cisco small business product & solutions update (apac) – q3 … · 2010. 7. 6. · sa 500...
TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1
Cisco Small Business Product & Solutions Update (APAC) – Q3 FY10
Small Business Technology Group (SBTG) David Harper ([email protected]) Leah Davis ([email protected])
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 2
Agenda New Hardware: • Cisco Small Business Branded Product Availability Update
• Cisco AP 541N Dual-Band 802.11n Wireless Access Point
• Cisco 8-port Cisco ESW 500 Series Switches
• Cisco SA 500 Series Security Appliances
• Cisco SRP 500 Series Services Ready Platforms
New Software: Expanded security features for Cisco SA 500 Series Security Appliances
Cisco Smart Business Communications System Release 2.0 and CCA 2.2
Technology Deep-Dive - Build Your Core: Overview of Small Business Network Requirements
Introduce Core Network ‘Building Blocks’
Q&A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 3
Cisco Small Business Branded Product Availability Switches:
All Unmanaged– SD/SR shipping today with Cisco Small Business branding Smart SLM2xxx – in process Managed Stack (SFE/SGE) – in process Managed SRW – not being rebranded at this time
Routers: RVL200, RV042, RV082, RV016 - not being rebranded at this time RVS4000, WRVS4400N, WRV210 - in process
ATAs: No rebranding plans at this time
Storage: NSS4XXX and 6XXX not being rebranded at this time NSS2XXX and 3XXX already Cisco Small Business branded
Wireless: WAP4410N, WET200, WAP200, WAP200E, WAP2000 - in process
Cameras: PVC2300, WVC2300, WVC210 - in process
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 4
New Products Launch (APAC)
SBCS 1.6
SA 500
SPA 500 Phones
Pro Configuration / Mgmt. CCA 2.1
Pro Foundation SA / SR + ESW + AP
Pro Security Solution SA 500, IPS + Trend + VIP
AP 541N 8-port ESW 500 Switch
CCA 2.2
4-hour Pro Service (AU only)
Pro for Service Provider SRP 500 Series CPE
Hosted Communication Solution
SBCS 2.0
Q2 / Dec 1 Fulfilling the Pro Series
Promise
Q1 / Sept 9 Building the Pro Series
Product Portfolio
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 5
The AP541 Access Point integrates with other Small Business Pro products to enable wireless applications including mobile data, secure guest access, voice over WLAN, and wireless video monitoring. As part of the Pro portfolio, mobility solutions are easier to configure, install and support
AP 541 Wireless Access Point
Key Features:
• Draft 802.11n Dual Band– user selectable 2.4GHz or 5GHz
• Ease of Configuration and Administration with Clustering (Controller-less)
• Advanced features – Strong Security, QoS, Rogue AP Detection, Seamless Roaming, Auto-Channel selection, Captive Portal Guest Access
• Complete Device GUI or CCA cross launch management tools
AP541N Single Radio Dual Band AP541N Dual Mode Single Radio
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 6
Cisco ESW 500 Series 8-port PoE Switches
• Two models - 10/100 & GigE • 10/100 model powers up to 8
Cisco Small Business phones • GigE powers up to 8 of any
Cisco phone, AP, video camera • Desktop, fanless (quiet) • Same Configuration Utility, CCA
support & features as 24- & 48-port models
• SW changes (for all ESW models): • Bug fixes & usability
improvements • Managed Service provisioning
options
Model Ports PoE Budget
List Price
ESW-520-8P
8 10/100 PoE Ports + 1 expansion
60W $659
ESW-540-8P
8 GigE PoE Ports + 1 expansion
120W $899
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 7
Complete Network & Data Security Cisco SA 500 Series
Unified Threat Management (UTM) Security Solution
Business Grade Firewall Email Security Web Threat Protection URL Filtering
Site-to-Site and Remote Access VPN
Secure 802.11n Wireless Supports up to 100 Users
Starting at $550 Small Business Pro Service $69
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 8
Business-Grade Firewall for Small Business
Cisco® SA 500 Series
Firewall: Protects business from unwanted visitors, unwanted traffic, and malicious attacks.
