You are on page 1of 80

Empowering Whats Next

Cisco
Customer
Education
Cisco Prime: Transform
Your Network with
Cisco

This session was recorded via Cisco WebEx! You can watch
the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=1cd1928b
b30445e5ba2bdd5712a74975
Thanks for your interest and participation!

Empowering Whats Next

Cisco
Customer
Education
Cisco Prime: Transform
Your Network with
Cisco

Connect using the audio conference


box or you can call into the meeting:
1.

Toll-Free: (866) 432-9903

2.

Enter Meeting ID: 209 534 281


and your attendee ID number.

3.

Press 1 to join the conference.

Welcome and Agenda

Welcome from Cisco!

A Brief History of Networking

Cisco Unified Access Overview


One Network

One Policy

Identity Services, MDM

One Management

Wired, Wireless, WAN

Cisco Prime Infrastructure

Brian J Avery
Territory Business Manager
Florida Territory Commercial
bravery@cisco.com
Priors:
Cisco Sales and Channels (10 yrs)
President and CEO (6 yrs)
Cisco Premier Partner

Network as Enforcer

Director of Sales (2 yrs)


Cisco Silver Partner

Conclusion, Call to Action

Financial Analyst (7 yrs)


Sprint Corporation

Who Is Cisco?

1984
Computer scientists,
Len Bosack and Sandy Lerner
found Cisco Systems

Bosack and Lerner run network


cables between two different
buildings on the
Stanford University campus
A technology has to be invented to deal
with disparate local area protocols;
the multi-protocol router is born
2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Who Is Cisco?
Dow Jones Industrial Average

Fortune 100 Company


$145B Market Capitalization
$48B in Revenue
$8B in Annual Profits
$33B More Cash than Debt

Chuck Robbins,
CEO, Cisco

$5.9B in Research and Development


http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Market Leadership Matters


No. 1

No. 1

Routing

No. 1

No. 1

Edge/Core/
Access

TelePresence

Wireless LAN

Modular/Fixed

Voice

45%

43%

50%

64%

39%

Switching

No. 1

No. 1

No. 2

No. 1

Web
Conferencing

x86 Blade
Servers

Storage Area
Networks

Security

41%

27%

47%

33%

No. 1

Q1CY14

What Is the Cisco Customer Education Series?

CCE is an educational session for current and


prospective Cisco customers

Designed to help you understand the capabilities and


business benefits of Cisco technologies

Allow you to interact directly with Cisco subject matter


experts and ask questions

Offer assistance if you need/want more information,


demonstrations, etc.

A Brief History
of Networking
Who Remembers When?

20 Years Ago:

Cubicles Office Space with different Networks

Wired Ethernet
and
Dedicated Phone
Lines
2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

15 Years Ago:

Cisco introduced PoE and VoIP

Simplified wiring &


beginning of
infrastructure
consolidation

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

10 Years Ago:

WiFi with Trusted Wireless

Trusted Wireless
Enabled Mobility

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

5 Years Ago:

Bring Your Own Device (BYOD)

BYOD
Maximized
Flexibility

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Today:

Workspace Transformation, Ent IoT & more

Next Generation
Workspace and New
Services enabled by
the Network

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Ready for the Business and IT Transformation?

78%
New Connected
Experiences
2013-2014 Cisco and/or its affiliates. All rights reserved.

Optimal
Application
Experience

The network is
increasingly critical.

BYOD and
Mobility

Managed Cloud
Services

IT Simplicity and
Programmability
Cisco Confidential

15

Ready for the Business and IT Transformation?


Policy for employee
device access*

The network is not ready for


BYOD**

The network is not ready for


cloud**

50%

41%

38%

*2012 Cisco IBSG Horizons Study

2013-2014 Cisco and/or its affiliates. All rights reserved.

**2013 Cisco Global IT Impact Survey

Cisco Confidential

16

Cisco
Unified Access
The Intelligent Platform for a Connected World

Calling all
Autobots!

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

With Cisco, You Can

Have a Network That Drives Your Business


Making IT More Responsive to the Business
Less Time on IT Operations, More Time on IT Business Innovation

One Policy
Simple
Secure

One Management

Lower
TCO
One Network
2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

One Network

Cisco Catalyst Switches from Access to Backbone!


