© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Agenda
Introducing Enterprise Network Architecture
Unified Access
Cloud Intelligent Network & Unified Services
Enterprise Networks in Action
2
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cisco Enterprise Networking Vision
Simple
Secure
Reduced
TCO
3
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cisco Enterprise Network Solution
Cisco ONE Architecture
Simple
Secure
Reduced
TCO Connecting People
Connecting Clouds
Connecting Things
4
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cisco ONE Network Architecture
CISCO ONE
CONTROLLER
NETWORK-AWARE
APPLICATION LAYER
DEVICE
LAYER
Cisco
ISE
Cisco
Prime
Cloud
Services
Security
Services
Mobility
Services
3rd Party Apps
Network Services API (REST)
Application
Services
Discovery Topology PfR
control QoS Location
Device API– One PK, OpenFlow, CLI
Cisco IOS (Enterprise, Data Center, Service Provider)
ASICs
5
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cisco ONE Network Architecture
CISCO ONE
CONTROLLER
DEVICE
LAYER
Cisco
ISE
Cisco
Prime
Cloud
Services
Security
Services
Mobility
Services
3rd Party Apps
Network Services API (REST)
Application
Services
Discovery Topology PfR
control QoS Location
Device API– One PK, OpenFlow, CLI
Cisco IOS (Enterprise, Data Center, Service Provider)
ASICs
Device API– One PK, OpenFlow, CLI
Cisco IOS (Enterprise, Data Center, Service Provider)
ASICs Unified Access Data
Plane ASIC Catalyst 3850 ISR-AX
DEVICE
LAYER
6
SERVICES
LAYER
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
ONE Network with Unified Access & Unified Services
7
Corporate
Network WAN
Branch Cisco Wireless
LAN Controller
Catalyst
Switch
Cisco
Access Point
AP
Wireless Control
System
Access
Control
Server
LAN Mgmt
Solution Identity
Mgmt
NAC
Profiler
Guest
Server
WAAS
Edge
Router
Application
Visibility & Control
Firewall
& VPN
WAN Path Control
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
ONE Network with Unified Access & Unified Services
8
Corporate
Network WAN
Branch Cisco Wireless
LAN Controller
Catalyst
Switch
Cisco
Access Point
AP WAAS
Edge
Router
Application
Visibility & Control
Firewall
& VPN
WAN Path Control
One Policy
ISE One Management
Prime
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
ONE Network with Unified Access & Unified Services
9
Corporate
Network WAN
Branch Cisco
Access Point
AP
Unified
Access
Unified
Services
Unified
Access
One Policy
ISE One Management
Prime
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Office Wired Access Office Wired Access
Cisco End-to-End BYOD Solution ONE POLICY, ONE MANAGEMENT, ONE NETWORK
11
Cisco WLAN Controller
Office Wireless Access Remote Access
Cisco ASA Firewall
Cisco CSM and ASDM
Cloud Web Security
Wired Network Devices
Cisco Catalyst® Switches
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Office Wired Access Office Wired Access
Cisco End-to-End BYOD Solution ONE POLICY, ONE MANAGEMENT, ONE NETWORK
12
Cisco Prime™ NCS
Cisco WLAN Controller
Third-Party
MDM Appliance
MDM Manager
Office Wireless Access
Cisco® ISE
Remote Access
Cisco ASA Firewall
Cisco CSM and ASDM
Cloud Web Security
Wired Network Devices
Cisco Catalyst® Switches
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Policy: Who, What, Where, When, and How?
Identity Profiling
VLAN 10
VLAN 20
Wireless LAN Controller
DHCP
RADIUS
SNMP
NetFlow
HTTP
DNS
Cisco® ISE
Unified Access Management
IEEE 802.1x EAP User Authentication
1
HQ
2:38 p.m.
