Architecting your Network for a "Bring Your Own Device" Environment with Cisco Brian O’Donoghue Senior Systems Engineer Cisco Systems bodonogh@cisco.,com +353 91 384656
Confidential 3 Not So Long Ago… Today… • Work was considered a ‘place’ • Business communications driven from the desktop • Mobility was a convenience for a select few • Voice over IP considered an ‘add-on’ investment • Work can be anywhere • Mobile collaboration enabled from any device, anywhere • Mobility is a requirement for the majority • Rich media over WLAN is a strategic imperative
Confidential 4 Is Your Network Ready? Source: *Apple Inc, Quarterly Financial Report, **The US PC Consumer Market in 2015 – Forrester Research TIME By 2012 nearly 75% of workers are expected to use a mobile phone as their primary phone By 2015, mobile tablets will constitute 50% of laptop sales** Carriers struggle to accommodate increased traffic and bandwidth requirements New model emerging to offload 3G/4G traffic by supporting Voice over Wi-Fi Traditional Enterprise wireless networks are not designed for voice and video at scale
Confidential 5 2010 - 2015 • Mobile device traffic will increase by 26X between 2010 and 2015 • driven by more powerful smartphones and tablets • Leads to build-out of WiFi networks in Enterprises, 3G/4G by Service Providers and Public WiFi by retailers, municipalities etc. Source: Cisco Visual Networking Index 2011
Confidential 6 Cisco Connected World Report, Oct. 2010 66% Accept lower-paying job (10%) for work flexibility 45% Work extra 2–3 hours a days if allowed to do so remotely 39% Expect video to become primary mode of communications 57% IT staff— security the biggest challenge 45% IT staff struggle to make workforces more mobile Complete Report Findings: http://newsroom.cisco.com/dlls/2010/ekits/ccwr_final.pdf 80% 80% of IT time spent on day-to-day operations (Gartner)
rights reserved. Limit Embrace Advanced Basic Environment requires tight controls IT Chosen Devices Only Mainly on-site access Mfg Environment Trading Floor Classified Gov Networks Traditional Enterprise Basic access for additional devices Broader Device Set but Internet Only Edu Environments Public Institutions Simple Guest Any device, anywhere, enhanced security Wide range of devices + Access Methods Device Side security Healthcare Early BYOD Enterprise Adopters Contractor Enablement Any device, anywhere, anyone Multiple Device Types, Corp Issued, MDM Custom Native Apps Innovative Enterprises Retail on Demand Mobile Sales Services (Video, Collaboration, etc.)
Confidential 8 Do I have the WLAN capacity and reliability to support increase in mobile devices? How do I enforce security policies on non compliant devices? How do I grant different levels of access to protect my network? How do I ensure data loss prevention on devices where I don’t have visibility? How should I address the employee (tech-savvy) who trade-up to new devices? New Policy? How do I protect my Intellectual Property/personal information? How do I monitor and troubleshoot user and client connectivity issues on my access (wired/wireless) network? Some Questions to Consider
Confidential 12 Follow These Steps: Start Migration to 802.11n to Enhance Network Performance Properly Configure for High Density Wireless Deployments Improve Reliability and Coverage with Cisco ClientLink Detect and Mitigate RF Interference with Cisco CleanAir Improve Video Applications with VideoStream Implement Cisco Radio Resource Management Step 2 Step 6 Step 3 Step 4 Step 5 Step 1
Confidential 13 3 Spatial Streams, CleanAir, ClientLink 2.0 • 3 spatial streams combined with beamforming improve reliability and performance allowing faster throughput and more data rates choices • New Macbook Pro and other devices are coming to market with three spatial streams support Three spatial streams permit MCS16-23 for up to 450 Mbps throughput
Confidential 14 • These RF design best practices help fine tune the network in advance to accommodate high density areas Assess the application’s Bandwidth Requirements Per user Define the supported wireless protocols—calculate required channels • Properly configuring the WLAN to provide reliable network access to Wi-Fi enabled devices users in increasingly concentrated areas 36 48 60 100 132 149 116 64 52 44 104 36 Advantage Challenge Efficient RF Design Improves Coverage for Mobile Devices in Concentrated Areas
Confidential 16 User Location Time Device Attribute X IT Is Struggling With: • Classifying managed vs.. unmanaged endpoints • ID devices that cannot authenticate • User 1 host association And there are Barriers: • Certificates • Endpoint certainty • No automated way to discover new endpoints PC and Non-PC Devices
Confidential 17 Limited Resources “Employees can access everything from either corporate or personal devices. But non-employees are blocked.” “Employees are required to use corporate devices. Personal devices are not allowed and there is no guest access.” “Employees can access everything from corporate devices. Employees on personal devices and partners have restricted access.” Campus Network Internet Policy Services Internal Resources Really Important!
