Cisco Spark Cloud and On Premise · Identity Service Spark Service 1) User enters 16 digit...

Cisco SparkCloud and On Premise Security Explained

Tony Mulchrone

Technical Marketing Engineer

Cisco Collaboration Technology Group

BRKCOL-2030

copy 2018 Cisco andor its affiliates All rights reserved Cisco Public

Cisco Spark

Questions Use Cisco Spark to communicate with the speaker after the session

1 Find this session in the Cisco Live Mobile App

2 Click ldquoJoin the Discussionrdquo

3 Install Spark or go directly to the space

4 Enter messagesquestions in the space

How

cscociscolivebotBRKCOL-2030

Spark Cloud Securityand Hybrid Data Security


bull Introduction ndash Spark Cloud Security

bull Realms of Separation

bull Identity Obfuscation

bull Synchronizing User IDs with the Spark Cloud amp Single Sign On Support

bull Secure App and Device Connections

bull Cloud based Data Security and Data Services

bull Secure Messages and Content

bull Secure Search and Indexing

bull E-Discovery Services

bull Customer controlled Security

bull On Premise ndash Hybrid Data Security

bull Key Management Server Federation

bull Deployment Considerations

Agenda

BRKCOL-2030 5


Spark Cloud Security - Realms of Separation

Identity Service Content Server

Key Mgmt Service Indexing Service E-Discovery Service

Spark logically and physically separates functional components within the cloud

Identity Services holding real user Identity (eg email addresses)

are separated from

Encryption Indexing and E-Discovery Services

which are in turn separated from

Data Storage Services

Data Center A Data Center B Data Center C

6


Realms of Separation ndash Identity Obfuscation




8BRKCOL-2030





Outside of the Identity Service - Real Identity information is obfuscated

For each User ID Spark generates a random 128-bit Universally Unique

Identifier (UUID) = The Userrsquos obfuscated identity

No real identity information transits the cloud


htzb2n78jdbc9e

9BRKCOL-2030


Spark ndash User Identity Sync and Authentication

Directory

Sync

User Info can be

synchronized to Spark

from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized

Scheduled sync tracks

employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or

2) Uses SSO for Auth

Identity Service

10BRKCOL-2030


Spark ndash SAML SSO Authentication

Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their

existing SSO solution

Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20

See Notes for list of

supported IdPs

Identity Service

IdP

11BRKCOL-2030


Spark App ndash Cloud connection

Spark Service

IdP

Identity Service

1) Customer downloads and installs Spark

App (with Trust anchors)

2) Spark App establishes a secure TLS

connection with the Spark Cloud

3) Spark Identity Service prompts User for an

e-mail ID

4) User Authenticated by Spark Identity

Service or the Enterprise IdP (SSO)

5) OAuth Access and Refresh Tokens created

and sent to Spark App

bull The Access Tokens contain details of the

Spark resources the User is authorized to

access

5) Spark App presents its Access Tokens to

register with Spark Services over a secure

channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


Spark Device ndash cloud connection

Spark ServiceIdentity Service

1) User enters 16 digit activation code

received via e-mail from the Spark

provisioning service

2) Device authenticated by Identity

Service (Trust anchors sent to device

and secure connection established)

3) OAuth Access and Refresh Tokens

created and sent to Spark Device

bull The Access Tokens contain details of

the Spark resources the User is

authorized to access

5) Spark Device presents its Access

Tokens to register with Spark

Services over a secure channel

18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030

Cloud Based Security and Data Services

Cloud Based Security Secure Messages and Content


Content Server Key Mgmt Service

Spark - Encrypting Messages and Content

Spark App request a

conversation encryption key

from the Key Management

Service

Any messages or files sent by

an App are encrypted before

being sent to the Spark Cloud

Each Spark Room uses a

different Conversation

Encryption key

Key Management Service

25BRKCOL-2030




Spark App request a



Service






Encryption key


AES256-GCM cipher used for Encryption 26BRKCOL-2030


Encrypted messages sent by the

App are stored in the Spark

Cloud and also sent on to every

other App in the Spark Room

Key Mgmt ServiceContent Server

Spark - Decrypting Messages and Content

If needed Spark Apps can

retrieve encryption keys from the



The encrypted message also

contains a link to the


27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030

Cloud Based Security Secure Search and Indexing


Indexing ServiceContent Server Key Mgmt Service

Searching Spark Rooms Building a Search Index

The Indexing Service

Enables users to search for

names and words in the

encrypted messages stored

in the Content Server without

decrypting content

A Search Index is built by

creating a fixed length hash

of each word in each

message within a Room

Indexing Service

The hashed indexes for each

Spark Room are stored by

the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service

A new (SHA-256 HMAC) hashing key (Search Key) is used for each room

Search Service



Searching Spark Rooms Querying a Search IndexSearch for the word ldquoSparkrdquo

App sends search request

over a secure connection to

the Indexing Service

The Search Service

searches the for a match in

the hash tables and returns

matching content to the

App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

The Indexing Service uses

Per Room search keys to

hash the search terms

Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48

Spark IS the Message




A link to Conversation Encryption Key is sent with encrypted message

Search Service

33

Cloud Based Security E Discovery Services


Spark Control Hub

Indexing Service


Spark E-Discovery Service (1)

Compliance Officer selects

a group of messages and

files to be retrieved for E-

Discovery eg based on

date range content type

username(s)

