cisco unified access cisco mobility vision, strategy, and ...€¦ · application view &...

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Unified Access

Cisco Mobility Vision, Strategy, and Portfolio

Aadil Hassim

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Internal Resources

Cisco Firewall

Corporate Network Internet

Cisco Wireless LAN Controller

Catalyst Switch

Cisco Access Point

One Management

Prime

One Policy ISE


1

2

3

4

5

6

Cisco’s Mobility Vision

Mobility Differentiators

Mobility Roadmap

Controller and Access Point Portfolio

Mobility Services Portfolio

Sales Tools


Seamless Mobility

HOME

OFFICE

Work from Home

CAMPUS

Indoor and Outdoor

BRANCH

Sales Office or Large Branch

PUBLIC

VENUE

Indoor and Outdoor Hotspot

CELLULAR

3G/4G


Mobility/RF Innovation Predictability and Reliability

Policy and Network

Management

Who? What? When? Where? How?

ISE

Control

Prime

Infrastructure

Visibility

CleanAir

Best-in-class performance to a/g/n clients

Optimized multicast to unicast

ClientLink

VideoStream

Chip level proactive and automatic

interference mitigation

Purpose-Built Wi-Fi Chipset with 4x4

MIMO, with robust platform - No Open Vents

Award Wining Design

AVC Classification and policies on 1000+ Apps

MSE and Thinksmart

Analytics that aid business decisions

Meaningful Interaction with your customers

Sub second failover to hot standby controller Stateful fail-over

Committed to Standards

First to introduce 802.11r, 802.11u, 802.11w

and 802.11ac to Enterprises


Cisco ClientLink—Improves Predictability and Performance

AFTER

Wireless Client Performance

BEFORE Wireless interference decreases

reliability and performance

AIR QUALITY PERFORMANCE AIR QUALITY PERFORMANCE


WITH Beam Directed Towards Client Resulting in a

Consistent Experience and Better Performance

WITHOUT Manual RF Management

450 Mbps

300 Mbps

150 Mbps

65 Mbps

6 Mbps

450 Mbps

300 Mbps

150 Mbps

65 Mbps

6 Mbps Beacon Rate

Connection Rate


Automatic Band Steering and Selection for 5GHz Capable Devices

BEFORE All clients crowd the 2.4GHz

spectrum lowering performance

AFTER 5GHz capable clients are automatically

moved to cleaner 5GHz spectrum

Cisco BandSelect—Improves Predictability and Performance

Wireless Client

Performance

2.4GHz Capable Speed

5GHz Capable Speed

5GHz Capable Speed

2.4GHz Capable Speed

5GHz Capable Speed

5GHz Capable Speed

2.4GHz 2.4GHz 2.4GHz 2.4GHz 5 GHz 5 GHz


BEFORE Manual RF Management

AFTER Dynamic RF Management

Global Enterprise

CEO

Meeting

M&A

Negotiation

Sports

Event

CEO

Meeting

M&A

Negotiation

Sports

Event


Optimized end-to-end video starting at the Access Point

Multicast to Unicast Conversion at the AP

Tested for 30X Less Bandwidth Consumed

and Double the Performance of Competitors

Resource Reservation Prevents Oversubscription

Selectable Stream Prioritization

High Priority Event

Meeting Room Event

Live Sporting Event


Apple Bonjour and other consumer protocol service (mDNS) gateway

BEFORE

Isolated Apple Bonjour Network AFTER

Bonjour Discovery, Advertisement & Policy

Cisco Bonjour Services Directory Apple Bonjour discovery, advertisement and policy

Isolated

Services

No Network

Policy

L2

Only

Service

Cache and

advertise

VLAN and

WLAN Policy

Enforcement

Services

Across L3

boundary

Routed Network

Apple TV Apple TV

HP Printer

WLAN

X

mDNS & Bonjour Services NOT Routed

Routed Network

Apple TV Apple TV

HP Printer

WLAN

WLAN Controller

mDNS Profiles Policy & Control

New in 7.4


Identify standard ports, L7 Deep Packet Inspection and Heuristics

BEFORE Application View & Control based on Firewall

sessions

AFTER Network Based Application Recognition - NBAR2

Deep Packet Inspection and App ID

NBAR2 LIBRARY Deep Packet inspection

Traffic

POLICY

Packet Mark

and Drop

Wireless LAN Controller

First

Generation

Firewall

Visibility to the port level interaction but not the

applications running within the port Netflix = 50%

YouTube = 15%

WebEx = 10%

Citrix = 9%

exchange= 8%

New in 7.4

Netflow v9

export

HTTP = 75%

SMTP = 15%

FTP = 2%

Telnet = 1%

SNMP = 3%

• Classify 1000+ applications with sub-classification within applications: e.g. Lync – desktop

