systems engineering -...

Borderless Networks

Tom Schepers, Director – Systems Engineering

© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public

Agenda

Introducing Enterprise Network Architecture

Unified Access

Cloud Intelligent Network & Unified Services

Enterprise Networks in Action

2


Cisco Enterprise Networking Vision

Simple

Secure

Reduced

TCO

3


Cisco Enterprise Network Solution

Cisco ONE Architecture

Simple

Secure

Reduced

TCO Connecting People

Connecting Clouds

Connecting Things

4


Cisco ONE Network Architecture

CISCO ONE

CONTROLLER

NETWORK-AWARE

APPLICATION LAYER

DEVICE

LAYER

Cisco

ISE

Cisco

Prime

Cloud

Services

Security

Services

Mobility

Services

3rd Party Apps

Network Services API (REST)

Application

Services

Discovery Topology PfR

control QoS Location

Device API– One PK, OpenFlow, CLI

Cisco IOS (Enterprise, Data Center, Service Provider)

ASICs

5


Cisco ONE Network Architecture

CISCO ONE

CONTROLLER

DEVICE

LAYER

Cisco

ISE

Cisco

Prime

Cloud

Services

Security

Services

Mobility

Services

3rd Party Apps

Network Services API (REST)

Application

Services

Discovery Topology PfR

control QoS Location



ASICs



ASICs Unified Access Data

Plane ASIC Catalyst 3850 ISR-AX

DEVICE

LAYER

6

SERVICES

LAYER


ONE Network with Unified Access & Unified Services

7

Corporate

Network WAN

Branch Cisco Wireless

LAN Controller

Catalyst

Switch

Cisco

Access Point

AP

Wireless Control

System

Access

Control

Server

LAN Mgmt

Solution Identity

Mgmt

NAC

Profiler

Guest

Server

WAAS

Edge

Router

Application

Visibility & Control

Firewall

& VPN

WAN Path Control



8

Corporate

Network WAN

Branch Cisco Wireless

LAN Controller

Catalyst

Switch

Cisco

Access Point

AP WAAS

Edge

Router

Application

Visibility & Control

Firewall

& VPN

WAN Path Control

One Policy

ISE One Management

Prime



9

Corporate

Network WAN

Branch Cisco

Access Point

AP

Unified

Access

Unified

Services

Unified

Access

One Policy

ISE One Management

Prime

Unified Access


Office Wired Access Office Wired Access

Cisco End-to-End BYOD Solution ONE POLICY, ONE MANAGEMENT, ONE NETWORK

11

Cisco WLAN Controller

Office Wireless Access Remote Access

Cisco ASA Firewall

Cisco CSM and ASDM

Cloud Web Security

Wired Network Devices

Cisco Catalyst® Switches


Office Wired Access Office Wired Access

Cisco End-to-End BYOD Solution ONE POLICY, ONE MANAGEMENT, ONE NETWORK

12

Cisco Prime™ NCS

Cisco WLAN Controller

Third-Party

MDM Appliance

MDM Manager

Office Wireless Access

Cisco® ISE

Remote Access

Cisco ASA Firewall

Cisco CSM and ASDM

Cloud Web Security

Wired Network Devices

Cisco Catalyst® Switches


Policy: Who, What, Where, When, and How?

Identity Profiling

VLAN 10

VLAN 20

Wireless LAN Controller

DHCP

RADIUS

SNMP

NetFlow

HTTP

DNS

Cisco® ISE

Unified Access Management

IEEE 802.1x EAP User Authentication

1

HQ

2:38 p.m.

Profiling to Identify Device

2

6

Full or Partial Access Granted

Personal Asset

Company Asset

3

Posture of the Device

Policy Decision

4

5

Enforce Policy in the Network

Corporate

Resources

Internet Only

13


Catalyst 3750

5508 or WISM2 with SW Upgrade or new 5760

New Catalyst 3850

LARGE CAMPUS

EXTERNAL MOBILITY CONTROLLER NEEDED

UP TO 72,000 ACCESS POINTS UP TO 864,000 CLIENTS LARGEST LAYER 3 ROAMING DOMAINS

Access Points

ISE Prime

Access Points

New Catalyst 3850

New Catalyst 3850

Converged Access Deployment Mode Three Use Cases

DMZ

Catalyst

3850

14 Employee Guest

INTEGRATED CONTROLLER OPTIONS

BRANCH SMALL/MEDIUM CAMPUS

UP TO 50 ACCESS POINTS UP TO 2,000 CLIENTS ALL WAN SERVICES AVAILABLE

UP TO 250 ACCESS POINTS UP TO 16,000 CLIENTS VISIBILITY, CONTROL, RESILIENCY

WAN

AP CAPWAP Tunnels

Mobility

Controller

Mobility

Controller

Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller

INTEGRATED

CONTROLLER

INTEGRATED

CONTROLLER

Mobility Agent

INTEGRATED

CONTROLLER

ISE Prime ISE Prime


Just Launched…

Secure

Consistent User Experience

Simplified

Cisco Catalyst 3850 Access Switch

• Converged Wired-Wireless Network

• Consistent Network-wide

intelligence and operations

• Integration with Cisco Open

Networking Environment

Cisco 5760 Wireless Controller

• Large scale wireless deployments

Identity Services Engine 1.2

3rd Party MDM integration

Prime Infrastructure 2.0

360° Experience, Automated Workflows

15

Cloud Intelligent Network & Unified Services


Cloud Connected WAN

Internet

Internet/ WAN

Cloud Challenged WAN Traditional WAN

Public Hybrid

Private

Evolving WAN The Journey To The Cloud

• Traditional Applications • Predictable WAN Performance • Tightly controlled and secure

