cisco mobility for the dod

of 64 /64
Federal Mobility TSA November 2016 Cisco Digital Network Architecture – Mobility Cisco Mobility for the DoD Jay Pitcher

Author: cisco

Post on 06-Jan-2017

82 views

Category:

Technology


1 download

Embed Size (px)

TRANSCRIPT

  • Federal Mobility TSANovember 2016

    Cisco Digital Network Architecture MobilityCisco Mobility for the DoD

    Jay Pitcher

  • Agenda

    1. DNA - Mobility

    2. DNA Wave 2

    3. Cisco + Apple Partnership

    4. Wireless Portfolio

    5. Certs

  • Digital Network Architecture - Mobility

  • Digital Transformation

    Information Era: 2000-2015 Digital Business Era: 2015+

    Human Scale

    Physical Appliances

    Manual Management

    Centralized Enterprise and Web Apps

    IoT Scale (People, Devices, Things)

    Virtualized Services

    Automation, Zero Touch, DevOps

    Distributed SaaS, Mobile, & M2M Apps

    Connectivitywith High Reliability

    Platform for

    Innovation, Agility, Security

    NETWORK

    Requires Network Evolution

  • Automation & OrchestrationOn demand Application/Service Delivery & Uncompromised, Secure Experiences Over Any Connection

    Accelerating Digital TransformationThe Network is the Foundation of the Digital Business

    Ensure Content ComplianceThreat Defense

    Policy & Identity ControlNetwork Access Control,

    Visibility & Threat Containment

    Personalized MobileExperiencesGain Insights &

    Engage Customers

    Digital ReadyOptimized Investments &

    Seamless Experiences

    Virtualization On demand infrastructure and virtualized functions

    Secure the New EdgeEnhanced Direct Internet Attach Security

    Detect Threats FasterSecurity Everywhere

    Network Transformation for the WANUncompromised & Secure Experiences Over Any Connection

  • Traditional network management cannot provide sufficient dynamic management

    Focus has been on Day0/1 automation

    CLI not built for volumes of changes in machine real time

    Controller based networking supports dynamic policy change

    Controller allows network to be managed as a system

    Policy management is automated and abstracted

    Digital Business DriversRequirement for Dynamic Policy Changes

  • How do we simplify, yet build reliable and versatile networks?

    Lowers OPEX: Simplicity without compromise

    Defend from a critical vantage point

    Increase IT value and meet any use case regardless of

    organization size

    Automation & Assurance Security & ComplianceInsights & Experiences

    Wireless is the primary mode of access for users and things

  • Cisco Digital Network Architecture

    Automation

    Abstraction and Policy Control from Core to Edge

    Open and Programmable | Standards-based

    Open APIs | Developers Environment

    DNA Service ManagementPolicy | Orchestration

    VirtualizationPhysical and Virtual Infrastructure | App Hosting

    Analytics

    Network Data, Contextual Insights

    Insights and Experiences

    Network-enabled Applications

    Cloud-enabled | Software-delivered

    Automation and Assurance

    Security and Compliance

    Principles

  • Cisco Digital Network Architecture for Wired-Wireless

    Automation

    PnP for Centralized & Flex EasyQOS ISE: .1x, BYOD, Guest

    Open APIs: Modular Aps with Restful APIs

    Cloud Service Management CMX 10.x with Context and Guest

    Platforms & Virtualization

    Assurance

    Netflow Export Apple Network Optimization

    & FastLane

    Principles

    DNA Center: Public and Private Cloud

    Modular APs with Restful APIs DNA Optimized Controllers: 3504, 5520, 8540 Various VM Models: ESXi, KVM, HyperV, AWS

    Software Defined Access and TrustSec SXP & SGT

  • DNA - 802.11ac Wave 2

  • Flexible Radio AssignmentSoftware defined radio automatically

    adjusts to dual 5GHz to better serve high client environment

    Optimized RoamingIntelligently Connects the Proper Access Point as People Move

    Turbo PerformanceScales to Support More Devices Running High Bandwidth Apps.

