cisco unified access cisco mobility vision, strategy, and ...€¦ · application view &...
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Unified Access
Cisco Mobility Vision, Strategy, and Portfolio
Aadil Hassim
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Internal Resources
Cisco Firewall
Corporate Network Internet
Cisco Wireless LAN Controller
Catalyst Switch
Cisco Access Point
One Management
Prime
One Policy ISE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
1
2
3
4
5
6
Cisco’s Mobility Vision
Mobility Differentiators
Mobility Roadmap
Controller and Access Point Portfolio
Mobility Services Portfolio
Sales Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Seamless Mobility
HOME
OFFICE
Work from Home
CAMPUS
Indoor and Outdoor
BRANCH
Sales Office or Large Branch
PUBLIC
VENUE
Indoor and Outdoor Hotspot
CELLULAR
3G/4G
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Mobility/RF Innovation Predictability and Reliability
Policy and Network
Management
Who? What? When? Where? How?
ISE
Control
Prime
Infrastructure
Visibility
CleanAir
Best-in-class performance to a/g/n clients
Optimized multicast to unicast
ClientLink
VideoStream
Chip level proactive and automatic
interference mitigation
Purpose-Built Wi-Fi Chipset with 4x4
MIMO, with robust platform - No Open Vents
Award Wining Design
AVC Classification and policies on 1000+ Apps
MSE and Thinksmart
Analytics that aid business decisions
Meaningful Interaction with your customers
Sub second failover to hot standby controller Stateful fail-over
Committed to Standards
First to introduce 802.11r, 802.11u, 802.11w
and 802.11ac to Enterprises
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Cisco ClientLink—Improves Predictability and Performance
AFTER
Wireless Client Performance
BEFORE Wireless interference decreases
reliability and performance
AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
WITH Beam Directed Towards Client Resulting in a
Consistent Experience and Better Performance
WITHOUT Manual RF Management
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps
450 Mbps
300 Mbps
150 Mbps
65 Mbps
6 Mbps Beacon Rate
Connection Rate
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Automatic Band Steering and Selection for 5GHz Capable Devices
BEFORE All clients crowd the 2.4GHz
spectrum lowering performance
AFTER 5GHz capable clients are automatically
moved to cleaner 5GHz spectrum
Cisco BandSelect—Improves Predictability and Performance
Wireless Client
Performance
2.4GHz Capable Speed
5GHz Capable Speed
5GHz Capable Speed
2.4GHz Capable Speed
5GHz Capable Speed
5GHz Capable Speed
2.4GHz 2.4GHz 2.4GHz 2.4GHz 5 GHz 5 GHz
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
BEFORE Manual RF Management
AFTER Dynamic RF Management
Global Enterprise
CEO
Meeting
M&A
Negotiation
Sports
Event
CEO
Meeting
M&A
Negotiation
Sports
Event
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Optimized end-to-end video starting at the Access Point
Multicast to Unicast Conversion at the AP
Tested for 30X Less Bandwidth Consumed
and Double the Performance of Competitors
Resource Reservation Prevents Oversubscription
Selectable Stream Prioritization
High Priority Event
Meeting Room Event
Live Sporting Event
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Apple Bonjour and other consumer protocol service (mDNS) gateway
BEFORE
Isolated Apple Bonjour Network AFTER
Bonjour Discovery, Advertisement & Policy
Cisco Bonjour Services Directory Apple Bonjour discovery, advertisement and policy
Isolated
Services
No Network
Policy
L2
Only
Service
Cache and
advertise
VLAN and
WLAN Policy
Enforcement
Services
Across L3
boundary
Routed Network
Apple TV Apple TV
HP Printer
WLAN
X
mDNS & Bonjour Services NOT Routed
Routed Network
Apple TV Apple TV
HP Printer
WLAN
WLAN Controller
mDNS Profiles Policy & Control
New in 7.4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Identify standard ports, L7 Deep Packet Inspection and Heuristics
BEFORE Application View & Control based on Firewall
sessions