Profiling to Identify Device
2
6
Full or Partial Access Granted
Personal Asset
Company Asset
3
Posture of the Device
Policy Decision
4
5
Enforce Policy in the Network
Corporate
Resources
Internet Only
13
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
New Catalyst 3850
LARGE CAMPUS
EXTERNAL MOBILITY CONTROLLER NEEDED
UP TO 72,000 ACCESS POINTS UP TO 864,000 CLIENTS LARGEST LAYER 3 ROAMING DOMAINS
Access Points
ISE Prime
Access Points
New Catalyst 3850
New Catalyst 3850
Converged Access Deployment Mode Three Use Cases
DMZ
Catalyst
3850
14 Employee Guest
INTEGRATED CONTROLLER OPTIONS
BRANCH SMALL/MEDIUM CAMPUS
UP TO 50 ACCESS POINTS UP TO 2,000 CLIENTS ALL WAN SERVICES AVAILABLE
UP TO 250 ACCESS POINTS UP TO 16,000 CLIENTS VISIBILITY, CONTROL, RESILIENCY
WAN
AP CAPWAP Tunnels
Mobility
Controller
Mobility
Controller
Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller
INTEGRATED
CONTROLLER
INTEGRATED
CONTROLLER
Mobility Agent
INTEGRATED
CONTROLLER
ISE Prime ISE Prime
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Just Launched…
Secure
Consistent User Experience
Simplified
Cisco Catalyst 3850 Access Switch
• Converged Wired-Wireless Network
• Consistent Network-wide
intelligence and operations
• Integration with Cisco Open
Networking Environment
Cisco 5760 Wireless Controller
• Large scale wireless deployments
Identity Services Engine 1.2
3rd Party MDM integration
Prime Infrastructure 2.0
360° Experience, Automated Workflows
15
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cloud Connected WAN
Internet
Internet/ WAN
Cloud Challenged WAN Traditional WAN
Public Hybrid
Private
Evolving WAN The Journey To The Cloud
• Traditional Applications • Predictable WAN Performance • Tightly controlled and secure
• Cloud and rich-media apps • Unpredictable performance /
congestion • Loss of control over security,
operations
• Application and user aware guaranteed service levels
• VM mobility between Cloud DCs • LAN Extension, Segmentation at scale with
programmatic provisioning
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public 18
Cisco ISR G2
ASR 1000
AVC, WAAS
UCS-E
Private Cloud
ASR 1000, AVC, ASA,
WAAS, AppNav
Cloud Intelligent Networks Solutions
Cloud
Intelligent
Network
Cisco Prime Infrastructure
Security
App Visibility & Control (AVC)
Cloud Connectors
Medianet
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public 19
Cisco ISR G2
ASR 1000
AVC, WAAS
UCS-E
Virtual Private
Cloud
CSR 1000v vWAAS
vASA, VSG, N1kv, vPath
Cloud Intelligent Networks Solutions
Cloud
Intelligent
Network
Cisco Prime Infrastructure
Security
App Visibility & Control (AVC)
Cloud Connectors
Medianet
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public 20
Cloud Connectors
ScanSafe
HCS
Webex CCA
3rd party
Public Cloud
HCS
Services
Cloud Intelligent Networks Solutions
Cloud
Intelligent
Network
Cisco Prime Infrastructure
Security
App Visibility & Control (AVC)
Cloud Connectors
Medianet
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public 21
Cloud Connectors
ScanSafe
HCS
Webex CCA
3rd party
Cisco ISR G2
ASR 1000
AVC, WAAS
UCS-E
Public Cloud
HCS
Services
Virtual Private
Cloud
CSR 1000v vWAAS
vASA, VSG, N1kv, vPath
Private Cloud
ASR 1000, AVC, ASA,
WAAS, AppNav
AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud
Connectors
Cloud Intelligent Networks Solutions
Cloud
Intelligent
Network
Cisco Prime Infrastructure
Security
App Visibility & Control (AVC)
Cloud Connectors
Medianet
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
NAC Agent Web Agent AnyConnect or
OS-Embedded Supplicant
802.1X Supplicant No-Cost Persistent and Temporal Clients
for Posture, and Remediation
Cisco 2900/3560/3700/4500/6500, Wireless Infrastructure Cisco ASA, ISR, ASR 1000
Identity Services Engine (ISE) Identity Access Policy System
Cisco TrustSec Solution Architecture
Identity-Based Access Is a Feature of the Network, Spanning Wired, Wireless, and VPN
Policy