    Zero Impact AVCHardware Based Application Visibility and

    Control without Impact to Performance.

    Cisco CleanAir Remediates device Impacting Interference from other WiFi and non-WiFi devices

    Cisco ClientLink Improves Performance of Legacy and 802.11ac Devices.

    Future Proof Expandability Add Functionality Via Module, Smart Antenna Port or USB Port

    Multi-Gigabit UplinksFree Up Wireless With Faster

    Wired Network Offload Gb+

    Flex Dynamic Frequency SelectionAutomatically Adjusts So Not to Interfere With Other Radio Systems

    Wireless excellence and innovations delivered only byCisco Aironet 2800, 3800 Series Access Points

    Apple Fast LaneAutomatically assures highest priority, fastest

    performance for trusted apps on trusted Apple devices

    LAS VEGAS TOKYO

  • Optimized RoamingRX-SOP

    Pervasive Wi-Fi

    HDX TurboPerformance

    Event Driven RRM

    XOR RadioFRA

    Cisco CleanAir

    RF Profiles

    RRM, DCA, TPC, CHDM

    Load BalancingBand Select

    Client Link 4.0

    Off-Channel Scanning

    Flex DFSDBS

    5GHzServing

    2.4GHzServing5/2.4GHzMonitor

    RF Optimized Connectivity

  • XOR Radio and FRA2.4GHzServing

    2.4-5GHzMonitoring

    5GHz.Serving

    5GHz.Serving

    2.4GHzServing

    5GHz.Serving

    5GHzServing5Hz

    Serving

    2.4GHzServing

    FRA-auto (default value) or Manual

    Auto 2.4 -> 5GHz or Monitor Mode

    Transition to 2.4 GHz if coverage drops

  • Micro Macro Cell Transitions

    -51 dBm

    -65 dBm

    -51 dBm-51 dBm 55 dBm?

    Probe Response

    Client Steering

    802.11v BSS Transition Default Enable 802.11k Default Enable Probe Suppression Default Disable

    Client Types

    11v capable 802.11v BSS Transition Non-11v capable 802.11k neighbor list +

    disassociation No 11k or 11v support Probe Suppression Micro 5GHz on XOR

    Macro -- Dedicated 5 GHz

  • Optimize Wi-Fi with CleanAirQuickly Identify and Mitigate Wi-Fi Impacting Interference

    Channel 48

    48

    4848

    48

    48

    48

    48

    48

    48

    48

    48

    Interference on 20/40/80/160 MHz Air Quality and Interference by

    AP/radio on WLC AQ Threshold trap and Interference

    Device trap (per radio) CleanAir-enabled RRM

    Network Air Quality and Interference Location with PI 3.1.x and CMX

  • Interference Devices and Air Quality ReportCleanAir Enabled RRM

    Mitigated RF interference for improved reliability and performance

    Wi-Fi andnon-Wi-Fi

    aware

    Dynamic mitigationED-RRM

    Granular spectrum

    visibility and control

    Air Quality Performance

    Improved Client Performance

    Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference

  • Maximize Channels When Radar Is PresentFlexible Dynamic Frequency Selection

    5170MHz

    5330MHz

    36 40 44 48 52 56 60 64

    20MHz.

    40MHz.

    80MHz.

    160MHz.

    5490MHz

    5710MHz

    100

    104

    108

    112

    116

    120

    124

    128

    132

    136

    140Channel Used

    by Air Traffic Radar

    See it on 160MHZ Band

    Dynamic Frequency Selection

    FlexibleDynamic Frequency Selection

  • FlexDFS with Dynamic Bandwidth Selection

    Identifies radar frequency to

    1 MHz

    FlexDFSisolates radar

    event to 20MHz

    DBS allows best channel

    and width

    Interference is impactingonly channel 60

    FlexDFS + DBSAutomatic and intelligent use of spectrum

    52 56 60 64

    DBS combined with FlexDFS: Increased confidence in using wider channel bandwidth; reduced radio flapping