• Cloud and rich-media apps • Unpredictable performance /

congestion • Loss of control over security,

operations

• Application and user aware guaranteed service levels

• VM mobility between Cloud DCs • LAN Extension, Segmentation at scale with

programmatic provisioning

© 2013 Cisco and/or its affiliates. All rights reserved. BSAARC-1011 Cisco Public 18

Cisco ISR G2

ASR 1000

AVC, WAAS

UCS-E

Private Cloud

ASR 1000, AVC, ASA,

WAAS, AppNav

Cloud Intelligent Networks Solutions

Cloud

Intelligent

Network

Cisco Prime Infrastructure

Security

App Visibility & Control (AVC)

Cloud Connectors

Medianet


Cisco ISR G2

ASR 1000

AVC, WAAS

UCS-E

Virtual Private

Cloud

CSR 1000v vWAAS

vASA, VSG, N1kv, vPath


Cloud

Intelligent

Network


Security


Cloud Connectors

Medianet


Cloud Connectors

ScanSafe

HCS

Webex CCA

3rd party

Public Cloud

HCS

Services


Cloud

Intelligent

Network


Security


Cloud Connectors

Medianet


Cloud Connectors

ScanSafe

HCS

Webex CCA

3rd party

Cisco ISR G2

ASR 1000

AVC, WAAS

UCS-E

Public Cloud

HCS

Services

Virtual Private

Cloud

CSR 1000v vWAAS

vASA, VSG, N1kv, vPath

Private Cloud

ASR 1000, AVC, ASA,

WAAS, AppNav

AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud

Connectors


Cloud

Intelligent

Network


Security


Cloud Connectors

Medianet


NAC Agent Web Agent AnyConnect or

OS-Embedded Supplicant

802.1X Supplicant No-Cost Persistent and Temporal Clients

for Posture, and Remediation

Cisco 2900/3560/3700/4500/6500, Wireless Infrastructure Cisco ASA, ISR, ASR 1000

Identity Services Engine (ISE) Identity Access Policy System

Cisco TrustSec Solution Architecture

Identity-Based Access Is a Feature of the Network, Spanning Wired, Wireless, and VPN

Policy

Administration

Policy Decision

Policy

Enforcement TrustSec Powered

Policy

Information TrustSec Powered

22


Control application

network usage to

improve application

performance

Control

Advanced reporting

tool aggregates

and reports

application

performance

App Visibility &

User Experience Report

Management

Tool

Collect application

performance

metrics, and export

to management tool

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

NFv9/IPFIX

3

App BW Transaction

Time

…

SAP 3M 150 ms …

Sharepoint 10M 500 ms …

Identify applications

using L3 to L7

information

Application

Recognition

What is Application Visibility and Control (AVC) What is Needed

High

Med

Low

23

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ



• QoS (w/ NBAR2)

• PfR

Control

High

Med

Low

• Cisco Prime

Infrastructure

• 3rd Party Tools

App Visibility &

User Experience Report

Management

Tool • Unified Monitoring

- Traffic Statistics

- Response Time

- Voice/Video

Monitoring

- URL Collection

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

3

App BW Transaction

Time

…

SAP 3M 150 ms …

Sharepoint 10M 500 ms …

• NBAR2

• Metadata

Application

Recognition

What is Application Visibility and Control (AVC) Enabled Technologies

NFv9/IPFIX

24




What are Cloud Connectors? Bringing Network Intelligence to the Cloud

Cloud Connector – a network service that improves the performance, security or availability of cloud applications. Cisco Cloud Connectors provide Optimal Experience, Pervasive Security, and Simplified Operations when utilizing Private, Public or Hybrid

Clouds over the WAN or Internet.

Branch Private/Public/Hybrid

Cloud Intelligent Platforms

ISR ASR CSR

Visibility Optimization Collaboration App Hosting Security

Cloud

Connector

25


Private WAN

Data Centers

Internet

• The Requirement

Control web access and block malware

Don’t require agents on user/BYOD devices

• How

ScanSafe Connector for ISR G2

Directs traffic to ScanSafe Cloud

• Benefits

Define one web security policy centrally

Enforce locally, no client software

Web Security with ScanSafe Connector

26


Cisco ISR-AX

Operational Simplification and Manageability

Application Visibility and Control

• NBAR2

• QoS

• Media Monitoring

• WAN Path Selection (PfR)

WAN Optimization

• Application Acceleration

• TPC Compression

• Data Redundancy Elimination

Hardware for ISR-AX

• SRE or Max DRAM

• Option for UCS-E Series Server

Security

• VPN Encryption

• IOS Firewall

• Intrusion Prevention

• Cloud Web Security

27


What makes the ISR-AX different?

Introducing the ISR AppX License

Security U.C.

IP

Base

AppX

Extends and replaces the Data license with application router services. All previous Data license features included.

All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management.

Right-To-Use license for WAAS. License enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost.

App & Security

included with the

ISR-AX Bundle

28

Enterprise Networks in Action


Connected Mobile Experience

GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE

Mobile device and characteristics detected before they enter the venue

Seamless and secure Wi-Fi connectivity

Preferences, profile, device and roaming credentials identified

Highly-relevant content and services based on user attributes and real- time location

DETECT CONNECT ENGAGE

LOCATION ANALYTICS Insights into customer online and onsite behavior, traffic paths, dwell times, location density etc.


Maximize your Cisco Live experience with your

free Cisco Live 365 account. Download session

PDFs, view sessions on-demand and participate in

live activities throughout the year. Click the Enter

Cisco Live 365 button in your Cisco Live portal to

log in.

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Cisco Daily Challenge points for each session evaluation you complete.

Complete your session evaluation online now through either the mobile app or internet kiosk stations.

31

systems engineering -...

Documents