The Content Server returns


E-Discovery Service

Hash

Algorithm

Indexing Service


requests a search of related

hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage

E-Discovery ServiceContent Server Key Mgmt Service


The E-Discovery Service

Decrypts content from the

Content Server then

compresses and re-

encrypts it before sending it

to the E-Discovery Storage

Service

The E-Discovery Storage

Service

Sends the compressed and

encrypted content to the

Administrator on request

E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Jo Smithrsquos Messages

and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030

Customer Controlled Security Hybrid Data Security

Part of Pro Pack for Cisco Spark Control Hub


Secure Data Center

Content Server

Key Mgmt Service

Spark ndash Hybrid Data Security (HDS)

E-Discovery ServiceIndexing Service

41BRKCOL-2030


Secure Data Center

Content Server


Hybrid Data Security

Hybrid Data Services

=

On Premise

Key Management Server

Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service

Hybrid Data Security traffic and Firewalls



make outbound

connections only from the

Enterprise to the Spark

cloud using HTTPS and

Secure WebSockets (WSS)

No special Firewall

configuration required

FirewallHybrid Data Security

43BRKCOL-2030


Secure Data Center

Content Server

The Hybrid Data Security is

managed and upgraded from

the cloud

Customerrsquos can access

usage information for the HDS

Servers via the Spark Control

Hub

Multiple HDS servers can be

provisioned for

Scalability amp Load Sharing

Key Mgmt ServerKey Mgmt Service

Hybrid Data Security - Scalability





Secure Data Center

Content Server Key Mgmt Server

Spark ndash Hybrid Data Security Key Management

The Hybrid Key Management

Server performs the same

functions as the Cloud based


Now all of the keys for

messages and content are

owned and managed by the

Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service


HDS - Encrypting Messages amp Content


46BRKCOL-2030


Secure Data Center

Key Mgmt Service



Spark Apps request an encryption

key from the HDS Key

Management Server

Any messages or files sent by an

App are encrypted before being

sent to the Spark Cloud

Encrypted messages and content

stored in the cloud


Encryption Keys stored locally

47BRKCOL-2030


Secure Data Center

Key Mgmt Service



HDS - Decrypting Messages amp Content

48BRKCOL-2030


Secure Data Center

Key Mgmt Service

Encrypted messages from Apps

are stored in the Spark Cloud

Key Mgmt Service

message

Content Server

If needed Spark Apps can retrieve

encryption keys from the HDS Key

Management Server


These messages are sent to every

other App in the Spark Room and

contain a link to their encryption

key on the HDS Key Management

Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service

Hybrid Data Security Node

App to Cloud TLS connection App to HDS TLS connection

Spark Service

Hybrid Data Security ndash Secure App Connections

Spark Apps establish a

direct TLS connection to

the On Premise HDS node

and KMS service

This encrypted peer to

peer session traverses the

Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service

The Indexing Service Enables

users to search for names and

words in the encrypted

messages stored in the Content

Server without decrypting

content

Indexing Service

Hybrid Data Security Search Indexing Service

Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service

A new hashing key (Search Key) is used for each room


Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service

Hybrid Data Security Querying a Search IndexSearch for the word ldquoSparkrdquo

The Indexing Service sends

a hashed index of the Apprsquos

search request to the

Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48


A link to Conversation Encryption Key is sent with the encrypted message

Search Service

54


Secure Data Center

Indexing Service

Content Server

Spark E-Discovery Service (1)Indexing Service

Key Mgmt ServiceE-Discovery Service

Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server


Jo Smithrsquos ContentJo Smithrsquos ContentJo Smithrsquos Content


Spark Control Hub

Hash

Algorithm



E-Discovery Service


hashed search criteria to

the Search Service

Search Service


Secure Data Center


Spark Control Hub

E-Discov StorageContent Server


Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then

compresses and re-encrypts it

before sending it to the E-

Discovery Storage Service

E-Discovery Storage Service




Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service

Customer Controlled Security Key Management Server Federation


Key Mgmt ServiceKey Mgmt Service


HDS Encryption Keys amp Users in other Organizations

Organization A Organization B60


message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content




Organization A Organization B

message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61




HDS Key Management Server Federation


messagemessage

62


Hybrid Key

Management

Servers in different

Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63






message messagemessage

64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on

behalf of their Users

message message

65

Customer Controlled Security HDS Deployment Considerations


Secure Data Center A

HDS System Architecture

vSphereHybrid Data Services Node (VM)

Docker

ECP Mgmt

Container

HDS

Containers

Hybrid Data Services Node (VM)

Docker

ECP Mgmt

Container

HDS

ContainersHDS Cluster

Config File

IDE

Mount

IDE

Mount

ECP (Enterprise Compute Platform) Management containers which communicate with the cloud and perform actions such as

sending health checks and checking for new versions of HDS

HDS (Hybrid Data Security) Key Management Server Search Indexer and eDiscovery Services

HDS Cluster Config An ISO file containing configuration information for the local HDS cluster eg Database connection

settings Database Master Encryption key etc

IDE Mount Mount point of the read-only HDS Cluster Config ISO file containing the configuration settings for HDS system

Customer Provided Services

Postgres

DatabaseSyslogd

Database

Back Up

System Back Up


BYO VM for deploying the HDS appliance Postgres Database and syslogd servers

Customer manages backup and recovery of the Postgres Database and the local configuration ISO

Customer should perform quick disaster recovery in the event of a catastrophe (complete database disk failures datacenter disaster)