    Primary20

    Secondary 20

    Secondary40

    52 56 60 64

    Optimizes HD Experience

  • Better Client Connectivity RXSOP, Load Balancing, Band Select

  • Fine-tuning HDX with RF Profiles

    Wi-Fi Triggered ED-

    RRM

    OptimizedRoamingRXSOP

    Dynamic Bandwidth Selection

    TPC, DCACHDM

    FlexDFS

    CORE:

    CleanAir

    ClientLink 4.0

    Turbo Performance

    Pre-canned RF Profiles Client Distribution Data Rates DCA, TPC, CHDM Profile Threshold for

    Traps High Density Features

  • Security and Threat Mitigation

    Secure Access

    P2PBlocking

    Client Exclusion

    802.1x WPA2/AES

    AES256 Encryption

    AAA Override VLAN, ACL, QoS

    Local Policy w/QoS and AVC

    MFP, 802.11w

    TrustSec SXP Inline Tagging

    wIDS, ELM

    MAC Auth Rogue Detection

    BYOD NAC RADIUS

    8.4

    8.3 MR1

  • 5GHz. / 2.4GHz. .5GHz. / Security

    Cisco Wireless Security Deployment with AP3800/2800 Maintains Capacity and Avoids Interference

    Good Better Best

    Features ELM Monitor Mode AP ELM with FRAMonitor Mode

    Deployment Density Per AP 1 in 5 APs 1 radio per 5 APs

    Client Serving with Security Monitoring

    Y N Y

    wIPS Security Monitoring 50 ms off-channel scan on selected channels on 2.4 and 5 GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    CleanAir Spectrum Intelligence 7 x 24 on client serving channel 7 x 24 All Channels on 2.4GHz and5GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    Serving channel Serving channelOff-Ch Off-Ch

    Serving channel Serving channelOff-Ch Off-Ch

    Enhanced Local ModeAccess Point

    GOOD

    2.4 GHz

    5 GHz

    t

    t

    Monitor ModeAccess Point

    BETTER

    2.4 GHz

    5 GHz

    t

    t

    Ch11Ch2

    Ch38

    Ch1

    Ch36

    Ch11Ch2Ch1

    Ch11Ch2Ch1

    Ch161Ch157 Ch38Ch36

    t

    2.4 GHz

    5 GHz

    tCh11Ch2Ch1

    Ch38Ch36 Ch161Ch157

    ELM with FRA Wireless Security Monitoring

    BEST

    Serving channel Serving channelOff-Ch Off-Ch5 GHz t

  • ServeClienton2.4GHz

    50ms off-channel

    ServeClientson5

    GHz

    50ms off-channel

    Rogue Detection and Mitigation

    Rogue Classification and Containment

    Rogue Rules Manual Classification

    Friendly/Malicious Manual and Auto

    Containment

    CleanAir with Rogue AP Types

    WiFi Invalid Channel WiFi Inverted

    Rogue Location Real-time with PI, MSE,

    CleanAir Location of Rogue APs

    and Clients , Ad-hoc Rogue, Non-wifiinterferers

    DataServingAP

    Scan

    1.2sperchannel

    MonitorModeAP

    FRAwithMM

    ServeClientondedicated5

    GHz

    Scan1.2sperchannel

  • Service ReadyFeature Highlights

    VideostreamMulticast VLAN

    Per-Client/Per-SSID BW Contract

    Local Profiling

    Bonjour Apple Services

    Service Ready

    AVCNetflow

    AAA Override ofAVC Profile

    Voice Optimization, CAC, WMM Policy

    Adaptive 11r ,11k, 11vFastLane

    QoS ProfilesOKC, CCKM

    Fast Roaming

    8.3 MR1

  • Zero Impact Application Visibility and Control

    Maintain Performance with Zero Impact AVC

    Gain Visibility into the Network

    Monitor Critical Applications

    Control Application Performance

    APP APP APP APP

    APP APP APP APP

    APP APP APP APP

    APP APP APP APP

    SettingupAVCprofilesandrules Drop/MarkforseveralvideoappslikeYouTubeandNetflixoniPhone,iPad Drop/MarkforotherappssuchasJabberandWebex Profileswithblockandpassrulescombined RateLimitingofVideo/Voiceapps AAAoverride forAVCprofile AVCProfilewithLocalPolicyClassification