Dual WAN: Ensures that the business is connected to the Internet in the event the connection to one ISP goes down.
DMZ: Enables safe and secure hosting of Internet-accessible resources without exposing the LAN.
Internet
ISP 1 ISP 2
DMZ
Email Server
File or Web Server
LAN
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 9
VPN Services for All Deployment Types
Site-to-Site VPN: Secure connectivity between office locations. Remote Access VPN: Choice of IPsec or SSL VPN to enable safe
connectivity for employees, contractors, and partners.
Remote Office Requires site-to-site
connectivity
Supply Partner or Traveling Employee
Requires access to ordering databases
Employee at Home Requires consistent
LAN-like access
Internet
Cisco® SA 500 Series
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 10
Cisco
Small Business Pro
SA 500 Series
ASA 5500 Series & ISR 800 Series
Cisco Small Business Security Gateway Portfolio
Specialized security needs Advanced networking capabilities Highest level of technical support and
premium services Partners with security specialized staff
Small Business
Business with less than 100 Employees Customer wants all-in-one (UTM) functionality
Security Designed for Small Business Easy Configuration and Deployment
Small Business Pro Service Enables partners with limited security training
For “Do it Yourself” small business Transactional support
RV Series
Pric
e-Pe
rfor
man
ce
Function, Flexibility, Scalability
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 11
Pric
e-Pe
rfor
man
ce
Function, Flexibility, Scalability
SA 500 Series with Trend Micro ProtectLink Gateway
Cisco Spam & Virus Blocker
Cisco Small Business Anti-Spam Solutions
THE security concern is Spam & Viruses Specialized anti-spam requirements Provides many trigger conditions and
actions focused on anti-spam Data loss prevention via outbound email
inspection
Customers with less than 100 Employees Customer looking for All-in-one / UTM
Spam is only one of several security concerns, with others including Web security, Firewall, VPN
Customer needs to update their gateway security device (router / security appliance)
Pric
e-Pe
rfor
man
ce
Function, Flexibility, Scalability
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 12
SA 500 Series Model Comparison SA 520 SA 520W SA 540
Firewall Performance 200 Mbps 200 Mbps 300 Mbps
UTM Performance 200 Mbps 200 Mbps 300 Mbps
VPN Performance 65 Mbps 65 Mbps 85 Mbps
Connections 15,000 15,000 40,000
Ports 1 WAN, 1 Optional,
4 LAN
10/100/1000
1 WAN, 1 Optional,
4 LAN
10/100/1000
1 WAN, 1 Optional,
8 LAN
10/100/1000 Wireless (802.11b/g/n) No Yes No
IPsec Site-Site Yes Yes Yes
IPsec Remote Access 50 seats 50 seats 100 seats
SSL Remote Access 2 seats included, License upgrade to 25 seats
2 seats included, License upgrade to 25 seats
50 seats included
Complete specification available at http://www.cisco.com/go/sa500
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 13
SA 500 Series SKUs
SA 500 Series Security Appliances
Description List Price
SA520-K9 SA 520 Security Appliance $550
SA520W-K9 SA 520 Security Appliance with Wireless $700
SA540-K9 SA 540 Security Appliance $850
SA 500 Series Upsells
L-FL-SSL-520-K9= eDelivery SSL license for SA 520 and SA 520W $150
L-PLGW-5= eDelivery ProtectLink Gateway license 5 user 1-year subscription, incremental
$178
L-PLGW-25= eDelivery ProtectLink Gateway license 25 user 1-year subscription, incremental
$738
CON-SBS-SVC2 3 Year Small Business Pro Service $69
Notes: These products are only available via Distribution.