HDS application nodes and database need to be co-located in the same data center

A HDS Deployment requires significant customer commitment and an awareness of the risks that come with owning encryption keyshellip

Complete loss of either the configuration ISO or the Postgres Database will result in loss of the decryption keys stored in HDS This will prevent users from decrypting space content and other encrypted data If this happens an empty HDS can be restored however only new content will be visible

HDS Deployment Considerations

68BRKCOL-2030


HDS Install PrerequisitesSee prerequisites in httpswwwciscocomgohybrid-data-security

X509 Certificate Intermediates and Private Key

PKI is used for KMS to KMS federation (Public Key Infrastructure)

Common Name signed by member of Mozzila Trusted Root Store

No SHA1 signatures

PKCS12 format

2 ESXi Virtualized Hosts Min 2 to support upgrades 3 recommended 5 max

Minimum 4 vCPUs 8-GB main memory 50-GB local hard disk space per server

kmsciscocom easily supports 15K users per HDS

1 Postgres 961 Database Instance (Key datastore)

8 vCPU 16 GB RAM 2 TB Disk User created with createuser Assigned GRANT ALL PRIVILEGES ON database

1 Syslog Host

hostname and port required to centralize syslog output from the three HDS instances and management containers

A secure backup location

The HDS system requires organization administrators to securely backup two key pieces of information 1) A

configuration ISO file generated by this process 2) The postgres database Failure to maintain adequate backups will

result in loss of customer data See ltSection on Disaster Recoverygt

Network

Outbound HTTPS on TCP port 443 from HDS host

Bi-directional WSS on TCP port 443 from HDS host

TCP connectivity from HDS host to Postgres database host syslog host and statsd host

HTTPS proxies are unsupported

69BRKCOL-2030

Cisco Spark and Enterprise Network Security


bull VLANs

bull Switch Port VLAN configuration and device requirements

bull Firewalls

bull Whitelists for Spark Apps devices and Services

bull Media support ndash UDPTCPHTTP

bull HTTP Proxies

bull Proxy Types and Proxy Detection

bull Proxy Authentication Methods (Basic NTLM Negotiate Kerberos) Auth Bypass

bull Proxy TLS HTTPS traffic inspection ndash Certificate Pinning

bull 8021X ndash Authentication Methods EAP-FAST EAP-TLS MAC Address Bypass

Agenda

BRKCOL-2030 71

Cisco Spark Cloud Access Enterprise VLANs


Connecting from the Enterprise - VLANsHow are the switch ports configured

Minimum Enterprise Network Requirements

Internet Access

DHCP DNS server access

Internal TCP connectivity and ICMP to devices for support

bull Single static untagged VLAN

bull Dynamic VLAN assignment based on CDPLLDP TLV values

bull Multiple static VLANs (eg Data VLAN amp Aux VLAN) ndash

8021Q VLAN tagging required for the Auxiliary VLAN

73BRKCOL-2030


Network Capabilities Spark Devices ndash CDPLLDP 8021QSpark Device Protocol Software Train CDP

LLDP

8021Q Ethernet

PC Port

Granular Configuration

Windows Mac

iOS Android

Web

HTTPS WME No No NA NA Static Untagged (Data) VLAN

DX HTTPS Room OS Yes No Yes Yes Dynamic VLAN assignment

8021Q Tagging Connected PC

supported

SX HTTPS Room OS Yes No Yes No Dynamic VLAN assignment

8021Q Tagging

MX HTTPS Room OS Yes No Yes No Dynamic VLAN assignment

8021Q Tagging

Room Kits HTTPS Room OS Yes No Yes No Dynamic VLAN assignment

8021Q Tagging

Spark Board HTTPS Spark Board OS Yes No Yes No Dynamic VLAN assignment

8021Q Tagging

74BRKCOL-2030

Cisco Spark Cloud Access Enterprise Firewalls


Connecting from the Enterprise - Firewalls

Whitelisted Ports and Destinations

Media Port Ranges

Source UDP Ports Voice 52000 - 52099 Video 52100- 52299

Source TCP HTTP Ports Ephemeral (=gt No DSCP re-marking)

Destination UDP TCP HTTP Port 5004 5006

Destination IP Addresses Any

bull Spark Desk and Room Devices

bull Spark Apps

bull See following slides for details

Signalling

Media

76BRKCOL-2030


Voice and Video Classification and MarkingPort Range Summary ndash Endpoints and Apps

Audio

52000-52099

Spark Apps Spark Devices

Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030


Spark Applications Network Port and Whitelist RequirementsSpark Device Protocol Source Ports Destination

Ports

Destination Function

Spark applications

Windows

Mac

iOS

Android

Web

UDP Voice 52000 ndash 52049

Video 52100 ndash 52199

5004 amp

5006

Any IP Address SRTP over UDP to Spark Cloud Media

Nodes

TCP Ephemeral 5004 amp

5006

Any IP Address SRTP over TCP or HTTP to Spark Cloud

Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS

Spark Identity Service

OAuth Service

Core Spark Services

Identity management

Core Spark Services

Content and Space Storage

Anonymous crash data

Anonymous Analytics


Mobile Apps only - Ad Analytics

Web Apps only - Analytics

Web Apps only - Telemetry

Web Apps only - Metrics

78BRKCOL-2030


Spark Devices Network Port and Whitelist RequirementsSpark Device Protocol Source Ports Destination

Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006

Any IP Address SRTP over TCP to Spark Cloud Media

Nodes (Not Spark Board)

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics


Sparkboard (firmware updates)

UDP Ephemeral 123 2androidpoolntporg Sparkboard ndash NTP Time Sync

79BRKCOL-2030



Media Port Ranges

Source UDP Ports Voice and Video 33434 - 33598

Source TCP HTTP Ports Ephemeral ( =gt No DSCP re-marking)

Destination UDP TCP HTTP Port 5004


Hybrid Media Node (HMN)

bull Can be used to limit source IP address range to HMNs only

bull Hybrid Media Node Source UDP ports for voice and video are different to

those used by endpoints ndash Used for cascade links to the Spark Cloud

bull Voice and Video use a common UDP source port range 33434 - 33598

Signalling

Media

80BRKCOL-2030



Hybrid Data Security Node (HDS)

bull Key Management Service

bull Indexing (Search) Service

bull E-Discovery Service

Signalling

Media


bull HDS Signaling Traffic Only

bull Outbound HTTPS and WSS Signaling Only

81BRKCOL-2030


HMN and HDS Nodes Network Port and Whitelist Requirements

Spark Device Protocol Source Ports Destination

Ports


Hybrid Media

Node (HMN)

UDP Voice and Video use a

common UDP source

port range

33434 - 33598

5004

Cascade

Destination

Any IP Address Cascaded SRTP over UDP

Media Streams to Cloud Media

Nodes

TCP Ephemeral 5004

Cascade

Destination

Any IP Address Cascaded SRTP over

TCPHTTP Media Streams to

Cloud Media Nodes

TCP Ephemeral 123 53 444 Any NTP DNS HTTPS

TCP Ephemeral 443 wbx2com

idbrokerwebexcom

HTTPS Configuration Services

Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio

Outbound HTTPS and WSS

82BRKCOL-2030


What do we send to Third Party sitesSite Apps that Access It What is sent there User

PII

Anonymized

Usage info

Encrypted

User

Generated

Content

awscom Win Mac iOS Android

Web Spark Board

Encrypted files for Spark file sharing

Part of Rackspace content system

N N Y

rackcdncom Win Mac iOS Android

Web Spark Board



N N Y

mixpanelcom Win Mac iOS Android

Web

Anonymous usage data N Y N

appsflyercom iOS Android Anonymous usage data related to

onboarding

N Y N

adobedtmcom Web Anonymous usage data N Y N

omtrdcnet Web Anonymous usage data N Y N

optimizelycom Web Anonymous usage data for AB

testing

N Y N

83BRKCOL-2030

Cisco Spark Cloud Access Enterprise Proxies


bull Proxy Address given to DeviceApplicationhelliphelliphellip

Connecting from the Enterprise - Proxy Types

Proxy Types

bull Transparent Proxy (DeviceApplication is unaware of Proxy existence)

bull In Line Proxies (eg Combined Proxy and Firewall)

bull Traffic Redirection (eg Using Cisco WCCP)

Signalling

UDP Media

HTTPHTTPS traffic only sent to the Proxy server eg

Destination ports 80 443 8080 8443

85BRKCOL-2030


bull Proxy Detection (Proxy Address given to DeviceApplication)

Connecting from the Enterprise ndash Proxy Detection

bull Manual Configuration

bull Auto Configuration

bull Web Proxy Auto Discovery (WPAD)

bull Proxy Auto Conf (PAC) filesProxy

Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030


Network Capabilities Spark Devices ndash Proxy Detection

Spark Device Protocol Software Train Proxy Detection Granular Configuration

Windows Mac

iOS Android

Web

HTTPS WME Yes Manual

Yes PAC Files

Manually Configure Proxy

Address or Use WPAD and PAC

files (or Windows GPO)

DX HTTPS Room OS Yes Manual using Web access Configure Proxy Address via

device Web interface

SX HTTPS Room OS Yes Manual using Web access Configure Proxy Address via


MX HTTPS Room OS Yes Manual using Web access Configure Proxy Address via


Room Kits HTTPS Room OS Yes Manual using Web access Configure Proxy Address via


Spark Board HTTPS Spark Board OS Yes Manual Configuration Manual Configuration of Proxy

Address

87BRKCOL-2030


bull Proxy Authentication

Connecting from the Enterprise ndash Proxy Authentication

bull Proxy intercepts outbound HTTP request

bull Authenticates the User (Username amp Password)

bull Authenticated Userrsquos traffic forwarded

bull Unauthenticated Userrsquos traffic droppedblocked

Signalling

UDP MediaProxy Authentication is not mandatory

Many Enterprises do No Authentication

88BRKCOL-2030


bull Basic Authentication

Common Proxy Authentication Methods

bull NTLMv2 Authentication

bull Negotiate Authentication

bull Kerberos

Signalling

UDP Media

bull Digest Authentication

89BRKCOL-2030



Proxy Authentication Methods ndash Basic Authentication

bull Uses standard HTTP Headers

bull Username and Password Base64 encoded

bull Username and Password are NOT

encrypted or hashed

bull Basic Username and Password challenge for devices

bull ie Devices are not Users (no human interaction)