  • Enterprise Infrastructure Feature Highlights

    Fast SSID

    Flex, Local, Sniffer, Monitor, ME

    Certifications

    Enterprise Infrastructure

    Pre-Image Download

    AP Multicast

    WiFi Tagging

    OEAPWebauth

    Guest Access

    Plug n Play

    8.3 MR1 8.3 MR1

    8.3

  • Cisco + Apple Partnership

  • What are we trying to solve?

    Scalability

    Complex configuration of advanced features

    Mobility

    Sub optimal roaming for mobile devices and battery efficiency

    Better integration between mobile devices and the network

    Reliability

    User experience is affected

  • Cisco-Apple partnership provides these benefitsOptimized Wi-Fi Connectivity Prioritized Mission applications

    Intelligent, and efficient roaming is automatically configured

    iOS and Cisco devices recognize each other and enable special capabilities

    Mission data gets priority and speed even if network is congested

    Reduces complexity - IT can focus on the mission the network does the heavy lifting

  • What happens Today?

    In 802.11, delay in roaming causes poor experience, especially for rich-media real-time applications. Interoperability increases complexity and prevents adoption.

    Standards to the rescue? 802.11r Fast Roaming 802.11k Neighbor List 802.11v BSS Transition

    But Operational Complexity Multiple SSIDs some clients cant

    associate with SSIDs enabled with 11r

  • Optimized Wi-Fi Connectivity

    Intelligent, and efficient roaming is automatically configured

    Makes critical apps more reliable

    iOS and Cisco devices recognize each other and enable special capabilities

  • 802.11k, 802.11v, 802.11r help efficient roaming

    802.11r enables fast roaming without complete reauth802.11k sends you list of neighbors802.11v BSS Transition sends you the new best AP Cisco-AP-2 to connect to

    Association

    Fast Transition (802.11r)Cisco-AP-1 Cisco-AP-2

  • Association

    Cisco-Apple Optimized Roaming reduces management overhead by up to 50%

    Legacy client cannotjoin the same SSID where 11r is enabled

    I recognize that you are an Apple device11r is enabled for you

    802.11k, 802.11v are on by default

    Legacy client that does not support 11r/k/v canjoin the same SSID

    Cisco-APNon-Cisco-AP

  • Roaming Performance : 10x Better end-user Browsing and App Experience

    QoS, 802.11r/k/vNo QoS, No 802.11r/k/v

    Time (s)*

    *Time Interval between last packet on previous AP, and first packet on next AP

  • Benefits of Optimized Wi-Fi Connectivity

    Automatic configuration reducing complexity for IT

    Up to 50% reduced management overhead due to fewer SSIDs

    86% reduction in network message load from the device during roaming

    Investment protection -Leverage existing network design

    Lower battery usage

    66x reduction in probability of poor audio quality experience. 10x more successful end user browsing experience

  • What happens Today?

    Inability to prioritize mission-critical real-time traffic all the way from clients to the destination

    Today IT Administrators can classify traffic ONLY at the access point. this implies:

    Inability to prioritize between the client and the AP.

    Burden on IT administrator to manage the applications across the enterprise

  • Prioritizing Business Apps

    Prioritize mission critical apps and real time data

    Turning on is easy

    IT has control over which Apps get priority

  • Fast lane Configuration Profiles

    A QoS configuration profile will ONLY be acted upon on an iOS 10 client

    Uses standard Apple iOS Profiling techniques (MDM, email, Web-based) Profile lists whitelisted applications in a dictionary file