Administration
Policy Decision
Policy
Enforcement TrustSec Powered
Policy
Information TrustSec Powered
22
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Control application
network usage to
improve application
performance
Control
Advanced reporting
tool aggregates
and reports
application
performance
App Visibility &
User Experience Report
Management
Tool
Collect application
performance
metrics, and export
to management tool
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
NFv9/IPFIX
3
App BW Transaction
Time
…
SAP 3M 150 ms …
Sharepoint 10M 500 ms …
Identify applications
using L3 to L7
information
Application
Recognition
What is Application Visibility and Control (AVC) What is Needed
High
Med
Low
23
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
• QoS (w/ NBAR2)
• PfR
Control
High
Med
Low
• Cisco Prime
Infrastructure
• 3rd Party Tools
App Visibility &
User Experience Report
Management
Tool • Unified Monitoring
- Traffic Statistics
- Response Time
- Voice/Video
Monitoring
- URL Collection
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
3
App BW Transaction
Time
…
SAP 3M 150 ms …
Sharepoint 10M 500 ms …
• NBAR2
• Metadata
Application
Recognition
What is Application Visibility and Control (AVC) Enabled Technologies
NFv9/IPFIX
24
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
What are Cloud Connectors? Bringing Network Intelligence to the Cloud
Cloud Connector – a network service that improves the performance, security or availability of cloud applications. Cisco Cloud Connectors provide Optimal Experience, Pervasive Security, and Simplified Operations when utilizing Private, Public or Hybrid
Clouds over the WAN or Internet.
Branch Private/Public/Hybrid
Cloud Intelligent Platforms
ISR ASR CSR
Visibility Optimization Collaboration App Hosting Security
Cloud
Connector
25
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Private WAN
Data Centers
Internet
• The Requirement
Control web access and block malware
Don’t require agents on user/BYOD devices
• How
ScanSafe Connector for ISR G2
Directs traffic to ScanSafe Cloud
• Benefits
Define one web security policy centrally
Enforce locally, no client software
Web Security with ScanSafe Connector
26
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Cisco ISR-AX
Operational Simplification and Manageability
Application Visibility and Control
• NBAR2
• QoS
• Media Monitoring
• WAN Path Selection (PfR)
WAN Optimization
• Application Acceleration
• TPC Compression
• Data Redundancy Elimination
Hardware for ISR-AX
• SRE or Max DRAM
• Option for UCS-E Series Server
Security
• VPN Encryption
• IOS Firewall
• Intrusion Prevention
• Cloud Web Security
27
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
What makes the ISR-AX different?
Introducing the ISR AppX License
Security U.C.
IP
Base
AppX
Extends and replaces the Data license with application router services. All previous Data license features included.
All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management.
Right-To-Use license for WAAS. License enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost.
App & Security
included with the
ISR-AX Bundle
28
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Connected Mobile Experience
GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE
Mobile device and characteristics detected before they enter the venue
Seamless and secure Wi-Fi connectivity
Preferences, profile, device and roaming credentials identified
Highly-relevant content and services based on user attributes and real- time location
DETECT CONNECT ENGAGE
LOCATION ANALYTICS Insights into customer online and onsite behavior, traffic paths, dwell times, location density etc.
© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Cisco Daily Challenge points for each session evaluation you complete.
Complete your session evaluation online now through either the mobile app or internet kiosk stations.
31