VeriSign VIP service which provides two factor authentication for SSL VPN can be purchased directly from VeriSign… please see
www.cisco.com/go/viptoken for details.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 14
Cisco SRP 500 Services Ready Platforms – Roadmap Update
What are they? Cisco Small Business Pro Series CPE devices that enable Service Providers to deliver managed services
What do they offer? More than just WAN termination Services-ready – for premium services
Data Voice Applications
Easy to provision and deploy Industry-standard TR-069, TR-104, and XML-based provisioning
Cost-effective, competitively priced
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 15
Cisco SRP 500 Services Ready Platforms
Data services Dedicated Internet access with built-in WAN
Business continuity with 3G services
Provisioning via TR-069 and XML
Voice services Standards-based SIP implementation
SIP trunking / Hosted Business Services
Security services NAT, firewall, IPsec and GRE VPN
Support for application services
SRP520
SRP540
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 16
SRP 500 Series Positioning Fe
atur
es/S
uppo
rt
Modular IOS Platform
IOS Platform
Modularity and WAN flexibility T1 & serial interfaces Modules for Services
Full UC solution with 1861 Rack mount
IOS CLI syntax consistency across ISR Portfolio IOS feature consistency across ISR Portfolio
Advanced services: SEC, UC, 11n, etc. Cisco TAC support
Ethernet & DSL Model Linux Operating System
GTM through Distis Single Image
Small Business Support Center
TR-069,XML, GUI-based Platform
SRP 500
IAD 800 / ISR 800
IAD 2400 / ISR 1800
Price
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 17
Dedicated Internet Access 3G
FXO
IP Centrex
FXS
SRP = Services Ready Platform
INTERNET
PSTN
SIP Trunking to IP PBX
PBX Interconnect
FXS
PBX
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 18
Cisco SRP 500 Series Models
SRP 521 SRP 526 SRP 527 SRP 541 SRP 546 SRP 547
WAN FE ADSL2+ (ISDN)
ADSL2+ (POTS) GbE ADSL2+
(ISDN) ADSL2+ (POTS)
Backup WAN - GbE
LAN 4-port FE 4-port GbE
Wireless 802.11b/g/n, 1 fixed antenna 802.11b/g/n, 2 SMA antennae
FXS/FXO 2 / 1 (relay) 4 / 1 (active)
USB 2.0 1 2
Built-in 3G USB Drivers Yes Yes
Security NAT, Firewall, IPsec and GRE VPN
NTE List Price $ 300 – 350 $ 600 – 650
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 19
Agenda New Hardware: • Cisco Small Business Branded Product Availability Update
• Cisco AP 541N Dual-Band 802.11n Wireless Access Point
• Cisco 8-port Cisco ESW 500 Series Switches
• Cisco SA500 Series Security Appliances
• Cisco SRP 500 Series Services Ready Platforms
New Software: Expanded security features for Cisco SA 500 Series Security Appliances
Cisco Smart Business Communications System Release 2.0 and CCA 2.2
Technology Deep-Dive - Build Your Core: Overview of Small Business Network Requirements
Introduce Core Network ‘Building Blocks’
Q&A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 20
All-in-One (UTM) Security for Small Business
Business Grade Firewall, Email Security, Web Threat Protection, URL Filtering, Site to Site VPN and Remote Access IPsec and SSL VPN, Secure
802.11n wireless, IPS
Cisco SA 500 Series Security Enhancements
Enhancements • In addition to secure Internet, wireless, site-to-site and remote access with a
firewall and optional email and web security capabilities, the Cisco SA 500 Series now features IPS
• Optional Intrusion Prevention System (IPS) prevents hackers, worms, and other threats, as well provide protocol inspection and the ability to block Instant Messaging and Peer to Peer traffic.
• No new hardware, but requires additional software license
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 21
What’s New in SBCS Release 2.0?