    Whitelisted applications are allowed to mark QoS (DSCP/UP) upstream

    Non-Whitelisted applications receive only BE/BK marking upstream

    Used in Combination with Cisco and Apple mutual detection

  • Fast Lane only applies to Cisco-Apple Deployments

    QoS Profile is not considered

    Applications can only mark UP, not DSCP*

    QoS Profile or no QoS Profile

    If a Profile was received, All apps in White list Can mark QoS upstream

    QoS Profile

    Cisco-APNon-Cisco-AP

    Supports Fast lane

    * DSCP can be marked with IP_TOS/IPv6_TCLASS when SO_NET_SERVICE_TYPE is best effort

  • Fast Lane enables network administrator to prioritize applications per your environment

    Supports Fast lane

    Admin can provision Apple IOS device with a QoS profile*Applications in whitelist get QoS marking**Other applications get BE/BK

    Supports Fast lane

    My profile for this environment:Minecraft = Real-time-interactiveViber = BE

    My profile for this environment:Minecraft = BEViber = Voice

    Cisco-AP

    Supports Fast laneSupports Fast lane

    Cisco-AP*Without a profile, all applications are whitelisted by default in a Fast Lane cell

    **Fast Lane does NOT override apps QoS, it either allow the app QoS or apply BE

  • App prioritization elements

    QoS Profile

    Voice QoS Trust

    AutoQoS

    Better EDCA

    Helps determine which applications should receive QoS upstream

    Trust upstream voice traffic, with ACM and without TSPEC

    Benefits IT Administrator

    Configure optimal WLC QoS in one click

    Ease of Use

    IEEE 802.11-2016 EDCA

  • No Fast Lane

    Fast Lane delivers a reliable voice experience even in a congested environment

    In a congested environment, one voice packet is sent every 20 ms

    We measure the actual interval between voice packets in the upstream direction

    Capture time (seconds)

    Packet average interval is 40 ms (not so good)

    Many glitches, of up to 0.6 second (poor audio experience)

    Interval (seconds)

    Fast Lane

    Interval (seconds)Packet average interval is 20 ms (good)

    Very few glitches, of up to 0.1 second(fair audio experience)

  • Benefits of App prioritization

    Business data gets priority and speed even if network is congested

    Reduces complexity - IT can focus on the mission the network does the heavy lifting

    Reliable mobility for mission use

  • Putting It All Together

  • Benefits of Apple-Cisco partnership

    Simple, automated configuration of

    Optimized Roaming & Fast lane

    Faster client roams, lower battery usage and reduced network load

    Enabled with a unique to Apple and Cisco mutual identification

    Prioritizes mission-critical apps over

    the air and network

  • What can we enable

    All Wireless Office Manage growing network demandsMobile access to

    real-time data

    Prioritize mission critical apps

    Improved voice and video communication

  • Recommended platforms

    Networking infrastructure Caching iOS devices Wireless controller: Running

    AireOS 8.3, 8.3MR or connected to Meraki cloud

    802.11ac Aironet and Meraki MR Access points

    Catalyst and Meraki MS Multigigabit-capable switches

    Meraki Systems Manager EMM Software licenses, maintenance

    & support

    ISR 4000 Series WAAS Wide Area Application

    Services Akamai Connect license Software licenses, maintenance

    & support

    Optimized Efficient Roaming

    iPhone 6s and later iPhone 6s Plus and later iPad Air 2 and later iPad mini 4 and later iPad Pro and later iPhoneSE

    Fast Lane

    iPhone 5 and later iPad mini 2 and later iPad Air and later iPad Pro iPod touch (6th generation)

  • AP and WLC Portfolio

  • Cisco Aironet 802.11ac Wave 2 Portfolio Enterprise Mission Critical Best in Class

    1810

    18301850 (i/e)

    2800 (i/e)3800 (i/e)

    Dual Band 802.11ac Wave 2 Compact Design 3x Gbps switch port 1x Gbps uplink port Wall Plate AP Teleworker OEAP 802.3af PoE out

    802.11ac Wave 2: Most Cost-effective, 870 Mbps.