AFTER Network Based Application Recognition - NBAR2
Deep Packet Inspection and App ID
NBAR2 LIBRARY Deep Packet inspection
Traffic
POLICY
Packet Mark
and Drop
Wireless LAN Controller
First
Generation
Firewall
Visibility to the port level interaction but not the
applications running within the port Netflix = 50%
YouTube = 15%
WebEx = 10%
Citrix = 9%
exchange= 8%
New in 7.4
Netflow v9
export
HTTP = 75%
SMTP = 15%
FTP = 2%
Telnet = 1%
SNMP = 3%
• Classify 1000+ applications with sub-classification within applications: e.g. Lync – desktop
share, video/voice, file transfer
• Apply Granular policies - Per SSID, Device, Campus, Building, Floor
• Real-time troubleshooting on the Wireless LAN Controller
• Wired-wireless consistent export to standard netflow collectors
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Visibility into traffic at the access
NETFLOW (STATIC TEMPLATE)
provides Flow Export
NETFLOW COLLECTOR
(THIRD PARTY or PAM)
Detect network anomalies
Understand Application Traffic
Patterns
Analyze usage trends over time
and location
New in 7.4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Mobility/WLAN Market Credentials Mobility/WLAN Industry Credentials
• $1.9 billion; fastest growing BU in Cisco
• 350,000+ enterprise customers
• Well over 10M Access Points shipped
• Broadest mobility portfolio in the industry
• 95% Fortune 1000 companies
selected Cisco WLAN
• Gartner listed market leader 7+ years
• 15+ years Mobility development experience
• Most IEEE active members in the industry
• Largest Mobility R&D team in the industry
• Most Mobility patents in the industry
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
WLC 8500 Target customer - SP
802.11r L2 Fast Roaming
ISE - Flex integration Flex / Local Mode
parity with ISE
Outdoor AP Integrated Antenna
AP 2600 802.11n G2
AP1600 802.11n G2
HA - AP SSO HA Licensing
Scale Flex7500 6K APs
Virtual Controller
AP3600 Security Module
FlexConnect Split Tunneling
802.11r – Flex Modes
Bi-directional rate-limiting
Voice/Video: 11n CAC
Local and FlexConnect support
on 1552 APs
Outdoor AP Honeywell integration
Outdoor AP Uni Band Antenna
FIPS, CC, UCAPL
Profiling and Policy on WLC
IPv6 infrastructure
Mid-Market 1 Box Solution
AP3600 11ac module
AP-based firewall
HA – Client SSO
Application visibility and control (AVC)
Bonjour Gateway
Voice Enterprise Certification**
Scale WLC 2500
Guest Anchor on WLC2500
LAG on Flex7500, WLC 8500, WLC 2500
**Voice Enterprise Certification targeted on a special release – FCS beyond 7.4
HA Licensing, N:1 HA SSO over any L2
connection
Proxy Mobile IP (PMIPv6)– AP-Based
PMIPv6 on WLC
Executed Committed
Cisco Confidential—NDA Only
7.2MR1 7.3 7.4 8.0
May 2012 September 2012 December 2012 Q2 CY13
S/W Release
Unifie
d A
ccess
WLA
N Infr
astr
uctu
re
Flex enhancement (11w, PEAP+TLS, override…)
802.11w Mgmt Frame Protection
HA on 2500
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Automated Switchport tracing
WiFi Direct detection & Classification
High Availability Improved location accuracy for CleanAir
Mobile Concierge (CMX)
New Signatures
Better Attack Mitigation for aWIPS (Location)
Better Rogue Classification,
Containment, Detection
Location Analytics I
Location Support for FLEX
MSE 3355 Scaling
Global Forensics
aWIPS Prevention
Location Analytics II
ELM Signature Parity
AP 3600 Security Module
aWIPS Rogue Contain Enhancements
FIPS, CC, UCaPL
Virtual Appliance
Rogue Detection Enhancements
Scalability Improvements
Channel Scanning Optimization
Rogue Contain Enhancements II
Executed Committed
Cisco Confidential—NDA Only
7.2MR1 7.3 7.4 8.0
May 2012 September 2012 December 2012 Q2 CY13
S/W Release
M
S
E
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
5500, WiSM2, 7500, 8500 Series
L2 Redundant Link
Active WLC Hot-Standby WLC
Since 7.3, and
evolving
• 1:1 wireless stateful failover capability in appliance and integrated controllers
• SSID is always beaconing (even after primary controller is down)
• Subsecond WLAN network convergence
Backup Controller (Requires L2 Adj.)
