Equip IT for BYOD - Cisco · Equip IT for BYOD: ... Paul DeBeasi, Research Vice President, Gartner...

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.

Equip IT for BYOD: Learn How to Create a Flexible Mobile Architecture with an overview of Cisco’s UA

Paul DeBeasi, Research Vice President, Gartner

Chris Spain, VP of Product Marketing, Cisco

October 10, 2012

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

Paul DeBeasi

How Do I Create a Flexible Mobile Architecture?

Use System Thinking to Create a Flexible Mobile Architecture

• Enterprises should use system thinking to create a flexible mobile architecture.

- System thinking encourages a holistic perspective, common goals, & collaboration.

- Silo thinking encourages a narrow perspective, individual goals, and isolation.

Mobility Ecosystem

Business Reqs.

User needs

Mobile Data

Mobile Apps.

Identity & security

Wireless

Manage & support

Policies

Mobility Often Has Circular Cause-Effect Relationships

• Circular cause-effect relationships can lead to:

- Premature decisions

- Unintended consequences

• B2E vs. B2C solutions:

- May need different architectures

- May have different lifespans

- Both can have circular cause-effect relationships

• Use system thinking to analyze circular relationships:

- Take a holistic view

- Use a decision framework

1. Virtualize iPad apps to reduce risk

2. Weak WLAN causes poor user

experience

3. Estimate WLAN investment

4. Assess risk versus WLAN investment

5. Rethink original decision

Holistic perspective

Circular cause/effect

Common goals

Collaboration

Generalist

Decision framework

Narrow perspective

Linear cause/effect

Individual goals

Isolation

Specialist

Ad hoc decisions

Mobility Requires System Thinking

Use an Architecture Decision Framework

• Encourages holistic perspective

• Aligns business, user, IT needs

• Guides cross-functional collaboration

• Exposes circular cause/effect relationships

• Adapts to different business needs and use cases

Determine Use Case, Business Requirements

Determine Identity Requirements

Determine Data Mobility &

Governance Requirements

Determine Application Architecture

Requirements

Determine Wireless Requirements

Determine Management Requirements

Determine Endpoint Control

Requirements

Start With Use Case & Business Requirements.

Iterate to Resolve Dependencies.

Business First, Then Technology

• Focus on business first, then on technology

- Mobility is a business problem, not simply a technology issue

• Assess business requirements and use cases

- Require a good working relationship between IT and business units

• Determine which use cases justify investment

- Prioritize uses cases. May require creating a business case

• Healthcare example

- Talk to physicians, understand use case and business importance, assess risk

Data Mobility & Governance

• Focus on your data

- Input/output, accuracy, storage, synchronization

- Often treated as an afterthought

- Affects risk, user experience, privacy, expenses

• Mobile governance requirements

- People, policy and process issues

- Establish a mobile center of excellence

- Assess what policies you can enforce

- Accept what you can't (e.g., BYOD)

BYOD!

Architectural decision

• Local data input & local storage

• Data is sensitive

• BYOD policy allowed

Architectural impact

• Need management & security control

• May need WLAN investment

• May need cellular investment

Determine Identity and Access Management Architecture

• IAM requirements

- Deeply woven into every mobility project

• Authentication

- Prove user legitimacy

• Arch. considerations

- Requirements

- Constraints

- Alternatives

Requirements

Data Sensitivity

User experience

Authorization location

Access governance

Constraints

Connectivity sufficiency

User-to-device auth.

Type of device

Device ownership

Alternatives

Local auth.

Remote auth.


• Remote authentication

• Two-factor authentication


• Wireless network dependency

• May impact app. architecture

• May impact user experience


• Don't begin here

- Resident native app?

- Mobile Web app?

- Framework evaluation?

• Instead, focus here

- App deployment

- App runtime

- Code partitioning

- Data residency

Code Partitioning

Mixed

Server

Device

Data Residency

Device

Mixed Cached

Mixed Unsynchronized

Mixed Synchronized

Server

Application Deployment

Mixed

Dynamic

Static

Application Runtime

Browser

Embedded Managed Container

Hosting Managed Container

Operating System

Virtualization


• App deploy = static

• App runtime = browser

• Code = server, data = cached


• Wireless network dependency

• Need security control (sensitive data)

• Match management to security

Determine Management Architecture

• No sensitive information

• No authentication credentials

No Endpoint Management

• Exchange Active Sync, Lotus Notes Traveller

• Low cost, easy to deploy Messaging Client

• Policy managers (e.g. BoxTone, Mobile Iron)

• MDM Containers (e.g., Good Tech.)

