Aware Services

Maximize Apps Experience and Bandwidth Use
Intelligent Path Selection
(PfRv3)

Akamai Connect

NEW
Now Shipping

Now Shipping

Internet
MPLS

3G/4G

ISR-AX

High Quality Experience
Over Any Connection

Enabling New
Digital Experiences

Simple application-based policies
One-touch, hub-only configuration

Intelligent web caching
Content prepositioning
Dramatically offloads WAN

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

54

Threat-Aware Services

Comprehensive Branch Threat Defense
Cloud Web Security with
Advanced Malware Protection

Sourcefire IDS on UCS-E
NEW

NEW
Limited Availability
2HCY2014

Available 1HCY15

Delivers Branch Defense

Secure Internet Access

99% protection against attacks
Most powerful detection software

Scale Internet edge to the branch
Address full attack continuum

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

55

Re-designed Architecture For Branch Agility
Service Aware
Data Plane
for Efficient traffic handling

Virtualized Services
Framework
Flexible virtualized application services

Converged Branch
with UCS E-Series

Cisco ISR 4000

Integrated network, compute, storage

Pay-as-You-Grow
Performance and services on demand

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

56

One Policy

Cisco Identity Services Engine (ISE)
NETWORK / USER
CONTEXT

Who

INTEGRATED PARTNER
ECOSYSTEM

What

When Where

How

Access Policy
Guest
Visitor

BYOD
Employee
User

2013-2014 Cisco and/or its
affiliates. All rights reserved.UNKNOWNS
ü© MINIMIZE
NETWORK
ü REDUCE YOUR ATTACK SURFACE

CXO Level
Secure
Access

Compromised
Device

58
CiscoCONTROL
Confidential
ü ENFORCE THE RIGHT LEVEL OF ACCESS
ü CONTAIN MALICIOUS NETWORK THREATS

Role-Based Secure Access with ISE

Confidential
Patient Records

Who: Doctor
What: Laptop
Where: Office

Internal Employee
Intranet
Who: Doctor
What: iPad
Where: Office

Internet
Who: Guest
What: iPad
Where: Office

ü Acquires Important Context & Identity from the Network
ü Implements Context-Aware Classification & Policy
ü Provides Differentiated Access to the Network

Enterprise Mobility Management Integrations
Enforce True Device Compliance for All Mobile Devices
Sees unregistered devices on the network?

Sees ALL devices on the network

Forces EMM Policy Compliance?

Requires devices to comply with EMM policy

Keeps noncompliant devices off network?

Provides guest access to non-EMM devices

EMM
Secures Actual Device

SOLUTION

Cisco ISE
Secures Network Access

ISE + EMM
Together

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

60

One Management

Cisco
Prime!

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

62

Cisco Prime Infrastructure

Realizing the Vision of One Management
Lifecycle
Converged
management
with integrated best
practices

Data Center

Assurance

Simplified operations
management

Campus Branch to DC
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

End-to-end application
experience and visibility

Day 0 to Day N

Application-Centric
Cisco Confidential

63

Wireless Management

Get Comprehensive Configuration and Operational Productivity
Network Configuration

Network Health

Troubleshooting

§

Discovery, inventory, SWIM,
compliance – PSIRT

§

Maps-based planning for access
point placement

§

End-user troubleshooting –
authentication and access

§

Controller and access point
deployment, configuration audit

§

Sites and virtual domains

§

§

Rogue, security, voice audit, mesh

Users and devices, and
applications

Network configuration, guest
access, RRM

§

Performance reporting and fault
management

§

Client tracking

§

Visualization of users, rogues,
interferers through maps

§
§

Integration with
ISE

Cisco®

MSE and

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

64

Switch Management with Cisco Prime Infrastructure
Network Configuration and Health
Fault
Plug and
Play (New
device in
network)

Lifecycle
Management

Discovery
and
Inventory

Configura
tion
Archive
and SWIM

Platforms
Supported

Managem
ent
(Syslog
and Trap
Processing
)

CAT2960

EEM

Trustsec
Work
Center

Wireshark

Quality of
Service

CAT
3560,
3650,
3750,
3850

Performa
nce
Managem
ent

CAT4500

User
Tracking

Configura
tion
(Features:
ACL,
VLAN,
etc)

CAT
6500,
CAT6800

EoL/EoS
Reports

Network and Application Assurance
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

65

Router Management with Cisco Prime Infrastructure
Network Configuration and Health
Lifecycle
Management

Plug and
Play (New
device in
network)