5508
WiSM2
Flex7500
8500
2500
$20,000
$25,000
$40,000
$60,000
(Future) $2,000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
vWLC on UCS-E 2500
Virtual Controller
Flex 7500
8500 5760 5508 WISM2
Catalyst 3850
Catalyst 3850
Virtual Controller
• 1 to 50 APs per switch/stack
(Directly connected APs) • 2000 clients per stack • 40 Gbps per switch
• 12 to 500 APs • 7000 clients • 8 Gbps
• 100 to 1000 APs
• 15,000 clients • 20 Gbps
• 25 to 1000 APs • 12,000 clients • 60 Gbps
• 300 to 6000 APs • 64,000 clients • 10 Gbps
Large Campus Service Provider
Small Campus / Branch (Controller On-Premise) Branch (Controller in DC)
• 5 to 200 APs • 3000 clients • 500 Mbps
• 5 to 75 APs • 1000 clients • 1 Gbps
• 5 to 200 APs • 3000 clients • 500 Mbps
• 1 to 50 APs per switch/stack
(Directly connected) • 2000 clients per stack • 40 Gbps per switch
• 5 to 200 APs • 3000 clients • 500 Mbps
• 300 to 6000 APs • 64,000 clients • 1 Gbps
WLAN Controller Portfolio
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Autonomous FlexConnect Centralized Converged Access
Traffic Distributed at AP
Traffic Centralized at Controller
Traffic Distributed at Switch Standalone APs
Where it
fits
Small Wireless
Network Branch Campus Branch and Campus
Purchase
Decision
Wireless only Wireless only Wireless only Wired and Wireless
Benefits
• Simple and cost-
effective
for small networks
• Highly scalable for
large number of
remote branches
• Simple wireless
operations with DC
hosted controller
• Simplified operations
with centralized
control for Wireless
• Wireless Traffic
visibility at the
controller
• Wired and Wireless
common operations
• One Enforcement Point
• One OS (IOS)
• Traffic visibility at every
network layer
• Performance optimized for
11ac
Key Consi-
derations
• Limited RRM,
no Rogue detection
• L2 roaming only
• WAN BW & latency
requirements
• System throughput • Catalyst 3850 in the access
layer
WAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Product Scope Target Market
• 5 to 200 AP support, 3,000 clients
• One AP adder license
• FlexConnect mode only
• Support on VMware ESX/ESXi at
FCS (similar to NCS and MSE)
• Support on Cisco UCS C-Series and
B-Series and equivalent servers
• Mid-market with spare compute platform
• Alternative to Flex 7500 for customers with fewer branches
• Partner/MSP-hosted Wi-Fi service
• NOT for large campus
Pricing
• Base SKU (with five AP licenses) = $750
• One AP Adder license = $150
Cisco Mobility in a BOX
vWLC vPI vMSE
ESX ESXi Hypervisor
UCS/x86 Servers
New since 7.3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
• Basic Connectivity
• Deployment Flexibility
• Teleworker
• Enterprise-class
Performance
• Voice/Video/Multimedia
• Any Device / BYOD
Optimized
• Client Scalability
• RF Interference Mitigation
• High Client Density
• HD Video/VDI
• Investment Protection
• 11ac Migration
• Comprehensive
Security
Home Sm/Med Sm/Med/Large Med/Large Enterprise
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Cisco Aironet 3600
Series Access Points
4x4 Antenna Design, Three Spatial Streams Fastest, Most Consistent Device Uplink
Speeds, Sustained Further from the AP
ClientLink 2.0 Beamforming Fastest Downlink Performance to ALL Mobile
Devices 802.11a/g and Now 802.11n Across
One, Two, and Three Spatial Streams
CleanAir Spectrum Intelligence Always-On Interference Protection,
Plus New Full-Spectrum Security Module
Future-Proof 802.11ac Module Option Support Upcoming Wave of 11ac Clients
38% Better Than Aruba
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
• Field upgradable 802.11ac module
5 GHz radio module, 802.11ac Wave 1
1.3 Gbps PHY/~900 Mbps MAC (throughput)
Three spatial streams, 80 MHz, 256 QAM
• AP3600 maintains dual-band support 2.4 and 5 GHz
Supporting b/g/n on 2.4 GHz base radio, a/n on 5 GHz base radio, and AC on 5 GHz module radio
CleanAir and ClientLink 2.0 maintained
• Power requirement with the 802.11ac module installed
Power draw with 802.11ac module ~20W, and will require either enhanced PoE, PoE+, or Power Injector
Availability
- NOW!!!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
• Most efficient Wi-Fi standard to date
• Optimized for power savings
• Optimized for high density
• Multi-user mode – “Switch-like”
•
•
•
Practical Considerations for 802.11ac
• 802.11ac will mostly be deployed in 5.0GHz only.
