hawaii tech day- cisco mobility

of 119 /119
Kurt Sauter Mobility Product Specialist Digital Network Architecture - Mobility Cisco Mobility

Author: cisco

Post on 14-Apr-2017




3 download

Embed Size (px)


  • Kurt Sauter

    Mobility Product Specialist

    Digital Network Architecture - Mobility

    Cisco Mobility

  • Agenda1. DNA - Mobility

    2. DNA Wave 2

    3. Cisco + Apple Partnership

    4. Wireless Portfolio

    5. Architectures

    6. CMX (demo) (Video) (Apps)

    7. Wrap Up + Q&A

  • Digital Network Architecture - Mobility

  • Digital Transformation

    Information Era: 2000-2015 Digital Business Era: 2015+

    Human Scale

    Physical Appliances

    Manual Management

    Centralized Enterprise and Web Apps

    IoT Scale (People, Devices, Things)

    Virtualized Services

    Automation, Zero Touch, DevOps

    Distributed SaaS, Mobile, & M2M Apps

    Connectivitywith High Reliability

    Platform for

    Innovation, Agility, Security


    Requires Network Evolution

  • Automation & OrchestrationOn demand Application/Service Delivery & Uncompromised, Secure Experiences Over Any Connection

    Accelerating Digital TransformationThe Network is the Foundation of the Digital Business

    Ensure Content ComplianceThreat Defense

    Policy & Identity ControlNetwork Access Control,

    Visibility & Threat Containment

    Personalized MobileExperiencesGain Insights &

    Engage Customers

    Digital ReadyOptimized Investments &

    Seamless Experiences

    Virtualization On demand infrastructure and virtualized functions

    Secure the New EdgeEnhanced Direct Internet Attach Security

    Detect Threats FasterSecurity Everywhere

    Network Transformation for the WANUncompromised & Secure Experiences Over Any Connection

  • Traditional network management cannot provide sufficient dynamic management

    Focus has been on Day0/1 automation

    CLI not built for volumes of changes in machine real time

    Controller based networking supports dynamic policy change

    Controller allows network to be managed as a system

    Policy management is automated and abstracted

    Digital Business DriversRequirement for Dynamic Policy Changes

  • Cisco Digital Network Architecturewww.cisco.com/go/dna

    AutomationAbstraction & Policy Control

    from Core to Edge

    Open & Programmable | Standards-Based

    Open APIs | Developers Environment

    Cloud Service ManagementPolicy | Orchestration

    VirtualizationPhysical & Virtual Infrastructure | App Hosting

    AnalyticsNetwork Data,

    Contextual Insights

    FASTER INNOVATIONInsights & Experiences

    REDUCED COST & COMPLEXITYAutomation& Assurance

    LOWER RISKSecurity & Compliance

    Network-enabled Applications

    Cloud-enabled | Software-delivered


  • How do we simplify, yet build reliable and versatile networks?

    Lowers OPEX: Simplicity without compromise

    Defend from a critical vantage point

    Increase IT value and meet any use case regardless of

    organization size

    Automation & Assurance Security & ComplianceInsights & Experiences

    Wireless is the primary mode of access for users and things

  • Cisco Digital Network Architecture

    AutomationAbstraction and Policy

    Control from Core to Edge

    Open and Programmable | Standards-based

    Open APIs | Developers Environment

    DNA Service ManagementPolicy | Orchestration

    VirtualizationPhysical and Virtual Infrastructure | App Hosting

    AnalyticsNetwork Data,

    Contextual Insights

    Insights and Experiences

    Network-enabled Applications

    Cloud-enabled | Software-delivered

    Automation and Assurance

    Security and Compliance


  • TOM





    Prime ISEWLC UI APIC-EMBest in Class Wired

    Best in Class Wireless

    Single Pane of Glass Automation & Assurance

    Launch Services Elastic On-Demand Services Manage Services Across


    SDA Fabric Automation /

    Orchestration Simple User Group Policy


    Lower OpEx Built on Existing Infras Seamless Brownfield


    Network Assurance Pinpoint issue location &

    impact Speed Remediation

    Automation Analytics

    One Wired-Wireless Experience with Fabric

  • Cisco Digital Network Architecture for Wired-Wireless


    PnP for Centralized & Flex EasyQOS ISE: .1x, BYOD, Guest

    Open APIs: Modular Aps with Restful APIs

    Cloud Service Management CMX 10.x with Context and Guest

    Platforms & Virtualization


    Netflow Export Apple Network Optimization

    & FastLane


    DNA Center: Public and Private Cloud

    Modular APs with Restful APIs DNA Optimized Controllers: 3504, 5520, 8540 Various VM Models: ESXi, KVM, HyperV, AWS