    3x3:2SS 80MHz. Spectrum Analysis* Tx Beam Forming 1 GE Port USB 2.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac Wave 2: Cost-effective, 1.7 Gbps

    4x4:4SS 80Mhz. Spectrum Analysis* Tx Beam Forming 2 GE Ports USB 2.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac W2: High-Performance 5Gbps

    Flexible Radio Assignment

    4x4:3SS 160 MHz 2 GE Ports USB 2.0 Hyperlocation

    (External Antenna) CleanAir 160MHz. ClientLink 4.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac W2: High-Performance 5Gbps.

    Flexible Radio Assignment

    4x4:3SS 160MHz. MU-MIMO 2 GE or 1 GE + 1

    mGig (5G) Hyperlocation

    (External Antenna) CleanAir 160 MHz ClientLink 4.0 StadiumVision Modularity Centralized,

    FlexConnect and Mobility Express

  • Cisco Aironet Portfolio Outdoor APEnterprise Class Best in Class Cable Operators

    1560 802.11ac W2 4 models (I/E/D/PS) 3x3:3, 80MHz, 1.3G (I) 2x2:2, 80MHz, 867M (D/E/PS) MU-MIMO SFP Internal Directional Ant. (D) 4.9 GHz (PS: Public Safety) Flexible Antenna Ports CleanAir 80 MHz ClientLink 4.0 Centralized, FlexConnect,

    Mesh & Mobility Express

    1572EAC 802.11ac W1 4x4:3 80 MHz; 1.3 G External antenna SFP GPS PoE-Out (803.2at) Flexible Antenna Ports CleanAir 80 MHz ClientLink 3.0 Modularity Centralized, FlexConnect &

    Mesh

    1572IC/EC

    802.11ac W1 4x4:3 80 MHz; 1.3 G Internal or External antenna DOCSIS 3.0, 24x8 SFP GPS PoE-Out (803.2at) (EC) Flexible Antenna Ports CleanAir 80 MHz ClientLink 3.0 Modularity Centralized, FlexConnect &

    Mesh

    1530 802.11n 2 models, low profile 2G: 3x3:3; 5G: 2x3:2 Internal or External antenna Flexible Antenna Ports Centralized, FlexConnect, &

    Mesh

    * Future availabilityShipping ShippingFCSAugust 2016

  • Industrial Wireless IW3700 Series Access PointOptimized for Rail, Mining, Manufacturing, Oil & Gas

    N-type antenna ports for 4x4 MIMO with three spatial streams and support for up to 13 dBigain antennas

    10/100/1000Base-T, PoE and PoE+ in (M12)

    10/100/1000Base-T, PoE out (M12)

    10 to 60 VDC in (M12)Management console port (RJ-45 serial)

    Integrated mounting ears

    Diecast aluminum chassis with

    integrated heatsinkand heaters

  • Meet Any Wi-Fi Use CaseExpandability and Investment Protection

    Future Wi-Fi Standard

    IOTIntegration

    Custom ComputePlatform

    Adv. Security and Spectrum

    Analysis3G & LTESmall Cell

    Bluetooth Beacon

    Hyperlocation Antenna

    Stadium Panel

    Antenna

    Self-Discover / Self-Configure

    3G/LTEBackhaul

    Directional Antennas

    BluetoothIntelligence

  • LoRA5G

    NB-LTE 3.5GHz CBRS

    ThreadLTE-U

    BLE WiFi calling

    Wi-Fi

    BT

    LTE

    People + Things

    Mobility and IT-OT Convergence

  • Right To Use Licensing, Ease of Enablement and Portability

    Utilizes the NEW WLAN Express WEBGUI with best practices enabled

    Allows administrator to easily migrate config from previous WLC

    Simplified Migration and Manageability

    Ability to host multiple services such as Application Visibility and Control, Bonjour