bull Create one account (eg LDAP account) for all devices

bull Create an account per device

bull No Password Expiration

Signalling

UDP Media

90BRKCOL-2030


Proxy Authentication Methods ndash Digest Authentication






Signalling

UDP Media



bull Username and Password are not sent

bull A Hash of the Username and Password is

sent instead

91BRKCOL-2030


bull NT LAN Manager (NTLM) Authentication

Proxy Authentication Methods ndash NTLMv2

bull Microsoft ChallengeResponse AuthN protocol

bull Username sent in plain text

bull ChallengeNonce sent from the server

bull Password hash used to encrypt the

challenge and return it to the server

bull Password hashed but not sent

bull Username and Password challenge for devices


bull Create one account (AD account) for all devices

bull Or create an account per device


Signalling

UDP Media

92BRKCOL-2030


Proxy Authentication Methods ndash NegotiateIWA (Windows Only)


bull Microsoft implementation of SPNEGO

bull Simple and Protected GSSAPI Negotiation

Mechanism (Generic Security Service API)

bull Kerberos or fallback to

bull NTLM

bull Negotiates the use of either

bull Windows based Username and Password challenge for devices





Signalling

UDP Media

IWA - Integrated Windows Access

93BRKCOL-2030


bull Kerberos Authentication

Proxy Authentication Methods ndash Kerberos

bull Strongest Security

bull Client Authentication Key Distribution Service

Ticket Granting Service Application Server

bull Encrypted communication based on shared Secrets

bull Client authenticates with the Authentication service

bull Once authenticated receives a Tickets Granting Ticket (TGT)

bull Client requests access to a service (eg the Proxy) by presenting the TGT to

the Ticket Granting Service ndash the TGS authenticates the client and returns an

encrypted Service Ticket

bull The Client presents the Service Ticket to Proxy which validates the user

(using the shared secret)

bull HTTPS connection proceeds

Signalling

UDP Media

94BRKCOL-2030


Proxy Authentication Bypass Methods

Manually Configure Proxy Server with

bull Device IP Address

IP Address 101002001

Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

bull Whitelisted Destinations (eg ciscosparkcom)

95BRKCOL-2030


Network Capabilities Spark Devices ndash Proxy Authentication

Spark Device Protocol Software Train Proxy Authentication Granular Configuration

Windows Mac

iOS Android

Web

HTTPS WME No Auth - Yes

Basic - Yes

Digest - Planned

NTLM - Yes (Windows)

Kerberos ndash No

No Auth (iOS and Android in EFT)

Basic (iOS and Android in EFT)

DXSXMX HTTPS Room OS No Auth ndash Yes

Basic ndash Q1 CY 2018

Digest - Yes

Room Kits HTTPS Room OS No Auth ndash Yes


Digest - Yes

Spark Board HTTPS Spark Board OS No Auth ndash Yes

Basic ndash Yes

Digest - Yes

96BRKCOL-2030


Proxy TLSHTTPS Inspection ndash Non Spark Apps (1)