Mobile Device Management

• Managed application containers (e.g., Syclo, Verivo)

• Build management controls into mobile apps

Application Management


• Use messaging client


• May increase risk

• May need app. container (sensitive data)

• Local identity credential management?


• 802.11g/a/n, spatial streams

• 2.4 GHz vs. 5 GHz

• Stand-alone vs. coordinated APs

• 802.11ac, HotSpot 2.0 (future)

Wireless LAN

• Distributed Antenna Systems

• Small cell technology

• Wi-Fi vs. cellular

• Hybrid options

Mobile Cellular


• No investment (802.11g WLAN)

• No investment (in-building cellular)


• May limit application architecture

• May require endpoint controls

• May require MDM system

Determine Endpoint Security Controls

• Unmanaged endpoint:

- Low risk

• Moderately managed:

- Moderate risk

- Some policy & user restrictions

• Heavily managed:

- High risk

- Provisioned with restrictive policies

• Managed containers:

- Separates enterprise and personal information

Unmanaged endpoint

Moderately managed endpoint

Heavily managed endpoint

Managed containers


• Heavily managed endpoint

• Managed containers required


• May limit application architecture

• May required MDM system

• May impact user experience

Architectural Decision Framework Guides System Thinking

• Real world may not be so tidy

- No clear business case

- Poor communication, collaboration

- Silo decision making

- IT not aligned with business

• Decision framework can help

- Evolve process over time

- Improve decision making

- Improve collaboration

- Improve value of IT organization

Determine Use Case, Business Requirements

Determine Identity Requirements

Determine Data Mobility &

Governance Requirements


Requirements


Determine Management Requirements

Determine Endpoint Control

Requirements

Mobility Ecosystem

Business Reqs.

User needs

Mobile Data

Mobile Apps.

Identity & security

Wireless

Manage & support

Policies

Recommendations

Use systems thinking

- Provides holistic perspective, common goals, communication

Follow mobility decision framework

- Guides mobile architectural decisions

- Focuses on the key mobile architecture elements

Business first, then technology

- Mobility is a business problem, not simply a technology issue

Focus on your data

- Enterprises that fail to gain control over their data will increase their security and compliance risks

Improve your people skills

- Mobility requires cross-functional, cross-departmental collaboration

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

Paul DeBeasi

How Do I Create a Flexible Mobile Architecture?

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Chris Spain

Vice President of Marketing, Wireless Networking Group, Cisco

October 10, 2012

Enabling Business Innovation

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

By 2014, 90% of Organizations will allow Personal Devices For Work Use

BYOD CLOUD DATA


Connected Banking Connected Consumers

FINANCIAL RETAIL HEALTHCARE

Connected Healthcare


Securing Device and Data

Managing Policy Consistently

Limited Visibility and Control

Unpredictable Performance

Inconsistent Application Behavior

IT CHALLENGES

Network Users and Devices Applications


Connecting Clouds

Connecting People Connecting Devices

Secure

Consistent User

Experience

Simplified

CISCO UNIFIED ACCESS


Secure

Consistent User

Experience

Simplified


ONE Network

• Wired and wireless portfolio

• Consistent functionality across solutions

ONE Policy – Cisco ISE

• Single source of policy for wired/wireless/VPN, MDM

• Context-aware: Who, What, Where, When, How

ONE Management – Cisco Prime

• Wired/wireless/policy

• Real-time monitoring


UNIFIED ACCESS - WHAT’S NEW

Identity Services Engine (ISE)

Prime Management

Wired and Wireless Network

• New self-provisioning portal – My Devices

• Secure Group Access (SGA) - simplified role-based access control and enforcement based on context, avoids manual ACL/VLAN configs

• Consistent functionality across wired and wireless

Sub-second stateful switch over (SSO) for wireless

Application Visibility and control

• Context-aware access

• Enhanced Wireless portfolio

• One application for Cisco Prime Infrastructure 1.2 – wired/wireless

• Enhanced Application Visibility and Control (AVC), visualizing application flow for wired and wireless


ONE MANAGEMENT - WHAT’S NEW

Cisco Prime Infrastructure 1.2

Converged Visibility

Prime 360 Integrated Workflows Aligned

with Lifecycle Processes

Support the way network operators do their job

Prime Assurance Manager Enhanced Application Visibility

and Control (AVC)

Offering Wired and Wireless

Application Insight and Control

ISR G2 Routers NAM

ASR WLAN Controller

NEW


ONE POLICY - WHAT’S NEW Cisco Identity Service Engine Rel 1.1.1

Identity-based access control policy platform across wired, wireless or VPN.