Discovery
and
Inventory

ISR
800
Series

Platforms
Supported

IWAN
Management

Configurati
on Archive
and SWIM

DM-VPN

AVC –
Visibility
and
Performanc
e

Performanc
e Routing

Fault
Manageme
nt (Syslog
and Trap
Processing)

ISR G1
Series

Quality of
Service

Configurati
on
(Features:
VPN, ACL,
VLAN, etc)

Performanc
e
Manageme
nt

ISR G2
1900
2900
3900

ISR
4300
4400

Zone based
firewall

ASR
1000
Series

WAAS

Network and Application Assurance
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

66

Simplified IWAN Management

Guided Workflow to
help design and deploy
IWAN on your branch
or hub

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

67

Prime Infrastructure Highlights – Application Experience
Service Health Dashboard for Sites, Users and Applications
• Automated Baselining

Proactive Performance Troubleshooting

Service Health Dashboard

• AVC Configuration for ISR/ASR

One-click AVC Configuration

AVC Monitoring Customization

• NBAR2 Custom Applications
• Embedded Packet Capture for ASR
• Top URL/Domain Views

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

68

Network as Enforcer

You Can’t Protect What You Can’t See
The Network Gives Deep and Broad Visibility

0101
0100
1011

0101
0100
1011

0101
0100
1011

0101
0100
1011

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

70

NetFlow – The Heart of Network as a Sensor
Example: NetFlow Alerts With Lancope StealthWatch
Network Scanning

Botnet Detection

TCP, UDP, Port Scanning Across Multiple Hosts

When Inside Host Talks to Outside C&C Server
for an Extended Period of Time

Denial of Service

Fragmentation Attack

SYN Half Open; ICMP/UDP/Port Flood

Host Sending Abnormal # Malformed Fragments.

Host Reputation Change

Worm Propagation

Inside Host Potentially Compromised or
Received Abnormal Scans or Other Malicious Attacks

Worm Infected Host Scans and Connects to the Same Port Across
Multiple Subnets, Other Hosts Imitate the Same Above Behavior

Data Exfiltration
Large Outbound File Transfer VS. Baseline
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

71

What is the StealthWatch System?
§

The StealthWatch System . . .
§

§

Collects and analyzes NetFlow data and brings it together with user
information, application awareness, and other security context to provide
pervasive visibility and security intelligence across the network.

StealthWatch helps organizations:
§
§
§

Accelerate incident identification and response.
Improves forensic investigations.
Reduces overall enterprise risk.

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

1/30/2

Cisco Confidential

72

72

Use Case – Defense against Data Breaches
Anatomy of a Data Breach
Network as Enforcer

Perimeter
(Inbound)

1

2

Infiltration and
Backdoor establishm ent

Reconnaissance and
Netw ork Traversal

enterprise network
C2 Server

Attacker

5

Data
Exfiltration

Admin Node

Perimeter
(Outbound)
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

4

3

Exploitation and
Privilege Elevation

Staging and
Persistence (Repeat 2,3,4)
Cisco Confidential

73

What Can the Network Do for You?
Network as Sensor

Detect Anomalous Traffic Flows, Malware

e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration

Detect App Usage, User Access Policy Violations
e.g. Maintenance Contractor Accessing Financial Data

Detect Rogue Devices, APs and More

e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

74

Conclusion

Cisco Unified Access Portfolio

Robust Converged Wired And Wireless Solution
Cisco Unified Access
One Policy

One Network
Co ntrollers and Converged Access Switches: Common OS, UADP ASIC

Cis co® Identity Services Engine (ISE)
En try-level
S witches

MDM

SIEM

S ta ckable Switches

2960X/XR

4500-E w/Sup. 8 -E

Access P oints

One Management
Cis co Prime™ Infrastructure

3650

38 50

S witching P latform

S ma ll to Midsize
En terprise

1600

Fe a ture-Optimized
En terprise

2600

M idsize to Large
En terprise

3600

H igh-Density
En terprise

Lo w
P rofile

La r ger
D e ployments

3700 w/HDX

1530

1550

Conclusion

Thank You and Next Steps

Contact Your Cisco Partner
www.

https://tools.cisco.com/WWChannel
s/LOCATR/performBasicSearch.do

Brian Avery
bravery@cisco.com
Learn more at:
http://www.cisco.com/go/unifiedaccess

Join us again for a future Cisco Customer Education Event

CCE sessions are held weekly on a variety of topics

CCE sessions can help you understand the
capabilities and business benefits of Cisco
technologies

Watch replays of past events and register for
upcoming events!

Visit http://cs.co/cisco101 for details