Signalling

UDP Media

97BRKCOL-2030


bull HTTPSTLS Inspection


Private CA Root Certificate sent to client

Signalling

UDP Media

98BRKCOL-2030




bull Private CA signed Certificate sent to client on connection establishment

bull Client compares Private CA Root Cert with those received in Cert Chain

bull If they match ndash accept and proceed with the TLS connection

Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030




bull Proxy starts new HTTPSTLS connection to WebCloud Service

bull Proxy receives Certificate from WebCloud Service

bull Proxy uses the Certificate to establish Secure TLSHTTPS connection

bull Proxy can now Decrypt Inspect and Re-Encrypt session traffic

Signalling

UDP Media

101BRKCOL-2030


Proxy - No HTTPS Inspection ndash Spark Certificate Pinning

Signalling

UDP Media

102BRKCOL-2030


bull Certificate Pinning


Certificate Pin =

SHA 256 Hash of CA Root Certificate Public Key

VjLZep3WPJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=

Signalling

UDP Media

103BRKCOL-2030




bull CA signed Cisco Spark Certificate sent by HTTPSTLS server

bull App creates a hash of the Certrsquos Public Key


bull App compares the hash with the Certificate Pin in its Trust Store

Signalling

UDP Media

104BRKCOL-2030


Proxy - HTTPS Inspection ndash Spark Certificate Pinning

Signalling

UDP Media

105BRKCOL-2030




bull Proxy sends Private CA signed Certificate during HTTPSTLS set up

bull App creates a hash of the Private CA signed Certrsquos Public Key

bull They DO NOT Match TLS connection terminated


Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030


HTTPS Inspection ndash Spark Apps Cert Pinning Fix

Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media

Private CA Cert copied to App OS Trust Store

109BRKCOL-2030





bull Spark App checks to see if a copy of the Private CA Cert exists in

the OS Trust Store

bull Proceed with TLS connection

bull If the Cert exists ndash skip Certificate pinning process

bull HTTPSTLS Inspection possible

Signalling

UDP Media


110BRKCOL-2030


HTTPS Inspection ndash Spark Devices Cert Pinning Fix

Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media

Private CA Cert copied to Spark Cloud

112BRKCOL-2030





bull Client creates a hash of the Private CA signed Certrsquos Public Key

bull They DO Match Proceed with TLS connection

bull Client compares the hash with the Certificate Pin in its Trust Store


Signalling

UDP Media


113BRKCOL-2030


Network Capabilities Spark Devices ndash HTTPS Inspection

Spark Device Protocol Software

Train

Supports TLS HTTPS

Inspection

Cert Validation Method

Windows Mac

Web

HTTPS WME Yes WinMacBrowser If Enterprise Certificate exists then

bypass Certificate Pinning process

iOS Android HTTPS WME No iOS Android HTTPS Inspection By-Pass

DX HTTPS Room OS Yes ndash Requires Per Org

Config of Identity Service

Load Private CA Certs in Spark Service

Download Trust List with Private Certs

SX HTTPS Room OS Yes ndash Requires Per Org




MX HTTPS Room OS Yes ndash Requires Per Org




Room Kits HTTPS Room OS Yes ndash Requires Per Org




Spark Board HTTPS Spark Board

OS

No (Planned Q1 CYrsquo18) HTTPS Inspection By-Pass

114BRKCOL-2030

Cisco Spark Cloud Access Network Access Control 8021X


Connecting from the Enterprise ndash 8021XAuthentication

Server

116BRKCOL-2030


Connecting from the Enterprise ndash 8021X

8021X Operation

bull Switch port network access restricted

bull Client presents credentials to Authentication Server

bull After successful Authentication ndash switch port configured for the

Device eg VLAN(s) ACLs

Authentication

Server

117BRKCOL-2030


8021X Network Authentication Methods

Authentication

Server

118BRKCOL-2030




bull There are many optionshellip

bull Two key Authentication methods

bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030


8021X Network Authentication EAP-FAST

Authentication

Server

120BRKCOL-2030



8021X Extensible Authentication Protocol - FAST

bull Flexible Authentication via Secure Tunneling

bull Username and Password based

bull Does not require Certificates

Authentication

Server

121BRKCOL-2030


8021X Network Authentication EAP-TLS

Authentication

Server

122BRKCOL-2030



8021X Extensible Authentication Protocol - TLS

bull Transport Layer Security

bull Requires Digital Certificates

bull Mutual Client - Server Authentication

Authentication

Server

123BRKCOL-2030


8021X Fallback - MAC Address Bypass (MAB)

Authentication

Server

124BRKCOL-2030



Bypasses 8021X Authentication Mechanisms

bull Uses the Device MAC Address

bull Commonly used for Non 8021X capable devices

bull MAC address manually entered into Auth Server

Authentication

Server

Device 1125BRKCOL-2030


Network Capabilities Spark Devices ndash 8021XSpark

Device

Protocol Software

Train

EAP-FAST EAP-TLS MIC Non

CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web

HTTPS WME Wi-Fi - Yes

Wired -

Yes

Wi-Fi - Yes

Wired - Yes

NA Yes Yes Manually Install LSC

(Windows GPO Mac ndash

Configuration Profiles)

DX HTTPS Room OS Wi-Fi - Yes

Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based

Install Enterprise LSC via

device Web Interface

SX HTTPS Room OS Wired -

Yes

Wired ndash

Yes

No Yes Yes

Web Based



MX HTTPS Room OS Wired -

Yes

Wired ndash

Yes

No Yes Yes

Web Based



Room Kits HTTPS Room OS Wi-Fi - Yes

Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based



Spark Board HTTPS Spark

Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)

Use MAC Address By-Pass

126BRKCOL-2030

Cisco Spark Cloud Access Summary


Spark Device Configuration Recommendations

1) Determine your customerrsquos network environment

bull Switch port configuration

bull VLANs

bull Firewall Deployment

bull Proxy Type

bull Proxy Feature Usage

2) Check the capabilities of the Spark devices you plan to deploy and use the features as

required

3) For Spark devices that do not support specific features today

bull There are bypass methods available

bull Feature support is coming soon

128BRKCOL-2030

Cisco Spark Cloud Access Roadmap


Spark Device Configuration Roadmap

Configuration of all Spark devices via the Spark Control Hub

Use a staging VLAN with internet access ndash Proxy and Firewalls

allow all Spark connections

Onboard device ndash UsernamePassword Activation Code

Cisco Spark cloud downloads Device Configuration information

and Trust Anchors

130BRKCOL-2030


Cisco Spark






How



bull Please complete your Online Session Evaluations after each session

bull Complete 4 Session Evaluations amp the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

bull All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Donrsquot forget Cisco Live sessions will be available for viewing on-demand after the event at wwwciscolivecomglobalon-demand-library

Complete Your Online Session Evaluation


Continue Your Education

bull Demos in the Cisco campus

bull Walk-in Self-Paced Labs

bull Tech Circle

bull Meet the Engineer 11 meetings

bull Related sessions

133


Design and Deployment Best Practices for Cisco Collaboration

httpswwwciscocomgopa

Three preferred architectures (PAs) covering a wide range of customer deployment types and sizes

raquo On-Premises (Enterprise Midmarket)

raquo Cloud (Midmarket)

raquo Hybrid (Enterprise)

Versions aligning with major Collaboration System Releases

(CSRs) 9x 10x 11x and 12x

httpswwwciscocomgosrnd

Coming soon Target Q1 CY2018

What you would tell your best friend

if they asked you how to design their

Cisco collaboration deployment

Preferred Architectures (PA)

Prescriptive design and deployment best

practices within a well-defined architecture

containing common Cisco collaboration

portfolio components

Collaboration Solution Reference Network Design (SRND)