Complete Small Business Pro SBCS Solution Additional Hardware Support
AP 541N Wireless Access Point ESW 8 port switch models Cisco 500S Expansion Module Support for Secure Appliance 500 Third party – Quescom GSM Gateway
Video Monitoring and VPN on SPA 525G New SIP Trunking Providers
Skype, WorldXchange (NZ)
Updated Smart Designs UCC Operator Console CCA v2.2
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 22
SBCS Application Example: Cisco SPA 525G IP Phone with VPN
Small Business
Home Office with
SSL VPN Router
Partner
Mobile Worker
Remote Site with Regular
Router
INTERNET
Remote Access Requirements Vary Greatly by User, Location, Desktop and Other Criteria
CCA – Solution Manager for provisioning all
scenarios
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 23
SBCS Application Example: Cisco MonitorView
Visitor sees Lobby Phone with sign to dial for attendant
Designated answers call from Lobby Phone and sees video stream from Lobby on 525G phone
Employee can then choose to answer call and speak with visitor or get up to let them in the office
“Welcome – Please dial Ext 201 for assistance”
Visitor Lobby Phone
Lobby Cam
Phone Rings, Caller ID from Lobby Phone
Video can be seen on desktop or accessed on phone by selecting softkey
Lobby
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 24
Cisco Unified CallConnector Attendant
Key Features Can be deployed in single or
multiple attendant positions Highly customizable
graphical user interface Powerful Attendant call
handling features Graphical call queues Presence and telephone
status-integrated directories Integrated messaging
services Pop-up notifications
of voice messages
Attendant Console for UC 500 Series
Specifically designed for call, messaging and contact management requirements of an attendant
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 25
Agenda New Hardware: • Cisco Small Business Branded Product Availability Update
• Cisco AP 541N Dual-Band 802.11n Wireless Access Point
• Cisco 8-port Cisco ESW 500 Series Switches
• Cisco SA500 Series Security Appliances
• Cisco SRP 500 Series Services Ready Platforms
New Software: Expanded security features for Cisco SA 500 Series Security Appliances
Cisco Smart Business Communications System Release 2.0 and CCA 2.2
Technology Deep-Dive - Build Your Core: Overview of Small Business Network Requirements
Introduce Core Network ‘Building Blocks’
Q&A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 26
Understanding the Small Business Decision Maker
How do I protect my
assets?
How can we be more productive?
How can I increase my profitability?
How can I be more adaptive to changing conditions?
AND do all that with limited staff
and budget?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 27
Build Your Core Business Requirements
Business Requirements Connected Office
Attributes
Business applications and services must be as reliable or more so on the new infrastructure than on the traditional infrastructure
√ Availability
Anywhere/Anytime access – support mobile workers and teleworkers √ Mobility
Provide guaranteed service levels to ensure voice, video and mission critical business applications operate without disruption.
√ Performance
Provide for the integrity and privacy of information through the business. Ensure only authorized access to resources
√ Security
Simplified device configuration and management. Decreased total cost of ownership.
√ Manageability
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 28
Cisco Small Business Connected Office A secure network foundation that connects various devices, such as
PCs, servers, and printers to keep everyone connected and productive
Wireless: Wireless technology lets your people connect to your network whether they're roaming around the office or sitting in a conference room
Combined voice and data: Future module
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 29
Cisco Small Business Customer Benefits • Increase profitability (reduce costs). Having one network for data, voice,
and wireless simplifies network installation and management, which reduces costs
• Protect your assets (provide secure, remote access). Give everyone secure access to the tools they need to communicate effectively and collaborate easily, even when they're on the go. For example,
• Support for remote workers • Support remote offices with virtual private networking (VPN) connectivity
• Adaptability. You can add new capabilities—such as wireless and voice—as needed, without expensive upgrades
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 30
Cisco Small Business Reseller Benefits
Installation is easier and requires less technical skill
Web-based GUIs simplify configuration of the network for data, wired and wireless
Allows you to construct a small business network in a way that it can provide the necessary service level guarantees to allow business applications to operate reliably
Provide a user experience that meets or exceeds that provided by the traditional, dedicated infrastructure model
Remote monitoring as a recurring service becomes a possibility
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 31
Build Your Core Network Foundation
Network Foundation is the core of the infrastructure, and provides the basic connectivity between network devices
Comprised of one or more switches and routers
Ranges in complexity from single router installed in a one or two person office, up to a complex, hierarchical network of switches and routers spanning multiple buildings
Business requirements that need to be addressed by the Network Foundation are those of Availability, Performance, Security and Management
Remote Access Network
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 32
Build Your Core Security Technology & Benefits
* Each leverages encryption
Technologies Benefit Authentication Identity Validation Authorization Access control and scope limitation Integrity Prevent unwanted modification/deletion Privacy Confidentiality Non-repudiation Trust, commitment to obligations
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 33
How to Prevent Security Issues?