New products across the complete portfolio

Catalyst 3850/3650

Catalyst 4500E
with SUP8-E

Catalyst 2960

Advanced fixed
switching with
Unified Access

Smart, simple,
green & secure
wired access
LOWER
TCO

END-TO-END
SECURITY

2013-2014 Cisco and/or its affiliates. All rights reserved.

Catalyst 6500/6800

Flexible, scalable,
feature-rich
modular access

APPLICATION
VISIBILITY

INVESTMENT
PROTECTION

Enterprise
backbone
optimized for
10/40/100G
PERFORMANCE
21
Cisco Confidential
& SCALE

Catalyst Access Portfolio

From essential connectivity to Unified Access for next-generation workspaces


UNIFIED
WORKSPACE

BYOD

Video

Mobility

Converged Wired/Wireless Access

Secure, reliable access

Features

Low TCO & energy-efficient

Scale and performance


Resiliency & high availability

Application Visibility
Cisco TrustSec

Competitiv e Feature Set


at Compelling Prices

Scale

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Catalyst Converged Access Switching Portfolio

Industry-Leading Switching - Deployment Choices, Flexibility, Affordability


STACKABLE SWITCHES

Advanced Functionality

High-Performance Stackable Switch

Access points
supported
Base Stackable Switch

Stacking bandwidth

25 access points
160G stacking bandwidth
Fixed uplink

Cisco Catalyst 3650

Modular uplinks

Cisco Catalyst 3850

MODULAR SWITCHES
Highly Adopted Switching Platform

Bandwidth
(928 Gbps)
Modular 8 x 1 and 10
Gigabit Ethernet Uplinks

Cisco Catalyst 4500E with


Supervisor 8-E

Performance and Investment Protection


2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

UADP ASIC in Catalyst 3850/3650 Enables Convergence


Built on UADP
Unified Access Data Plane
Unique and powerful Cisco innovation

Hardware performance with


software flexibility

Optimized Performance

CAPWAP encapsulation/de-capsulation,
Flexible Netflow, QoS happens in ASIC for
line rate performance

Future Proofed and Programmable

Flexparser enables new software features


(like SDN) over the product lifetime

UADP is used across multiple platforms

Catalyst 3850/3650, Sup 8E, WLC5760

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

Unified Access Wired/Wireless on One Network


Cisco Wireless
LAN Controller
Internal
Resources

One Network
Corporate
Network
Cisco
Access Point

Internet
Cisco Firewall

Catalyst
Switch

C o n v e rge d A c c e s s M o d e

2013-2014

Integrated wireless
controller
LAN Mgmt
Distributed wired/wireless
Solution
data plane (CAPWAP
Wireless
Identity
OneControl
Policy ISE
termination
Cisco and/or its affiliates.
All rights reserved. on switch)
System

Mgmt

Access Control
Server

Guest
NAC
One Management
Prime
Cisco Confidential
Server
Profiler

25

NEXT GENERATION COMPACT

Extend the Network

Quiet but Capable

Flexibility in Deployment

Ideal for Retail Kiosks, Classrooms,


Conference Rooms, Hotel
Suitesoutside the wiring closet

Fanless with full-size


capabilities, UpoE, Perpetual
PoE, Mgig, DC powered

Nbase-T, Copper/Fiber,
Standalone or Instant Access
Mode, PnP with APIC-EM

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26

Security

Segmentation with Cisco TrustSec


Business Policy:
Who can talk to whom
Who can talk to what systems
What systems can talk to other systems

Simplifies policy implementation


Simplifies security operations
Accelerates business agility
Lowers network cost and
complexity

Aggregation Layer

Data Center Firewall

Data Tag
Supplier Tag
Guest Tag

Destination
Source

HR Database

Prod HRMS

Exec BYOD

Exec PC

HR Database

2013-2014 Cisco and/or its affiliates. All rights reserved.

Storage

Quarantine Tag

Access Layer

X
X

Voice

Data

Suppliers

Quarantine
GuestCisco Confidential
27

Smart Operations

APIC EM

Lower TCO

Sleep

Zero Touch Deployments


and Maintenance
NG Plug n Play
Sm art Install
Instant Access
Softw are image &
Configuration dow nloaded
Consistent for Devices &
PIN
On-going Image Update
and Configuration Backup

Easy Configurations
for endpoints

Sleep

Monitor and troubleshoot

Auto Sm art Ports


Auto Conf
Interface Tem plates
Port Configuration:
Applied
QoS Policy:
Enforced
Security Policy:
Enforced

2013-2014 Cisco and/or its affiliates. All rights reserved.