    Software Defined Access and TrustSec SXP & SGT

  • Enterprise Mobility VisionIT has to deliver on

    outcomesMobility is not just about









    Networks are getting complex

  • DNA - 802.11ac Wave 2

  • Wi-Fi Connectivity Speed Timeline Gigabit Wi-Fi As Primary Access

    3SS Desktops / Laptops

    2SS Laptops / Tablets

    1SS Tablets / Smartphones

    802.11 802.11n802.11b 802.11a/g 802.11acWave 1802.11acWave 2




    = Spatial StreamsSS









    2 G


    it Et





    1 SpatialStream

    2 SpatialStream




    2 1124

    54 65









    Dual 5GHz




    it U



  • Flexible Radio AssignmentSoftware defined radio automatically

    adjusts to dual 5GHz to better serve high client environment

    Optimized RoamingIntelligently Connects the Proper Access Point as People Move

    Turbo PerformanceScales to Support More Devices Running High Bandwidth Apps.

    Zero Impact AVCHardware Based Application Visibility and

    Control without Impact to Performance.

    Cisco CleanAir Remediates device Impacting Interference from other WiFi and non-WiFi devices

    Cisco ClientLink Improves Performance of Legacy and 802.11ac Devices.

    Future Proof Expandability Add Functionality Via Module, Smart Antenna Port or USB Port

    Multi-Gigabit UplinksFree Up Wireless With Faster

    Wired Network Offload Gb+

    Flex Dynamic Frequency SelectionAutomatically Adjusts So Not to Interfere With Other Radio Systems

    Wireless excellence and innovations delivered only byCisco Aironet 2800, 3800 Series Access Points

    Apple Fast LaneAutomatically assures highest priority, fastest

    performance for trusted apps on trusted Apple devices


  • Optimized RoamingRX-SOP

    Pervasive Wi-Fi

    HDX TurboPerformance

    Event Driven RRM

    Flexible RadioFRA

    Cisco CleanAir

    RF Profiles


    Load BalancingBand Select

    Client Link 4.0

    Off-Channel Scanning

    Flex DFSDBS



    RF Optimized Connectivity

  • Flexible Radio Assignment FRA2.4GHzServing









    FRA-auto (default value) or Manual

    Auto 2.4 -> 5GHz or Monitor Mode

    Transition to 2.4 GHz if coverage drops

  • Two 5GHz Radioswhat is the Big Deal?

    3 252.4 GHz Channels

    5 GHz Channels

    FCC: 25x 5 GHz ChannelsETSI: 16x 5 GHz Channels

    Event Clients 5GHz vs. 2.4GHz

    Mobile World Congress 2015 87% / 13%

    Cisco Live 2016 90% / 10%

    Democratic National Convention 85% / 15%

    Your Radio Architecture should match your clients needs!!!

  • Optimize Wi-Fi with CleanAirQuickly Identify and Mitigate Wi-Fi Impacting Interference

    Channel 48











    Interference on 20/40/80/160 MHz Air Quality and Interference by

    AP/radio on WLC AQ Threshold trap and Interference

    Device trap (per radio) CleanAir-enabled RRM

    Network Air Quality and Interference Location with PI 3.1.x and CMX

  • Interference Devices and Air Quality ReportCleanAir Enabled RRM

    Mitigated RF interference for improved reliability and performance

    Wi-Fi andnon-Wi-Fi


    Dynamic mitigationED-RRM

    Granular spectrum

    visibility and control

    Air Quality Performance

    Improved Client Performance

    Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference

  • Maximize Channels When Radar Is PresentFlexible Dynamic Frequency Selection



    36 40 44 48 52 56 60 64

















    140Channel Used

    by Air Traffic Radar

    See it on 160MHZ Band

    Dynamic Frequency Selection FlexibleDynamic Frequency Selection

  • FlexDFS with Dynamic Bandwidth Selection

    Identifies radar frequency to

    1 MHz

    FlexDFSisolates radar

    event to 20MHz

    DBS allows best channel

    and width

    Interference is impactingonly channel 60

    FlexDFS + DBSAutomatic and intelligent use of spectrum

    52 56 60 64

    DBS combined with FlexDFS: Increased confidence in using wider channel bandwidth; reduced radio flapping