share, video/voice, file transfer

• Apply Granular policies - Per SSID, Device, Campus, Building, Floor

• Real-time troubleshooting on the Wireless LAN Controller

• Wired-wireless consistent export to standard netflow collectors

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ


Visibility into traffic at the access

NETFLOW (STATIC TEMPLATE)

provides Flow Export

NETFLOW COLLECTOR

(THIRD PARTY or PAM)

Detect network anomalies

Understand Application Traffic

Patterns

Analyze usage trends over time

and location

New in 7.4


Mobility/WLAN Market Credentials Mobility/WLAN Industry Credentials

• $1.9 billion; fastest growing BU in Cisco

• 350,000+ enterprise customers

• Well over 10M Access Points shipped

• Broadest mobility portfolio in the industry

• 95% Fortune 1000 companies

selected Cisco WLAN

• Gartner listed market leader 7+ years

• 15+ years Mobility development experience

• Most IEEE active members in the industry

• Largest Mobility R&D team in the industry

• Most Mobility patents in the industry


WLC 8500 Target customer - SP

802.11r L2 Fast Roaming

ISE - Flex integration Flex / Local Mode

parity with ISE

Outdoor AP Integrated Antenna

AP 2600 802.11n G2

AP1600 802.11n G2

HA - AP SSO HA Licensing

Scale Flex7500 6K APs

Virtual Controller

AP3600 Security Module

FlexConnect Split Tunneling

802.11r – Flex Modes

Bi-directional rate-limiting

Voice/Video: 11n CAC

Local and FlexConnect support

on 1552 APs

Outdoor AP Honeywell integration

Outdoor AP Uni Band Antenna

FIPS, CC, UCAPL

Profiling and Policy on WLC

IPv6 infrastructure

Mid-Market 1 Box Solution

AP3600 11ac module

AP-based firewall

HA – Client SSO

Application visibility and control (AVC)

Bonjour Gateway

Voice Enterprise Certification**

Scale WLC 2500

Guest Anchor on WLC2500

LAG on Flex7500, WLC 8500, WLC 2500

**Voice Enterprise Certification targeted on a special release – FCS beyond 7.4

HA Licensing, N:1 HA SSO over any L2

connection

Proxy Mobile IP (PMIPv6)– AP-Based

PMIPv6 on WLC

Executed Committed

Cisco Confidential—NDA Only

7.2MR1 7.3 7.4 8.0

May 2012 September 2012 December 2012 Q2 CY13

S/W Release

Unifie

d A

ccess

WLA

N Infr

astr

uctu

re

Flex enhancement (11w, PEAP+TLS, override…)

802.11w Mgmt Frame Protection

HA on 2500


Automated Switchport tracing

WiFi Direct detection & Classification

High Availability Improved location accuracy for CleanAir

Mobile Concierge (CMX)

New Signatures

Better Attack Mitigation for aWIPS (Location)

Better Rogue Classification,

Containment, Detection

Location Analytics I

Location Support for FLEX

MSE 3355 Scaling

Global Forensics

aWIPS Prevention

Location Analytics II

ELM Signature Parity

AP 3600 Security Module

aWIPS Rogue Contain Enhancements

FIPS, CC, UCaPL

Virtual Appliance

Rogue Detection Enhancements

Scalability Improvements

Channel Scanning Optimization

Rogue Contain Enhancements II

Executed Committed

Cisco Confidential—NDA Only

7.2MR1 7.3 7.4 8.0

May 2012 September 2012 December 2012 Q2 CY13

S/W Release

M

S

E


5500, WiSM2, 7500, 8500 Series

L2 Redundant Link

Active WLC Hot-Standby WLC

Since 7.3, and

evolving

• 1:1 wireless stateful failover capability in appliance and integrated controllers

• SSID is always beaconing (even after primary controller is down)

• Subsecond WLAN network convergence

Backup Controller (Requires L2 Adj.)