Sm art Call Hom e


IPSLA

Proactive diagnostics
Real time Alerts
Web-based reports
Routed to TAC team

Sleep

Program the network


EEM, XML
Program m ability

Ability to take custom


actions based on
syslogs/triggers
Enhanced Flexibility and
control

Reduce energy consumption


Energyw ise and EEE

EEE ready
Energyw ise Time of the
day policy based on/off of
access devices
0 $ SKUs for energy
management
Cisco Confidential

28

High Availability

Protecting Business Continuity


StackPower

FlexStack+

Stateful SwitchOver

Physical Redundancy

Stateful Switchover

Network Resiliency

Redundant Pow er
Supplies
StackPow er w ith 3850
Redundant Fan Trays for
Chassis Systems
Redundant Supervisors
for Chassis Systems

Stackable Support:
3850 and 3650
Intra-chassis support:
6800, 6500 and 4500
Inter-Chassis support:
w ith VSS

NSF support for OSPF,


EIGRP, ISIS, BGP
NSF reduces forw arding
table churn
BGP PIC
Graceful Restart for IPv4
& IPv6 w ith various
routing protocols
OSPFv3 Non-Stop
Routing

2013-2014 Cisco and/or its affiliates. All rights reserved.

Virtual Switching System

Upgrade Management Infrastructure Redundancy


ISSU for hitless softw are
upgrade
EFSU for minimal
disruption during softw are
upgrade

VSS
Instant Access
Multi-chassis
EtherChannel (MEC)
provides hardw are-based
failover
VSS Quad-Sup SSO w ith
Sup2T

Cisco Confidential

29

Cisco Multigigabit Ethernet


Key Differentiators

Maintain Switch to AP Reach at Higher Speeds


Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) Future proofed for higher speeds

Infrastructure Investment Protection


Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield
Supports Cat6a cabling for Greenfield deployments for higher speeds

POE/POE+/UPOE
Cisco Innovation over 10GT Standard to support high end point power needs

Standards Compliant
1G and 10G BaseT IEEE standards, intermediate speeds WIP

Cisco Confidential

2013-2014 Cisco and/or its affiliates. All rights reserved.

4500E Multigigabit Line Card

C3850 12 port and 24 port Multigigabit

30

Compact Multigigabit switch 3650CX

Cisco Multigigabit Ethernet Cabling Support


Maximum Investment Protection

Cable Type

1G

2.5G

5G

10G

Cat5e

100m

100m

100m *

N/A

Cat6

100m

100m

100m

55m

Cat6a

100m

100m

100m

100m

Auto-negotiation of cable type of speeds supported

0-55m: no restrictions
55-100m: based on customer cabling infrastructure and configuration, there are some corner cases in which customers
will experience less than 100m support. In these cases, the system will automatically default to 2.5G (post-FCS SW
release support)

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

31

This MUST be
Autobot
technology.

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

32

Gigabit Wi-Fi is Here


Capturing the Potential
of 802.11ac

Market: Why Gigabit Wi-Fi / 802.11ac now!!!

Wi-Fi as Primary
Ethernet as Fallback
Connectivity

Wireless (53%) will


bypass Wired traffic
(40%) by 20171

1 Cisco VNI Global Mobile Data Forecast 2012-2017,

2 AVI Research

50% new devices will


be 802.11ac by end of
2014, 75% by 20152

3 Nemertes Research Global Mobile Research 2013

Wi-Fi Speed

6900**

Gigabit Wi-Fi as Primary

6900**

8
Spatial
Streams

3500**

4
Spatial
Streams

2340**

1300*

1730**

2
Spatial
Stream

870*

600
450
300

430*

802.11

1997

24

3X the Performance
802.11b
802.11a/g
over 802.11n

1999

2003

2 Gigabit
Ethernet Uplinks

Gigabit
Ethernet Uplink

54
11

Desktops

3SS

Desktops / Laptops

2SS

Laptops / Tablets

1SS

Tablets / Smartphones

1
Spatial
Stream

= Connect Rates (Mbps)