Automated, role-based and consistent access control

enforcement across wired and wireless

Based on context: user, device, and location.

Self-registration personal device onboarding

Users self-management of their registered devices –

Moves, Adds, Changes & Blacklist (Lost)


ONE NETWORK - WHAT’S NEW

• Extending enterprise features to midmarket

• Full RF excellence: Spectrum intelligence

• Client acceleration

• Industry’s first Enterprise-class 802.11ac AP

• Investment protection - field upgradable modular design

• Virtualized Controller

• Virtualized Mobility Services Engine

• Virtualized Prime

• Virtualized ISE

• Industry’s most scalable controller in 1RU

• 6000 APs and 64,000 clients support

• SP, large enterprises

2nd Generation 802.11n Access Points

AIRONET 2600 & 1600

2nd Generation 802.11n Access Points

AIRONET 3600

Mega Scale Wireless Controller

8500 SERIES

Complete Virtualized Deployment Option

Granular and Context-Aware Access Security Controls for BYOD Catalyst 2K & 3K Switches

TrustSec Secure Group Access (SGA), IPv6 Security


CISCO AIRONET ACCESS POINTS

Teleworker/Hospitality

600

Enterprise Class

1600

Mission Critical

2600

Best in Class

3600

• Basic Connectivity

• Deployment Flexibility

• Basic Connectivity

• Deployment Flexibility

• CleanAir Express

• ClientLink 2.0

• High Client Scalability

• CleanAir

• ClientLink 2.0

• VideoStream

Second Generation 802.11n

• High Client Density

• Investment Protection, modularity

• 802.11ac Support

• HD Video/VDI, VideoStream

• Best In Class Security

• ClientLink 2.0, CleanAir


2500 50APs

500 Clients

SRE – WLCM2 50 APs

500 Clients

5500 500 APs

7000 Clients

WiSM2 1000 APs

15000 Clients

FlexConnect

Private Cloud

Multi-architecture capable

Support Flex and Centralized

CONTROLLER PRODUCT PORTFOLIO

8500 6000 APs

64000 Clients

New

(7.3)

Virtual Controller 200 APs

3000 Clients

New

(7.3)

Flex7500 6000 Aps

64000 Clients

New

(7.3)


UNIFIED ACCESS CUSTOMERS Cisco 2600APs - Predictable

and Scalable Wi-Fi for Rutgers

Business

Challenge

• Scalability: unstable and unmanageable wireless network due to significant increase in number of student (58,000), faculty (7000+), and mobile devices

• Rapidly growing school district in Texas

• Requires enhanced communications, collaboration and academic engagement in BYOD environment

Results Better User Experience

• No Interference - Cisco CleanAir detected leaky microwave in student center fixing a top issues

• Faster connection – 1000 Cisco AP 2600 with 3x4:3 MIMO

• Cost-effective deployment

Operational Efficiency

• More than $75,000 in annual cost savings

• Easy-to-manage environment foster collaborative communications

• Support higher-bandwidth demands

Pflugerville Independent

School District (PISD)


Investment Protection

Simplified Operations. Lower TCO

The ONLY Solution that Brings It All Together

Making IT More Responsive to the Business Less Time on IT Operations, More Time on IT Business Innovation

NEW Connected Experiences


Innovative Business Scenarios

Best Wired and Wireless In the Industry


© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Presentation_ID

Cisco Aironet 2600 and 1600 Series Access Points

AVAILABILITY AND PRICING

• Available globally, now shipping

• (2600e) with external antennas: $1,195 USD list

• (2600i) with internal antennas: $1,095 USD list

• Available Q4CY2012

• (1600e) with external antennas: $795 USD list

• (1600i) with internal antennas: $695 USD list

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Presentation_ID

Cisco 8500 Series and Virtual Wireless Controller

AVAILABILITY AND PRICING


• Starting price $75,000 for 300APs


• 5 AP support: $750

• 25 AP support: $3750

Virtual Deployment

on any X86 Server

with VMWare HyperVisor

Date post:	22-Jul-2018
Category:	Documents
Upload:	dinhthu
View:	219 times
Download:	0 times

Equip IT for BYOD - Cisco · Equip IT for BYOD: ... Paul DeBeasi, Research Vice President, Gartner...

Documents