Design guidance across the Cisco

collaboration portfolio with a focus on

enterprise on-premises deployments

Thank you


Cisco Spark






How

















Agenda

BRKCOL-2030 5







are separated from





6






8BRKCOL-2030










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you
















Agenda

BRKCOL-2030 5







are separated from





6






8BRKCOL-2030










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you















Agenda

BRKCOL-2030 5







are separated from





6






8BRKCOL-2030










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







are separated from





6






8BRKCOL-2030










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






8BRKCOL-2030










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you










htzb2n78jdbc9e

9BRKCOL-2030



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Directory

Sync

User Info can be


from the Enterprise

Active Directory

Multiple User

attributes can be

synchronized


employee changes

Passwords are not

synchronized - User

1) Creates a Spark

password or


Identity Service

10BRKCOL-2030



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Directory

Sync

SAML

SSO

SSO for User

Authentication

Administrators can

configure Spark to

work with their


Spark supports

Identity Providers

using Security

Assertion Markup

Language (SAML) 20

and OAuth 20


supported IdPs

Identity Service

IdP

11BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

12BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

13BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

14BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

15BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

16BRKCOL-2030



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Service

IdP

Identity Service






e-mail ID







access



channel

17BRKCOL-2030


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


















18BRKCOL-2030


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


















19BRKCOL-2030


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


















20BRKCOL-2030


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


















21BRKCOL-2030















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you















Agenda

22BRKCOL-2030






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Spark App request a



Service






Encryption key


25BRKCOL-2030




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Spark App request a



Service






Encryption key

















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you















27BRKCOL-2030






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






Key Mgmt Service

messagemessage

Content Server









28BRKCOL-2030










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you










decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you









decrypting content





Indexing Service



the Content Service

Search Service


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Indexing Service

SparkISthemessage








decrypting content





B9 57 FE 48

Hash

Algorithm

Indexing Service



the Content Service


Search Service







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service




Search Service

32


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Indexing Service

Spark






The Search Service




App

57FE48

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48






Search Service

33



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Spark Control Hub

Indexing Service








username(s)



E-Discovery Service

Hash

Algorithm

Indexing Service



hashed content

E-Discovery Service

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub

Search Service


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


E-Discov Storage





Content Server then

compresses and re-



Service


Service




E-Discovery Service

Spark Control Hub


and Files

E-Discovery

Content Ready

Search Service















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you















Agenda

39BRKCOL-2030




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Content Server

Key Mgmt Service



41BRKCOL-2030


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Content Server




=

On Premise


Indexing Server

E-Discovery Service

42BRKCOL-2030


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Content Server

Key Mgmt Service




make outbound





No special Firewall



43BRKCOL-2030


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Content Server



the cloud




Hub


provisioned for








Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center










Customer

BUT


Key Mgmt Service

45BRKCOL-2030


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Key Mgmt Service




46BRKCOL-2030


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Key Mgmt Service





Management Server





stored in the cloud



47BRKCOL-2030


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Key Mgmt Service




48BRKCOL-2030


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Key Mgmt Service



Key Mgmt Service

message

Content Server



Management Server






Server


49BRKCOL-2030


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Content Server

Search Service



Spark Service





and KMS service



Spark Cloud

50


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service






content

Indexing Service


Search Service

51BRKCOL-2030


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

SparkISthemessage

Content Server

Key Mgmt Service






content

B9 57 FE 48

Hash

Algorithm

Indexing Service



Search Service

52BRKCOL-2030


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Indexing Service

Search Service

53


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

Spark

Content Server

Key Mgmt Service





Search Service

B9 57 FE 48

Hash

Algorithm

Indexing Service

B9 57 FE 48



Search Service

54


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

Content Server



Spark Control Hub

Hash

Algorithm

Search Service


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center

Indexing Service

Content Server




Spark Control Hub

Hash

Algorithm



E-Discovery Service



the Search Service

Search Service


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center


Spark Control Hub



Search Service


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Secure Data Center


Spark Control Hub



E-Discovery Service


Content Server then








Jo Smithrsquos

Messages and Files

E-Discovery

Content Ready

Search Service








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


message

Spark Spaces with

users from multiple

Organizations can

share encrypted

messages and

content





message

How do external

users retrieve

encryption keys

from the KMS of the

Organization that

owns the Spark

Space

61






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






messagemessage

62


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Hybrid Key

Management


Organizations can

establish a Mutual

TLS connection via

the Spark Cloud




Hybrid Key

Management

Servers make

outbound

connections only

HTTPS Web Socket

Secure (WSS)