Confidential 18 Purpose-Built, Complete, and Reliable Profiling • Cisco ISE uses SNMP, NetFlow, DNS, RADIUS, HTTP, and DHCP to increase accuracy, reduce spoofability • Works across wired and wireless • Completely integrated with RADIUS/AAA • Includes additional services (posture, guest/portal, etc.) Scalable Policy Enforcement • Switch, WLAN controller, and VPN as an enforcement point • Flexible control (VLAN, dACL/ACL, QoS, SGA, etc.) based on any contextual attributes (user, device, group, location, time, etc.) Unified Management • ISE detailed reports and troubleshooting tools (user, device, session, etc.) can be accessed from within NCS 1.0 providing a single pane of glass into user, device, and network across wired and wireless infrastructure User Location Time Device Attribute X
Confidential 19 VLAN 10 VLAN 20 Solution Example Personal Employee Corp ISE Wireless LAN Controller Corporate Resources Restricted Internet Only USER LOCATION TIME ATTRIBUTE X Policy DHCP RADIUS SNMP Profiling NETFLOW CORP LAPTOP 1. 802.1x EAP User Authentication 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 10” on same SSID 5. Full access granted 6. Full device visibility PERSONAL TABLET 1. 802.1x EAP User Authentication 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 20” on same SSID 5. Restricted access granted 6. Full device visibility HTTP DNS DEVICE Centralized Policy Engine Unified Access Management Single SSID
Confidential 21 Number of Customers Major Issues Contributing to Wireless Network Problems 400 350 300 250 200 150 100 50 0 Client Devices (Drivers, Connections, Authentication, or Other Issues) RF Interference from Wi-Fi and/ or Non- Wi-Fi Sources Unexpected Demand for Increase Coverage of Capacity Faulty Wireless Network Design Implementation Old or Outdated Wireless Technology Insufficient IT Administrator Expertise Other A recent survey shows that respondents view client devices as the TOP contributor to wireless network performance problems Contributors to Wireless Network Problems
Confidential 22 Converged Access Management for Wired and Wireless Networks • Flexible platform: Accommodates new and experienced IT administrators • Simple, intuitive user interface: Eliminates complexity • User-defined customization: Display the most relevant information High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data Wireless | Wired | Security Policy | Network Services
Presentation_ID 24 Diverse Endpoint Support for Greater Flexibility Rich, Granular Security Integrated into the network Always-on Intelligent Connection for Seamless Experience and Performance Choice Security Experience Acceptable Use Access Control Data Loss Prevention Threat Prevention Intranet Corporate File Sharing Access Granted Cisco AnyConnect Secure Mobility Web Security with Next Generation Remote Access
Confidential 27 Provide mission critical 802.11n wireless networks protected from wireless interference using Cisco CleanAir technology Eliminate dead coverage zones with more bars in more places using Cisco ClientLink technology Provide scalable delivery of high bandwidth video applications with Cisco VideoStream technology Enable users to securely connect to the corporate network through their mobile devices with Cisco AnyConnect Drive improved productivity through the extension of Cisco Collaboration applications on tablets and mobile devices
Confidential 28 Mobility is here to stay and it raises new network coverage and security challenges Cisco helps you adress these challenges with a consistent, comprehensive approach for all users, devices and across wired, wireless and remote access networks Meet User Demand for Mobility
.png){kind=icon}
pharma_x_tech
mpkato
yamaguchitk333
kanzaki
iotcomjpadmin
shadowhat
minorun365
colopl
iselegant
nwiizo
lycorptech_jp
sergeychernyshev
caitiem20
ddemaree
aki_iinuma
marcduiker
bcantrill
lynnandtonic
jmmastey
chrislema
moore
chrisshort
vanstee