    Secondary 20


    52 56 60 64

    Optimizes HD Experience

  • Better Client Connectivity RXSOP, Load Balancing, Band Select

  • Fine-tuning HDX with RF Profiles

    Wi-Fi Triggered ED-



    Dynamic Bandwidth Selection





    ClientLink 4.0

    Turbo Performance

    Pre-canned RF Profiles Client Distribution Data Rates DCA, TPC, CHDM Profile Threshold for

    Traps High Density Features

  • Security and Threat Mitigation

    Secure Access


    Client Exclusion

    802.1x WPA2/AES

    AES256 Encryption

    AAA Override VLAN, ACL, QoS

    Local Policy w/QoS and AVC

    MFP, 802.11w

    TrustSec SXP Inline Tagging

    wIDS, ELM

    MAC Auth Rogue Detection



    8.3 MR1

  • 5GHz. / 2.4GHz. .5GHz. / Security

    Cisco Wireless Security Deployment with AP3800/2800 Maintains Capacity and Avoids Interference

    Good Better Best

    Features ELM Monitor Mode AP ELM with FRAMonitor Mode

    Deployment Density Per AP 1 in 5 APs 1 radio per 5 APs

    Client Serving with Security Monitoring

    Y N Y

    wIPS Security Monitoring 50 ms off-channel scan on selected channels on 2.4 and 5 GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    CleanAir Spectrum Intelligence 7 x 24 on client serving channel 7 x 24 All Channels on 2.4GHz and5GHz

    7 x 24 All Channels on 2.4GHz and5GHz

    Serving channel Serving channelOff-Ch Off-Ch

    Serving channel Serving channelOff-Ch Off-Ch

    Enhanced Local ModeAccess Point


    2.4 GHz

    5 GHz



    Monitor ModeAccess Point


    2.4 GHz

    5 GHz









    Ch161Ch157 Ch38Ch36


    2.4 GHz

    5 GHz


    Ch38Ch36 Ch161Ch157

    ELM with FRA Wireless Security Monitoring


    Serving channel Serving channelOff-Ch Off-Ch5 GHz t

  • ServeClienton2.4GHz

    50ms off-channel



    50ms off-channel

    Rogue Detection and Mitigation Rogue Classification and

    Containment Rogue Rules Manual Classification

    Friendly/Malicious Manual and Auto


    CleanAir with Rogue AP Types

    WiFi Invalid Channel WiFi Inverted

    Rogue Location Real-time with PI, MSE,

    CleanAir Location of Rogue APs

    and Clients , Ad-hoc Rogue, Non-wifiinterferers









  • Service ReadyFeature Highlights

    VideostreamMulticast VLAN

    Per-Client/Per-SSID BW Contract

    Local Profiling

    Bonjour Apple Services

    Service Ready


    AAA Override ofAVC Profile

    Voice Optimization, CAC, WMM Policy

    Adaptive 11r ,11k, 11vFastLane

    QoS ProfilesOKC, CCKM

    Fast Roaming

    8.3 MR1

  • Zero Impact Application Visibility and Control

    Maintain Performance with Zero Impact AVC

    Gain Visibility into the Network

    Monitor Critical Applications

    Control Application Performance





    SettingupAVCprofilesandrules Drop/MarkforseveralvideoappslikeYouTubeandNetflixoniPhone,iPad Drop/MarkforotherappssuchasJabberandWebex Profileswithblockandpassrulescombined RateLimitingofVideo/Voiceapps AAAoverride forAVCprofile AVCProfilewithLocalPolicyClassification

  • Enterprise Infrastructure Feature Highlights

    Fast SSID

    Flex, Local, Sniffer, Monitor, ME


    Enterprise Infrastructure

    Pre-Image Download

    AP Multicast

    WiFi Tagging


    Guest Access

    Plug n Play

    8.3 MR1 8.3 MR1


  • AP and WLC Portfolio

  • Cisco Aironet 802.11ac Wave 2 Portfolio Enterprise Mission Critical Best in Class


    1850 (i/e)2800 (i/e)

    3800 (i/e)

    Dual Band 802.11ac Wave 2 Compact Design 3x Gbps switch port 1x Gbps uplink port Wall Plate AP Teleworker OEAP 802.3af PoE out

    802.11ac Wave 2: Most Cost-effective, 870 Mbps.