65

430*

4SS

2X the802.11ac
Battery Life
802.11ac
over
802.11n
Wave
1
Wave 2

802.11n

2007

2013

2016

SS = Spatial Streams

No Price
Premium
*Assuming 80 MHz
overand
802.11n
suitable

channel is available

**Assuming 160 MHz channel is


available and suitable

Wi-Fi as Primary Connectivity Changes Everything


Improve Customer Experience

Treat more Patients

Mobile Physicians and Staff


Enabling the real-time Physician

Improve Services Delivery

Reach more Students

Mobile Faculty and Students


Enabling the always connected student

Mobile Technicians and Engineers


Connecting the previously unconnected

2013-2014 Cisco and/or its affiliates. All rights reserved.

Mobile Staff and Services


Reach more of those you serve

Increase Sales

Increase Production

Mobile Insurance Agents


Enabling the real-time Agent

Mobile Sales Associates


Enabling the real-time in-store sale
Cisco Confidential

36

Mobile Devices as the


Most Important Technology

OF STUDENTS

OF EMPLOYEES

SAY A MOBILE DEVICE


(LAPTOP, SMARTPHONE, TABLET) IS
THE MOST IMPORTANT
TECHNOLOGY IN THEIR LIVES.

SMARTPHONES ARE POISED TO SURPASS DESKTOPS AS THE


MOST PREVALENT TOOL FROM A GLOBAL PERSPECTIVE

2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

37

Changing People

OF COLLEGE
STUDENTS

COLLEGE STUDENTS AND


YOUNG PROFESSIONALS

Air
Water
Food
Shelter
WiFi/Internet
CONSIDER THE INTERNET TO BE A FUNDAMENTAL
HUMAN RESOURCE

2014 Cisco and/or its affiliates. All rights reserved.

AND
OF YOUNG
EMPLOYEES

SAY THEY COULD NOT LIVE WITHOUT


THE INTERNET
Cisco Confidential

38

Why Cisco for Gigabit Wi-Fi / 802.11ac

Only AP manufacturer
that built their own
Radio ASIC

Most CPU and


Memory per AP in
the industry

Suite of High Client


and Access Point
Density
capabilities

Only Modular and


Future Proofed Access
Point in the industry

Unique Gigabit Wi-Fi / 802.11ac Access Point Design

2.4GHZ Radio

THE CISCO ADVANTAGE


CPU

More onboard CPU Processing and


Memory than any other Access Point
design in the industry with no price
premium over previous generations

DRAM (128)

5GHZ Radio

CPU

DRAM (128)

DRAM (512)
CPU

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

40

Cisco High Density Experience (HDX)

Turbo Performance
Improves the efficiency of airtime
utilization and channel capacity

Optimized Roaming
Intelligently determines the
optimum time to roam

Cisco CleanAir 80Mhz


Mitigates interference and improves
channel capacity

Cisco ClientLink 3.0


Improves legacy and 802.11ac
Client performance

Noise Reduction*
Enables Dense Access Point
Coexistence / implementation
*Future

Industries Most Comprehensive Gigabit Wi-Fi Portfolio


Best in Class
Modular

Mission Critical

High-Performance
Fixed

Fixed
802.11ac with HDX

M R34
802.11ac

802.11ac with HDX

802.11n with 802.11ac Module

ON-PREMISE

CLOUD MANAGED

Cisco Unified Access:


The Foundation For Connected Mobile Experiences
How It Works

DETECT

CONNECT

ENGAGE

GUEST PRESENCE

GUEST ACCESS

GUEST EXPERIENCE

Mobile devices and characteristics


detected before they enter the
venue

Seamless and secure Wi-Fi connectivity


Preferences, profile, device, and roaming

credentials identified

Highly relevant content and services


based on user attributes and realtime location

LOCATION ANALYTICS
Insights into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density, etc.

Imagine The Possibilities


Industry Use Cases

HOSPITALITY

RETAIL

Context-rich
notifications
Use of loyalty app
encouraged
In-venue high-value
shopper engagement

CONNECTED
TRAVELERS

CONNECTED
GUESTS

CONNECTED
CONSUMERS

TRANSPORTATION

Indoor maps with


featured attractions
Personalized thirdparty advertising
Special promotions

CONNECTED
PATIENTS

Better planning for high- Caf and gift shop


orders and delivery
traffic areas
Transportation updates, Maps and wayfinding
integrated into
indoor directions
patient apps
Third-party advertising
Nearby services
opportunities
notifications

EDUCATION

HEALTHCARE

CONNECTED
STUDENTS
Campus maps and
directions
Stadium sales and
athletic event
experience
Real-time bus maps

Analytics That Aid Business Decisions


Which Area Did People Spend Tim e In?