5508

WiSM2

Flex7500

8500

2500

$20,000

$25,000

$40,000

$60,000

(Future) $2,000


vWLC on UCS-E 2500

Virtual Controller

Flex 7500

8500 5760 5508 WISM2

Catalyst 3850

Catalyst 3850

Virtual Controller

• 1 to 50 APs per switch/stack

(Directly connected APs) • 2000 clients per stack • 40 Gbps per switch

• 12 to 500 APs • 7000 clients • 8 Gbps

• 100 to 1000 APs

• 15,000 clients • 20 Gbps

• 25 to 1000 APs • 12,000 clients • 60 Gbps


Large Campus Service Provider

Small Campus / Branch (Controller On-Premise) Branch (Controller in DC)

• 5 to 200 APs • 3000 clients • 500 Mbps

• 5 to 75 APs • 1000 clients • 1 Gbps


• 1 to 50 APs per switch/stack

(Directly connected) • 2000 clients per stack • 40 Gbps per switch



WLAN Controller Portfolio


Autonomous FlexConnect Centralized Converged Access

Traffic Distributed at AP

Traffic Centralized at Controller

Traffic Distributed at Switch Standalone APs

Where it

fits

Small Wireless

Network Branch Campus Branch and Campus

Purchase

Decision

Wireless only Wireless only Wireless only Wired and Wireless

Benefits

• Simple and cost-

effective

for small networks

• Highly scalable for

large number of

remote branches

• Simple wireless

operations with DC

hosted controller

• Simplified operations

with centralized

control for Wireless

• Wireless Traffic

visibility at the

controller

• Wired and Wireless

common operations

• One Enforcement Point

• One OS (IOS)

• Traffic visibility at every

network layer

• Performance optimized for

11ac

Key Consi-

derations

• Limited RRM,

no Rogue detection

• L2 roaming only

• WAN BW & latency

requirements

• System throughput • Catalyst 3850 in the access

layer

WAN


Product Scope Target Market

• 5 to 200 AP support, 3,000 clients

• One AP adder license

• FlexConnect mode only

• Support on VMware ESX/ESXi at

FCS (similar to NCS and MSE)

• Support on Cisco UCS C-Series and

B-Series and equivalent servers

• Mid-market with spare compute platform

• Alternative to Flex 7500 for customers with fewer branches

• Partner/MSP-hosted Wi-Fi service

• NOT for large campus

Pricing

• Base SKU (with five AP licenses) = $750

• One AP Adder license = $150

Cisco Mobility in a BOX

vWLC vPI vMSE

ESX ESXi Hypervisor

UCS/x86 Servers

New since 7.3


• Basic Connectivity

• Deployment Flexibility

• Teleworker

• Enterprise-class

Performance

• Voice/Video/Multimedia

• Any Device / BYOD

Optimized

• Client Scalability

• RF Interference Mitigation

• High Client Density

• HD Video/VDI

• Investment Protection

• 11ac Migration

• Comprehensive

Security

Home Sm/Med Sm/Med/Large Med/Large Enterprise


Cisco Aironet 3600

Series Access Points

4x4 Antenna Design, Three Spatial Streams Fastest, Most Consistent Device Uplink

Speeds, Sustained Further from the AP

ClientLink 2.0 Beamforming Fastest Downlink Performance to ALL Mobile

Devices 802.11a/g and Now 802.11n Across

One, Two, and Three Spatial Streams

CleanAir Spectrum Intelligence Always-On Interference Protection,

Plus New Full-Spectrum Security Module

Future-Proof 802.11ac Module Option Support Upcoming Wave of 11ac Clients

38% Better Than Aruba


• Field upgradable 802.11ac module

5 GHz radio module, 802.11ac Wave 1

1.3 Gbps PHY/~900 Mbps MAC (throughput)

Three spatial streams, 80 MHz, 256 QAM

• AP3600 maintains dual-band support 2.4 and 5 GHz

Supporting b/g/n on 2.4 GHz base radio, a/n on 5 GHz base radio, and AC on 5 GHz module radio

CleanAir and ClientLink 2.0 maintained

• Power requirement with the 802.11ac module installed

Power draw with 802.11ac module ~20W, and will require either enhanced PoE, PoE+, or Power Injector

Availability

- NOW!!!