• Most implementations will be 3 Streams for the first few years.
• Nominal throughput will consistently be in the range of ~300 to 400Mbps
• Client device adoption will be rapid to take advantage of extended battery life
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
• Detection & Mitigation of security penetration attacks
• Detection & Mitigation of denial of service attacks
• Capability supported in Monitor Mode & data serving AP (Enhanced Local Mode -ELM)
• Real time location tracking • Tracking probing & associated
clients, RF tags & wired endpoints • Geo fencing / Zone based alerts • Location Analytics
• System wide Interferer details • Event correlation • Visualization of interferer zone of
impact • Interferer notification • Track & Trace interferers & Layer 1
threats
Advanced Spectrum Capability
Mobile Concierge (CMX) Wireless Intrusion Prevention
Physical & Virtual Appliance
MSE tracks up to
50,000 endpoints & supports 10,000 Monitor Mode
or ELM AP
Indoor Location / Context-Aware
• Detecting Presence • Delivering location based services
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
WIDS Architecture Options
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Monitor Mode AP Data Serving AP Monitor Mode AP
ELM Single Data and WIPS AP
Security Module AP 3600 with Security Module
Security Module
3600 Security Module provides 24x7 dual band WIPS monitoring
Does not require a dedicated AP
Dwells longer on all 2.4 and 5 GHz channels & provides better forensic capability
Recommend Security Module with WIPS Monitor Mode license on all APs
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE
Customer: Presence in the venue. IT: understand network utilization, peak usage, number and types of devices on the network.
LOCATION ANALYTICS
The customer’s personal mobile device and its characteristics are detected before they enter the venue.
The customer is seamlessly and securely connected to the Wi-Fi network based on their personal preferences and profile, including device type and roaming credentials.
The customer receives highly relevant content and services based on their preferences, profile, and real-time location within the business venue.
Business: insights into customer online and onsite behavior, most traffic paths, dwell times, location density etc.
Connected Mobile Experience
DETECT CONNECT ENGAGE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Cisco Wireless
Access Point
Cisco Wireless
LAN Controller
Cisco Mobility
Services Engine
App Server
Example – Enhancing customer experience
- MSE detects presence, passes MAC to app server
- App server will push notification based on analytics,
heuristics & policy
- Mobile receives notification, user accepts notification
- App launched
CRM
Server
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 31
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 32
UA (BYOD) Hosted Demo Available for Cisco Field and Partners
“Many of my teams believe that the BYOD
hosted demo is the largest opportunity
we have in the near term to accelerate
Cisco business.” Senior SE Manager US Public Sector
“Cisco, big thank you, this is one of the
best sales tools you’ve delivered in last
couple of years, the demo enabled me
to close a large BYOD deal which
was very competitive.” Gold Partner SE US
www.cisco.com/go/byoddemo Email: [email protected]
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Preliminary Info, i.e., Customer
Name and Sites
Generate Collateral
ISE, Prime, and MSE Services
Controllers Quantity, Type and Location
AP Count, Type, and Options OR
Import AP Quantity
Launch Advisor from Netformx DesignXpert
Create Accurate and Complete Network Designs and BoMs, with Best Practices, That Are Lean and Competitive
• Integrated with design best practices
• Vertical specific collateral
• Upgrade recommendations
for EoS products
• Latest Cisco products included
(Mobility, Prime, ISE, etc.)
• Automatic updates
www.cisco.com/go/partnerdesign
1 2 3 4 5 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
1 2 3
Preparing Wireless
for BYOD
How Cisco
Wireless delivers
Unified Access
Services
Industry’s most
comprehensive
Wireless Portfolio
CleanAir
ClientLink
VideoStream
BandSelect
Client Troubleshooting
Resiliency
Application Visibility
Control
SmartOperations
AP3600, AP2600, AP1600
WLC8500, Virtual Controller
802.11ac module
Mobile Concierge
Thank you.