What Were the Peak Tim es


in the Venue?

Most Frequently Used Paths in the Venue

Are They New or Repeat


Custom ers?

Wi-Fi Stats:
Associated vs. Nonassociated Devices

Not All Gigabit Wi-Fi Solutions are Created Equal


802.11ac
with HDX

Optimized Wi-Fi Network


Improved Experience on ALL Devices
Cisco is the ONLY SOLUTION
with High-Definition Experience
Technology (HDX)

Increased Scale and Coverage


Support Bandwidth Intensive Apps.
Support More Devices Than 802.11n
Improved Device Power Efficiency

All Gigabit
Wi-Fi
Vendors

802.11ac

Transform Your
Network!

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

47

Branch and WAN Opportunity

Digital Innovation Overwhelming the Branch


MORE
USERS
Digital
Displays

Guest
WiFi

Omni-channel
Apps

SaaS Enterprise
Apps

HD
Video

MORE
APPS

Online
Training

80%
Of employee and
customers are served in
branch offices*

20-50%
Increase in Enterprise
bandwidth per year
through 2018**

BRANCH
Social
Media

OS
Updates

Mobile
Apps

*Tech Target, Branch Office Growth Demands New Devices., 2013


**Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2014 Update
*** Gartner: Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy DHoinne, 26 April. 2013.
2013-2014 Cisco and/or its affiliates. All rights reserved.

MORE
THREATS

30%
Of advanced threats will
target branch offices by
2016 (up from 5%) **
Cisco Confidential

49

Cisco Branch Strategy


SECURITY

Cisco Unified Access (UA)

Cisco Intelligent WAN (IWAN)

Connected Mobile Experiences

Converged Branch Infrastructure

LAN
Users

WAN

BRANCH

Data Centers/
Cloud

Cisco ACI

Automation, Orchestration,
Programmability

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

50

Cisco Strategy for Accelerating Branch Innovation


SECURITY

Cisco Unified Access (UA)

Cisco Intelligent WAN (IWAN)

LAN

WAN

Connected Mobile Experiences

Users

Converged Branch Infrastructure

BRANCH

Data Centers/
Cloud

Cisco ACI

Automation, Orchestration,
Programmability

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

51

Cisco Intelligent WAN Vision


UNCOMPROMISED EXPERIENCE OVER ANY CONNECTION

Any
User

Private
Cloud
Hybrid
Cloud

Any
Application

Public
Cloud

Align Infrastructure to Better Business Outcomes


Application
Experience
2013-2014 Cisco and/or its affiliates. All rights reserved.

Secure
Access

Lower
Costs

IT
Simplicity
Cisco Confidential

52

Introducing New IWAN Innovations


Elevating to an Application-Centric WAN
High Performance
Hybrid WAN

Secure Direct
Internet Access

Automate
WAN Provisioning

Internet
MPLS

3G/4
G

APP

Public
Cloud

App-aware services with


high performance; low cost
NEW

Intelligent Path Selection


Akamai Connect

365

Threat-centric services
elevate branch defense
NEW

Sourcefire IDS
CloudWeb Security

Centralized policy with


distributed enforcement
NEW

IWAN App with APIC


Open Ecosystem

Purpose-Built Branch Infrastructure: Cisco ISR 4000 Series


with Cisco ONE Software purchase options
2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

53

Application-Aware Services

Maximize Apps Experience and Bandwidth Use


Intelligent Path Selection
(PfRv3)