    3x3:2SS 80MHz. Spectrum Analysis* Tx Beam Forming 1 GE Port USB 2.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac Wave 2: Cost-effective, 1.7 Gbps

    4x4:4SS 80Mhz. Spectrum Analysis* Tx Beam Forming 2 GE Ports USB 2.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac W2: High-Performance 5Gbps

    Flexible Radio Assignment

    4x4:3SS 160 MHz 2 GE Ports USB 2.0 Hyperlocation

    (External Antenna) CleanAir 160MHz. ClientLink 4.0 Centralized,

    FlexConnect* and Mobility Express

    802.11ac W2: High-Performance 5Gbps.

    Flexible Radio Assignment

    4x4:3SS 160MHz. MU-MIMO 2 GE or 1 GE + 1

    mGig (5G) Hyperlocation

    (External Antenna) CleanAir 160 MHz ClientLink 4.0 StadiumVision Modularity Centralized,

    FlexConnect and Mobility Express

  • Cisco Aironet Portfolio Outdoor APEnterprise Class Best in Class Cable Operators

    1560 802.11ac W2 4 models (I/E/D/PS) 3x3:3, 80MHz, 1.3G (I) 2x2:2, 80MHz, 867M (D/E/PS) MU-MIMO SFP Internal Directional Ant. (D) 4.9 GHz (PS: Public Safety) Flexible Antenna Ports CleanAir 80 MHz ClientLink 4.0 Centralized, FlexConnect,

    Mesh & Mobility Express

    1572EAC 802.11ac W1 4x4:3 80 MHz; 1.3 G External antenna SFP GPS PoE-Out (803.2at) Flexible Antenna Ports CleanAir 80 MHz ClientLink 3.0 Modularity Centralized, FlexConnect &



    802.11ac W1 4x4:3 80 MHz; 1.3 G Internal or External antenna DOCSIS 3.0, 24x8 SFP GPS PoE-Out (803.2at) (EC) Flexible Antenna Ports CleanAir 80 MHz ClientLink 3.0 Modularity Centralized, FlexConnect &


    1530 802.11n 2 models, low profile 2G: 3x3:3; 5G: 2x3:2 Internal or External antenna Flexible Antenna Ports Centralized, FlexConnect, &


    * Future availabilityShipping ShippingFCSAugust 2016

  • Industrial Wireless IW3700 Series Access PointOptimized for Rail, Mining, Manufacturing, Oil & Gas

    N-type antenna ports for 4x4 MIMO with three spatial streams and support for up to 13 dBigain antennas

    10/100/1000Base-T, PoE and PoE+ in (M12)

    10/100/1000Base-T, PoE out (M12)

    10 to 60 VDC in (M12)Management console port (RJ-45 serial)

    Integrated mounting ears

    Diecast aluminum chassis with

    integrated heatsinkand heaters

  • Meet Any Wi-Fi Use CaseExpandability and Investment Protection

    Future Wi-Fi Standard


    Custom ComputePlatform

    Adv. Security and Spectrum

    Analysis3G & LTESmall Cell

    Bluetooth Beacon

    Hyperlocation Antenna

    Stadium Panel


    Self-Discover / Self-Configure


    Directional Antennas


  • Access Point Extensions (APeX)Third-party Development Framework

    Seamlessly Enable partners Cisco Wireless BE Other Cisco Business Units Strategic partners 3rd Party solutions vendors

    Facilitate both hardware and software based solutions

    Sustained differentiation of 3K Series APs

    Gain competitive advantage by enabling vertical specific solutions


    A development framework to enable an ecosystem of expansion modules (HW module, USB or software) for Cisco Aironet AP 3800 Series