• Most efficient Wi-Fi standard to date

• Optimized for power savings

• Optimized for high density

• Multi-user mode – “Switch-like”

•

•

•

Practical Considerations for 802.11ac

• 802.11ac will mostly be deployed in 5.0GHz only.

• Most implementations will be 3 Streams for the first few years.

• Nominal throughput will consistently be in the range of ~300 to 400Mbps

• Client device adoption will be rapid to take advantage of extended battery life


• Detection & Mitigation of security penetration attacks

• Detection & Mitigation of denial of service attacks

• Capability supported in Monitor Mode & data serving AP (Enhanced Local Mode -ELM)

• Real time location tracking • Tracking probing & associated

clients, RF tags & wired endpoints • Geo fencing / Zone based alerts • Location Analytics

• System wide Interferer details • Event correlation • Visualization of interferer zone of

impact • Interferer notification • Track & Trace interferers & Layer 1

threats

Advanced Spectrum Capability

Mobile Concierge (CMX) Wireless Intrusion Prevention

Physical & Virtual Appliance

MSE tracks up to

50,000 endpoints & supports 10,000 Monitor Mode

or ELM AP

Indoor Location / Context-Aware

• Detecting Presence • Delivering location based services


WIDS Architecture Options


Monitor Mode AP Data Serving AP Monitor Mode AP

ELM Single Data and WIPS AP

Security Module AP 3600 with Security Module

Security Module

3600 Security Module provides 24x7 dual band WIPS monitoring

Does not require a dedicated AP

Dwells longer on all 2.4 and 5 GHz channels & provides better forensic capability

Recommend Security Module with WIPS Monitor Mode license on all APs


GUEST PRESENCE GUEST ACCESS GUEST EXPERIENCE

Customer: Presence in the venue. IT: understand network utilization, peak usage, number and types of devices on the network.

LOCATION ANALYTICS

The customer’s personal mobile device and its characteristics are detected before they enter the venue.

The customer is seamlessly and securely connected to the Wi-Fi network based on their personal preferences and profile, including device type and roaming credentials.

The customer receives highly relevant content and services based on their preferences, profile, and real-time location within the business venue.

Business: insights into customer online and onsite behavior, most traffic paths, dwell times, location density etc.

Connected Mobile Experience

DETECT CONNECT ENGAGE


Cisco Wireless

Access Point

Cisco Wireless

LAN Controller

Cisco Mobility

Services Engine

App Server

Example – Enhancing customer experience

- MSE detects presence, passes MAC to app server

- App server will push notification based on analytics,

heuristics & policy

- Mobile receives notification, user accepts notification

- App launched

CRM

Server


UA (BYOD) Hosted Demo Available for Cisco Field and Partners

“Many of my teams believe that the BYOD

hosted demo is the largest opportunity

we have in the near term to accelerate

Cisco business.” Senior SE Manager US Public Sector

“Cisco, big thank you, this is one of the

best sales tools you’ve delivered in last

couple of years, the demo enabled me

to close a large BYOD deal which

was very competitive.” Gold Partner SE US

www.cisco.com/go/byoddemo Email: [email protected]

http://www.cisco.com/go/byoddemo

mailto:[email protected]




Preliminary Info, i.e., Customer

Name and Sites

Generate Collateral

ISE, Prime, and MSE Services

Controllers Quantity, Type and Location

AP Count, Type, and Options OR

Import AP Quantity

Launch Advisor from Netformx DesignXpert

Create Accurate and Complete Network Designs and BoMs, with Best Practices, That Are Lean and Competitive

• Integrated with design best practices

• Vertical specific collateral

• Upgrade recommendations

for EoS products

• Latest Cisco products included

(Mobility, Prime, ISE, etc.)

• Automatic updates

www.cisco.com/go/partnerdesign

1 2 3 4 5 6

http://www.cisco.com/go/partnerdesign


1 2 3

Preparing Wireless

for BYOD

How Cisco

Wireless delivers

Unified Access

Services

Industry’s most

comprehensive

Wireless Portfolio

CleanAir

ClientLink

VideoStream

BandSelect

Client Troubleshooting

Resiliency

Application Visibility

Control

SmartOperations

AP3600, AP2600, AP1600

WLC8500, Virtual Controller

802.11ac module

Mobile Concierge

Thank you.

cisco unified access cisco mobility vision, strategy, and ...€¦ · application view &...

Documents