Akamai Connect

NEW
Now Shipping

Now Shipping

Internet
MPLS

3G/4G

ISR-AX

High Quality Experience


Over Any Connection

Enabling New
Digital Experiences

Simple application-based policies


One-touch, hub-only configuration

Intelligent web caching


Content prepositioning
Dramatically offloads WAN

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

54

Threat-Aware Services

Comprehensive Branch Threat Defense


Cloud Web Security with
Advanced Malware Protection

Sourcefire IDS on UCS-E


NEW

NEW
Limited Availability
2HCY2014

Available 1HCY15

Delivers Branch Defense

Secure Internet Access

99% protection against attacks


Most powerful detection software

Scale Internet edge to the branch


Address full attack continuum

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

55

Re-designed Architecture For Branch Agility


Service Aware
Data Plane
for Efficient traffic handling

Virtualized Services
Framework
Flexible virtualized application services

Converged Branch
with UCS E-Series

Cisco ISR 4000

Integrated network, compute, storage

Pay-as-You-Grow
Performance and services on demand

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

56

One Policy

Cisco Identity Services Engine (ISE)


NETWORK / USER
CONTEXT

Who

INTEGRATED PARTNER
ECOSYSTEM

What

When Where

How

Access Policy
Guest
Visitor

BYOD
Employee
User

2013-2014 Cisco and/or its


affiliates. All rights reserved.UNKNOWNS
MINIMIZE
NETWORK
REDUCE YOUR ATTACK SURFACE

CXO Level
Secure
Access

Compromised
Device

58
CiscoCONTROL
Confidential
ENFORCE THE RIGHT LEVEL OF ACCESS
CONTAIN MALICIOUS NETWORK THREATS

Role-Based Secure Access with ISE

Confidential
Patient Records

Who: Doctor
What: Laptop
Where: Office

Internal Employee
Intranet
Who: Doctor
What: iPad
Where: Office

Internet
Who: Guest
What: iPad
Where: Office

Acquires Important Context & Identity from the Network


Implements Context-Aware Classification & Policy
Provides Differentiated Access to the Network

Enterprise Mobility Management Integrations


Enforce True Device Compliance for All Mobile Devices
Sees unregistered devices on the network?

Sees ALL devices on the network

Forces EMM Policy Compliance?

Requires devices to comply with EMM policy

Keeps noncompliant devices off network?

Provides guest access to non-EMM devices

EMM
Secures Actual Device

SOLUTION

Cisco ISE
Secures Network Access

ISE + EMM
Together

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

60

One Management

Cisco
Prime!

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

62

Cisco Prime Infrastructure

Realizing the Vision of One Management


Lifecycle
Converged
management
with integrated best
practices

Data Center

Assurance

Simplified operations
management

Campus Branch to DC
2013-2014 Cisco and/or its affiliates. All rights reserved.

End-to-end application
experience and visibility

Day 0 to Day N

Application-Centric
Cisco Confidential

63

Wireless Management

Get Comprehensive Configuration and Operational Productivity


Network Configuration

Network Health

Troubleshooting

Discovery, inventory, SWIM,


compliance PSIRT

Maps-based planning for access


point placement

End-user troubleshooting
authentication and access

Controller and access point


deployment, configuration audit

Sites and virtual domains

Rogue, security, voice audit, mesh

Users and devices, and


applications

Network configuration, guest


access, RRM

Performance reporting and fault


management

Client tracking

Visualization of users, rogues,


interferers through maps

Integration with
ISE

Cisco

MSE and

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

64

Switch Management with Cisco Prime Infrastructure


Network Configuration and Health
Fault
Plug and
Play (New
device in
network)

Lifecycle
Management

Discovery
and
Inventory

Configura
tion
Archive
and SWIM

Platforms
Supported

Managem
ent
(Syslog
and Trap
Processing
)

CAT2960

EEM

Trustsec
Work
Center

Wireshark

Quality of
Service

CAT
3560,
3650,
3750,
3850

Performa
nce
Managem
ent

CAT4500

User
Tracking

Configura
tion
(Features:
ACL,
VLAN,
etc)

CAT
6500,
CAT6800

EoL/EoS
Reports

Network and Application Assurance


2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

65

Router Management with Cisco Prime Infrastructure


Network Configuration and Health
Lifecycle
Management

Plug and
Play (New
device in
network)

Discovery
and
Inventory

ISR
800
Series

Platforms
Supported

IWAN
Management

Configurati
on Archive
and SWIM

DM-VPN

AVC
Visibility
and
Performanc
e

Performanc
e Routing

Fault
Manageme
nt (Syslog
and Trap
Processing)

ISR G1
Series

Quality of
Service

Configurati
on
(Features:
VPN, ACL,
VLAN, etc)