  • Wireless Architecture

    Autonomous FlexConnect Centralized Converged Access

    Traffic Distributed at AP

    Traffic Centralized at Controller

    Traffic Distributed at SwitchStandalone APs

    Target Positioning Small Wireless Network Branch Campus Branch and Campus


  • Right To Use Licensing, Ease of Enablement and Portability

    Utilizes the NEW WLAN Express WEBGUI with best practices enabled

    Allows administrator to easily migrate config from previous WLC

    Simplified Migration and Manageability

    Ability to host multiple services such as Application Visibility and Control, Bonjour

    Services Directory, TrustSec, Guest, High Availability with SSO

    Support for centralized, distributed and Mesh deployments

    Services Ready

    5520 scales up to 1500 AP & 20,000 clients

    8540 scales up to 6000 AP & 64,000 clients

    Built for addressing Scale of BYOD

    5520 supports 20 Gig of throughput

    8540 supports 40 Gig of throughput

    Throughput to address needs of Wave-2 11ac



    Introducing the Cisco 5520 and 8540Feature-Rich, Multi-mode and Ready for Wave 2 802.11ac

  • Built for addressing Scale of BYOD

    Introducing the Cisco 3500Feature-Rich, 150APs 3000 Clients

  • Easy to Use Sidebar


    Intuitive and Interactive Network Summary Navigation

    Ciscos Simplified WLAN Controller GUI

    Switch between graphic and text

    Drag Dashlets to Rearrange

    Add Dashlets

  • Mobility Express Interface(Single AP)

  • Converged Wired/Wireless

  • 2.5-5 Gigabit Port

    Offload Wireless Traffic FasterMultigigabit Technology

    Cisco MultigigabitStandard Cat 5e/Cat6 Cables

    1 Gigabit Port

    Delivers up to 5X Speeds in Enterprise WithoutReplacing Cabling Infrastructure

    Supports PoE Up to 60W

    2.5-5 Gigabit Port

    Available on AP 3800

  • Catalyst 3850 Multigigabit Versions

    48 Port Version 24 Port VersionDownlinks:36 x 1G LineRate 10/100/1000BASE-T, 12 x GE/mGig/10GT Line RatePoE/PoE+/UPoE, EEE, MACSec

    Uplinks:4x10GE SFP+, 2 x 40G QSFP (NEW), 8x10G SFP+ (NEW)

    Downlinks:24 x GE/mGig/10GTPoE/PoE+/UPoE, EEE, MACSec

    Uplinks: 4x10GE SFP+, 2 x 40G QSFP (NEW), 8x10G SFP+ (NEW)

    All 3850 Versions Can Stack with Each Other

  • Catalyst 3850 mGig

    C3850 24 port mGig Switch24p mGig/10GT PoE+/UPOE. Line rate at 72 byte packet sizes

    C3850 48 port mGig Switch12p mGig/10GT PoE+, 36p 1GE UPOE. Line rate

    Investment Protection mGig speeds with Cat 5e,





    New Member to the stacking Family


  • Cisco + Apple Partnership

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

    The new partnership for Federal Customers

  • What are we trying to solve?


    Complex configuration of advanced features


    Sub optimal roaming for mobile devices and battery efficiency

    Better integration between mobile devices and the network


    User experience is affected

  • Cisco-Apple partnership provides these benefitsOptimized Wi-Fi Connectivity Prioritized Mission applications

    Intelligent, and efficient roaming is automatically configured

    iOS and Cisco devices recognize each other and enable special capabilities

    Mission data gets priority and speed even if network is congested

    Reduces complexity - IT can focus on the mission the network does the heavy lifting

  • What happens Today?

    In 802.11, delay in roaming causes poor experience, especially for rich-media real-time applications. Interoperability increases complexity and prevents adoption.Standards to the rescue? 802.11r Fast Roaming 802.11k Neighbor List 802.11v BSS Transition

    But Operational Complexity Multiple SSIDs some clients cant

    associate with SSIDs enabled with 11r

  • Optimized Wi-Fi Connectivity

    Intelligent, and efficient roaming is automatically configured

    Makes critical apps more reliable

    iOS and Cisco devices recognize each other and enable special capabilities

  • 802.11k, 802.11v, 802.11r help efficient roaming

    802.11r enables fast roaming without complete reauth802.11k sends you list of neighbors802.11v BSS Transition sends you the new best AP Cisco-AP-2 to connect to