messagemessage

63







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







64


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


With a secure

connection between

Key Management

Servershellip





Mutually

Authenticated KMSs

can request Room

Encryption Keys

from one another on


message message

65






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Docker

ECP Mgmt

Container

HDS

Containers


Docker

ECP Mgmt

Container

HDS


Config File

IDE

Mount

IDE

Mount








Postgres

DatabaseSyslogd

Database

Back Up

System Back Up









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you









68BRKCOL-2030






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






No SHA1 signatures

PKCS12 format






1 Syslog Host






Network





69BRKCOL-2030



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


bull VLANs


bull Firewalls



bull HTTP Proxies





Agenda

BRKCOL-2030 71





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Internet Access







73BRKCOL-2030



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



LLDP

8021Q Ethernet

PC Port


Windows Mac

iOS Android

Web




supported


8021Q Tagging


8021Q Tagging


8021Q Tagging


8021Q Tagging

74BRKCOL-2030





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Media Port Ranges






bull Spark Apps


Signalling

Media

76BRKCOL-2030



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Audio

52000-52099


Video

52100-52299

52000 - 52049 52050 - 52099 52100 - 52199 52200 - 52299

77BRKCOL-2030



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Ports


Spark applications

Windows

Mac

iOS

Android

Web



5004 amp

5006


Nodes


5006


Media Nodes

TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

appsflyercom

adobetmcom

omtrdcnet

optimizelycom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics






78BRKCOL-2030



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Ports


Desktop and Room

Systems

SX Series

DX Series

MX Series

Room Kits

Spark Boards



5004 amp

5006


Nodes


5006



TCP Ephemeral 443

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom

dropboxcom

HTTPS


OAuth Service

Core Spark Services

Identity management

Core Spark Services



Anonymous Analytics




79BRKCOL-2030



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Media Port Ranges










Signalling

Media

80BRKCOL-2030







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







Signalling

Media




81BRKCOL-2030




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Ports


Hybrid Media

Node (HMN)


common UDP source

port range

33434 - 33598

5004

Cascade

Destination



Nodes

TCP Ephemeral 5004

Cascade

Destination



Cloud Media Nodes



idbrokerwebexcom


Hybrid Data

Security Node

(HDS)


idbrokerwebexcom

identitywebexcom

indexdockerio


82BRKCOL-2030



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



PII

Anonymized

Usage info

Encrypted

User

Generated

Content


Web Spark Board



N N Y


Web Spark Board



N N Y


Web



onboarding

N Y N




testing

N Y N

83BRKCOL-2030





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Proxy Types




Signalling

UDP Media



85BRKCOL-2030








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Address

Proxy

Address

Proxy

Address

PACPACPAC

Signalling

UDP Media

86BRKCOL-2030




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Windows Mac

iOS Android

Web


Yes PAC Files













Address

87BRKCOL-2030








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling



88BRKCOL-2030






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






bull Kerberos

Signalling

UDP Media


89BRKCOL-2030







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







encrypted or hashed






Signalling

UDP Media

90BRKCOL-2030








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling

UDP Media





sent instead

91BRKCOL-2030















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you















Signalling

UDP Media

92BRKCOL-2030








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








bull NTLM







Signalling

UDP Media


93BRKCOL-2030
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you
















Signalling

UDP Media

94BRKCOL-2030






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






Signalling

UDP Media

101002003

identitywebexcom

idbrokerwebexcom

wbx2com

webexcom

ciscosparkcom

clouddrivecom

crashlyticscom

mixpanelcom

rackcdncom


95BRKCOL-2030




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Windows Mac

iOS Android

Web


Basic - Yes

Digest - Planned


Kerberos ndash No





Digest - Yes



Digest - Yes


Basic ndash Yes

Digest - Yes

96BRKCOL-2030



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

97BRKCOL-2030





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





Signalling

UDP Media

98BRKCOL-2030







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







Signalling

UDP Media

99BRKCOL-2030



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

100BRKCOL-2030








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling

UDP Media

101BRKCOL-2030



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

102BRKCOL-2030




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Certificate Pin =



Signalling

UDP Media

103BRKCOL-2030








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling

UDP Media

104BRKCOL-2030



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

105BRKCOL-2030








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling

UDP Media

106BRKCOL-2030








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








Signalling

UDP Media

107BRKCOL-2030



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

108BRKCOL-2030



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media


109BRKCOL-2030






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






the OS Trust Store




Signalling

UDP Media


110BRKCOL-2030



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media

111BRKCOL-2030



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Signalling

UDP Media


112BRKCOL-2030









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you









Signalling

UDP Media


113BRKCOL-2030




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Train

Supports TLS HTTPS

Inspection


Windows Mac

Web





















OS


114BRKCOL-2030




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you




Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Server

116BRKCOL-2030



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



8021X Operation





Authentication

Server

117BRKCOL-2030



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Authentication

Server

118BRKCOL-2030






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






bull EAP-FAST

bull EAP-TLS

Authentication

Server

119BRKCOL-2030



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Authentication

Server

120BRKCOL-2030







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







Authentication

Server

121BRKCOL-2030



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Authentication

Server

122BRKCOL-2030







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







Authentication

Server

123BRKCOL-2030



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Authentication

Server

124BRKCOL-2030







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you







Authentication

Server




Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you



Device

Protocol Software

Train


CUCM

LSC

Certificate

Installation

Capability


Windows

Mac iOS

Android

Web


Wired -

Yes

Wi-Fi - Yes

Wired - Yes





Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Q4

CY17

Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Yes

Wired ndash

Yes

No Yes Yes

Web Based




Wired -

Yes

Wi-Fi - Yes

Wired ndash

Yes

Yes Yes Yes

Web Based




Board OS

No

(Planned

Q2 CYlsquo18)

No

(Planned

Q2 CYlsquo18)

No No

(Planned

Q2 CYlsquo18)


126BRKCOL-2030






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you






bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you





bull VLANs


bull Proxy Type



required




128BRKCOL-2030









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you









and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you








and Trust Anchors

130BRKCOL-2030


Cisco Spark






How












bull Tech Circle



133
























Thank you


Cisco Spark






How












bull Tech Circle



133
























Thank you











bull Tech Circle



133
























Thank you





bull Tech Circle



133
























Thank you
























Thank you

Thank you

Date post:	25-Aug-2018
Category:	Documents
Upload:	vuongdang
View:	217 times
Download:	0 times

Cisco Spark Cloud and On Premise · Identity Service Spark Service 1) User enters 16 digit...

Documents