Performanc
e
Manageme
nt

ISR G2
1900
2900
3900

ISR
4300
4400

Zone based
firewall

ASR
1000
Series

WAAS

Network and Application Assurance


2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

66

Simplified IWAN Management

Guided Workflow to
help design and deploy
IWAN on your branch
or hub

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

67

Prime Infrastructure Highlights Application Experience


Service Health Dashboard for Sites, Users and Applications
Automated Baselining

Proactive Performance Troubleshooting

Service Health Dashboard

AVC Configuration for ISR/ASR

One-click AVC Configuration

AVC Monitoring Customization

NBAR2 Custom Applications


Embedded Packet Capture for ASR
Top URL/Domain Views

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

68

Network as Enforcer

You Cant Protect What You Cant See


The Network Gives Deep and Broad Visibility

0101
0100
1011

0101
0100
1011

0101
0100
1011

0101
0100
1011

2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

70

NetFlow The Heart of Network as a Sensor


Example: NetFlow Alerts With Lancope StealthWatch
Network Scanning

Botnet Detection

TCP, UDP, Port Scanning Across Multiple Hosts

When Inside Host Talks to Outside C&C Server


for an Extended Period of Time

Denial of Service

Fragmentation Attack

SYN Half Open; ICMP/UDP/Port Flood

Host Sending Abnormal # Malformed Fragments.

Host Reputation Change

Worm Propagation

Inside Host Potentially Compromised or


Received Abnormal Scans or Other Malicious Attacks

Worm Infected Host Scans and Connects to the Same Port Across
Multiple Subnets, Other Hosts Imitate the Same Above Behavior

Data Exfiltration
Large Outbound File Transfer VS. Baseline
2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

71

What is the StealthWatch System?

The StealthWatch System . . .

Collects and analyzes NetFlow data and brings it together with user
information, application awareness, and other security context to provide
pervasive visibility and security intelligence across the network.

StealthWatch helps organizations:

Accelerate incident identification and response.


Improves forensic investigations.
Reduces overall enterprise risk.

2013-2014 Cisco and/or its affiliates. All rights reserved.

1/30/2

Cisco Confidential

72

72

Use Case Defense against Data Breaches


Anatomy of a Data Breach
Network as Enforcer

Perimeter
(Inbound)

Infiltration and
Backdoor establishm ent

Reconnaissance and
Netw ork Traversal

enterprise network
C2 Server

Attacker

Data
Exfiltration

Admin Node

Perimeter
(Outbound)
2013-2014 Cisco and/or its affiliates. All rights reserved.

Exploitation and
Privilege Elevation

Staging and
Persistence (Repeat 2,3,4)
Cisco Confidential

73

What Can the Network Do for You?


Network as Sensor

Detect Anomalous Traffic Flows, Malware

e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration

Detect App Usage, User Access Policy Violations


e.g. Maintenance Contractor Accessing Financial Data

Detect Rogue Devices, APs and More

e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach


2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

74

Conclusion

Cisco Unified Access Portfolio

Robust Converged Wired And Wireless Solution


Cisco Unified Access
One Policy

One Network
Co ntrollers and Converged Access Switches: Common OS, UADP ASIC

Cis co Identity Services Engine (ISE)


En try-level
S witches

MDM

SIEM

S ta ckable Switches

2960X/XR

4500-E w/Sup. 8 -E

Access P oints

One Management
Cis co Prime Infrastructure

3650

38 50

S witching P latform

S ma ll to Midsize
En terprise

1600

Fe a ture-Optimized
En terprise

2600

M idsize to Large
En terprise

3600

H igh-Density
En terprise

Lo w
P rofile

La r ger
D e ployments

3700 w/HDX

1530

1550

Conclusion

Thank You and Next Steps

Contact Your Cisco Partner


www.

https://tools.cisco.com/WWChannel
s/LOCATR/performBasicSearch.do

Brian Avery
bravery@cisco.com
Learn more at:
http://www.cisco.com/go/unifiedaccess

Join us again for a future Cisco Customer Education Event

CCE sessions are held weekly on a variety of topics

CCE sessions can help you understand the


capabilities and business benefits of Cisco
technologies

Watch replays of past events and register for


upcoming events!

Visit http://cs.co/cisco101 for details