    Services Directory, TrustSec, Guest, High Availability with SSO

    Support for centralized, distributed and Mesh deployments

    Services Ready

    5520 scales up to 1500 AP & 20,000 clients

    8540 scales up to 6000 AP & 64,000 clients

    Built for addressing Scale of BYOD

    5520 supports 20 Gig of throughput

    8540 supports 40 Gig of throughput

    Throughput to address needs of Wave-2 11ac

    5520

    8540

    Introducing the Cisco 5520 and 8540Feature-Rich, Multi-mode and Ready for Wave 2 802.11ac

  • CMX & ISE

  • Create Connected Experiences with Cisco CMX

    Presence and location Visibility (Wi-Fi, BLE)

    Easy Wi-Fi login, custom or social Zone-based, custom splash pages

    Electronic Customer engagement Context-aware in-venue experiences

    Analytics

    Detect Connect Engage

  • Ciscos location roadmap and use case vision

    PresenceGreater customer

    insights

    Enhanced location

    Hyperlocation

    Bluetooth Low Energy

    Accuracy 20m

    Type In-zone Detection

    Use Cases

    Venue-level,Visitors, Dwell Time

    Accuracy 10m

    Type X,Y coordinates, Optimized refresh

    Use Cases

    Zone-levelCorrelation

    Accuracy 1-3m

    Type Real time refresh, app required

    Use Cases

    Way Finding / Indoor navigation / Proximity Marketing

    Accuracy 1-3m

    Type Refresh every 10 seconds, no app

    Use Cases

    Sub-zone-levelWork space optimization

  • Prime Infrastructure

    Cisco WLAN

    Controller

    Systems Manager (MDM/EMM)

    MDM Manager

    Wired Network Devices

    Cisco Catalyst Switches

    Office Wired Access

    Office Wireless Access

    IdentityServices Engine

    Remote Access

    ASA Firewall

    CSM / ASDM

    Identity Services Engine Policy Enforcement

  • Cisco Identity Services Engine (ISE)

    Network ResourcesAccess Policy

    Traditional Cisco TrustSec

    BYOD Access

    Threat Containment

    Guest Access

    Role-BasedAccess

    Identity Profilingand Posture

    A centralized security solution that automates context-aware access to network resources and shares contextual data

    NetworkDoor

    Physical or VM

    ISE pxGridController

    Who

    CompliantP

    What

    When

    Where

    How

    Context

    Threat (New!)

    Vulnerability (New!)

  • Federal Certifications

  • Current Cisco Wireless Government CertificationsCertify every MD/long lived release

    Whats Certified:

    All Cisco 11ac and 11n Access Points

    All appliance and integrated

    controllers

    MSE 8.0, and PI 2.2

    APL Listing for WLAS, WAB,WIDS

    Whats unique to Cisco:

    Cisco ONLY Wireless vendor with DCE

    and Common Criteria Certification

    Predictable wireless certification MD

    SW release gets certified

    Common release both Enterprise and

    Government customers Feature

    consistency and deployment flexibility

    Certification 7.0 8.0 IOS 3.6

    FIPS

    CC

    UCAPL

    CSfC

    USGv6

    Comprehensive end-end solution certified !

  • Roadmap - Cisco Wireless Government Certifications8.3 (MR1) and IOS 16.3 Q3CY16

    Whats Certified:

    11ac Wave 2 Access Points

    5520, 8540, 5508, 2504, WiSM2

    3650 and 3850 switches/WLC

    CMX 10.3

    APL Listing for WLAS, WAB,WIDS

    Cisco SSL 6.x Integration w/AireOS

    Whats the timeline:

    FCS Nov 16

    JITC Eval Began Oct 16

    Estimate Completion Q2CY16

    Certification 8.3 IOS 16.3

    FIPS

    CC

    UCAPL

    CSfC

    USGv6

    NGE and Wave 2 Certified Release!

  • Cisco Enterprise Networking

    Network of Tomorrow Digital Network Architecture Automation Security

    Insights

    DNA Mobility: Delivering services needed for the network of tomorrow

    802.11ac Excellence Services & Security ensure granular control & enforcement

    Partnering to ensure Operational Excellence

    Complete Enterprise Solution built for the Government Customers Certifications