To prevent security problems, it is necessary to: • Control access to the infrastructure
• Prevent unauthorized users and rogue devices from gaining connectivity to the network, either by plugging in directly to a switch port or through a wireless network
May also be necessary to block or limit non-business applications (such as peer-to-peer file distribution protocols used to share music and movies online)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 34
Security in the Cisco Small Business Infrastructure Security is not simply the addition of a firewall, but rather the use of secure
technologies and practices in every part of the network to ensure that: • Only appropriate users have access to specific systems and data • Data can not be compromised by malicious persons • Systems and data remain available whenever they are needed
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 35
Security Concepts Authentication, Authorization, Integrity, Privacy and Non-Repudiation
Security technology covers 5 specific topics:
1. Authentication: Identifying and validating that user is who they say they are
2. Authorization: Access control and validating that access is only granted to certain users that are limited to the areas that have been authorized
3. Integrity: Preventing unwanted modification or deletion of information
4. Privacy: Confidentiality and ensuring that classified information is kept from public
5. Non-repudiation: Trust and ensuring that individuals cannot deny making obligations committed to using electronic signatures
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 36
Perimeter Security Perimeter security involves protecting the points at which the network infrastructure
connects to the outside world
Firewalls protects the network by examining each packet and determining if it should be allowed to cross into or out of the internal network
As communications are established between machines inside and outside the network, they pass through the firewall, which:
• Looks at individual packets
• Makes allow/deny decisions based on ‘connection’ information within each packet header
• Checks for irregular parameters, such as ‘spoofed’ source IP addresses, that are typically used by hackers trying to break into the network
• Keeps track of the ‘state’ of each active connection in a table
There are instances where outside initiated connections are configured to be allowed, such as web traffic to an internal web server
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 37
Endpoint Security Small Business Threats Another way hackers typically attempt to attack your network is to corrupt
legitimate applications like emails and documents with a program that can open a ‘back door’ so they can gain access or infect your machine
These types of attacks are the basis for viruses, worms, and Trojan horses
Viruses generally spread by piggybacking on some other piece of information, such as a document
Worms are programs that replicate by using networking resources to copy themselves to other systems. Worms frequently exploit defects or ‘bugs’ in applications or operating systems to infect the target system
Trojan horses appear as useful applications, like a screen saver, but when executed introduce hidden features such as opening a backdoor to the system which may be exploited at a later date
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 38
Endpoint Security Addressing the Threats From a security point of view, exploits are all programs:
• They contain unique patterns of bits in their programming code (signatures)
• When transmitted on the network, they are contained in the payload of packets
Since firewalls operate on a packet-by-packet basis, they aren’t designed to detect these exploits
IDS/IPS systems look at network behaviour and do not generally inspect packet payloads
Another class of device that inspects packet payloads is needed to address this issue, the Virus Scanner (e.g. SPAM & Virus Blocker)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 39
What is Content Security?
Content Security represents a myriad of network security protections designed to protect information, users and devices stemming from common threats
Comprehensive Malware Protection Integrates antivirus and malware technology to stop virtually all threats Stops viruses, spyware, adware, jokeware, hacking tools, etc.
Advanced Content Filtering Secures employee productivity and reduces legal liability Stops phishing, spyware downloads, spyware “phone home” attempts, inappropriate browsing
Integrated Message Security Removes unsolicited email (spam) Stops email-born trojans, viruses, spware, etc.
VIRUSES
SPAM
SPYWARE
URL FILTERING
PHISHING
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 40
Build Your Core Availability Technology & Benefits
Technologies Benefit • Hardware requirements (individual devices):
• Uninterrupted Power Supply
• Redundant Power Supply Unit • Backup in case of a power blackout
• Second external power supply
• Redundant Links: • Spanning Tree Protocol 802.1d, 802.1s or 802.1w • Link Aggregation Groups 802.3ad
• Link management for path redundancy and breaking loops
• Multiple active links between individual switches
• Segmentation: • VLANs 802.1Q • Segregate traffic by type or user function, enable QoS
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 41
Availability in the Cisco Small Business Infrastructure
Cisco small business solution includes hardware components that address:
Business needs for uninterrupted and/or redundant power
Alternate paths and scaling in infrastructure to support multiple devices
Segmentation of users and applications into communities of interest
Centralized storage management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 42
Spanning Tree and Link Aggregation
In a network with more than 20 users, the infrastructure will likely contain more than one switch for connecting the individual devices to the network
Spanning Tree • Because of broadcast requirements within IP, such as with Address Resolution
Protocol (ARP), there must only be one active path between any two devices in a broadcast domain
• Spanning Tree Protocol (STP) addresses the loop issue by providing a link management protocol that provides path redundancy while preventing loops
Link Aggregation • Increases bandwidth between devices such as two network switches, or a
network switch and server
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 43
Network Segmentation with Virtual LANs 802.1q VLAN Segmentation
• The segmentation of a single physical network into multiple virtual networks (or Virtual LANs - VLANs) provides availability, performance and security
• Industry has converged on the use of the IEEE standard for VLAN identifiers known as 802.1Q
• IP Subnets • 802.1Q VLAN identifiers subdivide the network for security and scaling
• Allocate a different IP subnet for each VLAN -> requires the ability to assign multiple VLANs and IP addresses on LAN side of the router
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 44
Build Your Core Mobility Technology & Benefits
Technologies Benefit Virtual Private Networks
IPSec and SSL Certificates and Multi-factor authentication
• Secure connectivity from remote sites • Secure connectivity for mobile workers • Ensure privacy
• Verify identity
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 45
Mobility in the Cisco Small Business Infrastructure
Mechanisms to support worker mobility include the provision of:
Virtual Private Network (VPN) access via the Internet to both fixed locations and mobile users with associated technologies to address IP addressing concerns
Wireless network connectivity throughout the business
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 46
What is a Virtual Private Network (VPN)? VPNs are the solution to ensure that data confidentiality and integrity are
protected: VPNs provide protection from data interception of unprotected assets using
secure connectivity, encryption, and traffic authentication
Company LANs and remote users can connect to the network using the same Internet access methods: dialup, (DSL), cable, ISDN, and wireless.
IPSec/VPN (IP Security-based Virtual Private Network) provides a secure remote capability by creating an encrypted tunnel from the remote site to the corporate network over the Internet
SSL/VPN (Secure Sockets Layer Virtual Private Network) technology is alternate method for mobile workers to create a secure VPN connection to the corporate network
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 47
Tunneling Technology
Tunneling is a method of using the Internet to transfer data from one network to another while securing the data packet with a protective encryption shell
Tunnel
VPN
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 48
How do VPNs work? VPNs Secure communications by: Authentication……..Verifies users/devices
Encryption………….Ensures message Confidentiality
Hashing……………..Confirms message integrity
Hashing 42
&t2 o7Sa Hash removed from message
Hash = 42 Hashing Algorithm
Verification
On Message
receipt
Unncrypted Message
Key “Hello” “@p 1J” Encrypted Message
Encryption
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 49
Build Your Core Mobility Technology & Benefits
Technologies Benefit Wireless LANs – 802.11 varients Wireless Security – WPA/WPA2, 802.1x
Fast Roaming
• Allow for mobility within the office • Prevent unauthorized access and/or
eavesdropping • Support time sensitive applications such as
voice
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 50
Wireless Connectivity
Reason for existence of a wireless infrastructure is to provide Mobility services, and because a wireless infrastructure can provide connectivity to devices outside the physical premises, the wireless infrastructure is another major pathway for attack
Wireless Connectivity can range from the very simple - a single wireless access point supporting only ad-hoc data services - to the very complex - multiple access points providing seamless coverage, including public hotspot functionality
Also needs to address all of the business requirements, with special emphasis on Security and Mobility
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 51
Wireless Connectivity
Wireless network connectivity allows staff to retain immediate access to resources and information even when they are away from their desk
Laptops and other portable devices are prevalent into the business environment today, and wireless connectivity for those devices has come to be expected
Several wireless protocols available for use, but protocols used in the office environment are typically members of the IEEE 802.11 series of protocols
802.11a, 802.11b, 802.11g and 802.11n
WEP, WPA/WPA2, WMM
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 52
Implementing Wireless Connectivity
Implementing a wireless network in a business environment can range from single wireless access point in small office to larger, more complex environments (e.g. factory)
Many considerations need to be taken into account, including: • Use of available radio spectrum
• Ensuring sufficient coverage
• Allowing devices to roam from one access point to another sufficiently quickly to prevent disruption to voice traffic
• Security– strong encryption and authentication mechanisms are very important
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 53
Build Your Core Performance Technology & Benefits
Technologies Benefit Classification: • Recognizing packets and determining QoS required
- Access Control Lists for packet classification
• Applications with real-time requirements are sensitive to latency and jitter
• Voice
• Video Tele-Conferencing • Require highest priority service
Marking: • Setting the QoS parameters in the packet • DiffServ Code Point (DSCP) – layer 3
• 802.1p – layer 2
• Applications without real-time requirements (buffering in the media player) that are also sensitive to jitter
• Video distribution
• Video surveillance • Require next highest priority of service
Queuing: • Implementing QoS required (packets into priority queue) Shaping:
• Policing (rate control of input) • Shaping (rate control of output)
• Protecting the network from rogue users consuming more than their fair share of resources
• Ensure non-priority application/users are in low priority service class
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 54
Performance in the Cisco Small Business Infrastructure
It is necessary that the network infrastructure be able to provide sufficient service level guarantees to ensure the applications and services perform at a reliable level
Voice and video communications require prioritization in an IP network
Assigning normal user traffic to the “Best Effort” priority queue limits the effect that rogue users (those that would violate policy by marking their traffic for priority service) can have on users and applications
With an infrastructure that supports rate control, we can also limit the amount of bandwidth that any user can utilize to inject traffic into the network
Collectively, this process is referred to as providing Quality of Service (QoS) in the network
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 55
What is Quality of Service?
Quality of Service ensures that the requirements for network latency, jitter and throughput are met for a particular class of traffic
QoS is implemented using a set of QoS tools - specifically, tools for traffic classification, marking, queuing and shaping
The packages on the conveyer belt below represent how QoS prioritizes IP packets moving through a network (next slide)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 56
QoS in a “Business Class” Infrastructure
An Intelligent Delivery System
Marking Classification Queuing Rate Shaping
• Classification – Recognizing packets and determining the QoS required
• Access Control Lists for packet classification • Marking
– Setting the QoS parameters in the packet (for down stream use)
– DiffServ Code Point (DSCP) – layer 3 – 802.1p – layer 2
• Queuing – Implementing the QoS required – Putting packets into a priority queue
• Shaping – Policing (rate control of input)
– Shaping (rate control of output)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 57
Build Your Core Management Technology & Benefits
* Each leverages encryption
Technologies Benefit Web-based UI Secure access
Simple configuration interface Ensure only administrators modify configurations
Cisco Small Business • Auto-discovery • Auto-configuration/Smart Defaults
“Best Practices” Infrastructure - Implement advanced features without
advanced complexity Cisco Small Business Pro Solutions • Auto-discovery • Auto-configuration/Smart Defaults • Cisco Configuration Assistant • Cisco Smart Designs • Managed Services APIs
Automatic “Best Practices” Infrastructure - Automatic recognition of devices when they
attach to the network - Automatic configuration of recognized devices
for performance, security, reliability, and scalability capabilities
- Simplified installs save time and cost
Security Availability Mobility Performance Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 58
Common Web GUI
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 59
Cisco Configuration Assistant (CCA)
Single, more efficient configuration experience for Cisco Small Business Pro Solutions (Smart Business Communication System, Security & Mobility Solutions)
Eliminates the need for expert knowledge of Cisco IOS CLI for configs of typical small business deployments
Supports Voice, WAN, LAN, Security, WLAN, Teleworker configs
Auto discovery, Topology, Status Dashboard, Front Panel Views, Troubleshooting, Software Updates, config backups, online help, & set up wizards
Available in English, French, Italian,
German, Spanish
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 60
Cisco Smart Designs
Cisco Smart Designs provide network solution
implementation best practices in an easy-to-follow format to
help partners achieve increased profitability by incorporating the design guidance in these
solutions.
These simplified and pre-tested networking solutions are
created for partner success - while minimizing operational complexities and deployment
risks.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 61
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 62