    Fast Transition (802.11r)Cisco-AP-1 Cisco-AP-2

  • Association

    Cisco-Apple Optimized Roaming reduces management overhead by up to 50%

    Legacy client cannotjoin the same SSID where 11r is enabled

    I recognize that you are an Apple device11r is enabled for you

    802.11k, 802.11v are on by default

    Legacy client that does not support 11r/k/v canjoin the same SSID


  • Roaming Performance : 10x Better end-user Browsing and App Experience

    QoS, 802.11r/k/vNo QoS, No 802.11r/k/v

    Time (s)*

    *Time Interval between last packet on previous AP, and first packet on next AP

  • Benefits of Optimized Wi-Fi Connectivity

    Automatic configuration reducing complexity for IT

    Up to 50% reduced management overhead due to fewer SSIDs

    86% reduction in network message load from the device during roaming

    Investment protection -Leverage existing network design

    Lower battery usage

    66x reduction in probability of poor audio quality experience. 10x more successful end user browsing experience

  • What happens Today?

    Inability to prioritize mission-critical real-time traffic all the way from clients to the destination

    Today IT Administrators can classify traffic ONLY at the access point. this implies:

    Inability to prioritize between the client and the AP.

    Burden on IT administrator to manage the applications across the enterprise

  • Prioritizing Business Apps

    Prioritize mission critical apps and real time data

    Turning on is easy

    IT has control over which Apps get priority

  • Fast lane Configuration Profiles

    A QoS configuration profile will ONLY be acted upon on an iOS 10 client

    Uses standard Apple iOS Profiling techniques (MDM, email, Web-based) Profile lists whitelisted applications in a dictionary file Whitelisted applications are allowed to mark QoS (DSCP/UP) upstream Non-Whitelisted applications receive only BE/BK marking upstream

    Used in Combination with Cisco and Apple mutual detection

  • Fast Lane only applies to Cisco-Apple Deployments

    QoS Profile is not consideredApplications can only mark UP, not DSCP*

    QoS Profile or no QoS Profile

    If a Profile was received, All apps in White list Can mark QoS upstream

    QoS Profile


    Supports Fast lane

    * DSCP can be marked with IP_TOS/IPv6_TCLASS when SO_NET_SERVICE_TYPE is best effort

  • Fast Lane enables network administrator to prioritize applications per your environment

    Supports Fast lane Admin can provision Apple IOS device with a QoS profile*Applications in whitelist get QoS marking**

    Other applications get BE/BK

    Supports Fast lane

    My profile for this environment:Minecraft = Real-time-interactiveViber = BE

    My profile for this environment:Minecraft = BEViber = Voice


    Supports Fast laneSupports Fast lane

    Cisco-AP*Without a profile, all applications are whitelisted by default in a Fast Lane cell

    **Fast Lane does NOT override apps QoS, it either allow the app QoS or apply BE

  • App prioritization elements

    QoS Profile

    Voice QoS Trust


    Better EDCA

    Helps determine which applications should receive QoS upstream

    Trust upstream voice traffic, with ACM and without TSPEC

    Benefits IT AdministratorConfigure optimal WLC QoS in one click

    Ease of UseIEEE 802.11-2016 EDCA

  • No Fast Lane

    Fast Lane delivers a reliable voice experience even in a congested environment

    In a congested environment, one voice packet is sent every 20 ms

    We measure the actual interval between voice packets in the upstream direction

    Capture time (seconds)

    Packet average interval is 40 ms (not so good)

    Many glitches, of up to 0.6 second (poor audio experience)

    Interval (seconds)

    Fast Lane

    Interval (seconds)Packet average interval is 20 ms (good)

    Very few glitches, of up to 0.1 second(fair audio experience)

  • Benefits of App prioritization

    Business data gets priority and speed even if network is congested

    Reduces complexity - IT can focus on the mission the network does the heavy lifting

    Reliable mobility for mission use

  • Benefits of Apple-Cisco partnership

    Simple, automated configuration of

    Optimized Roaming & Fast lane

    Faster client roams, lower battery usage and reduced network load

    Enabled with a unique to Apple and Cisco mutual identification

    Prioritizes mission-critical apps over

    the air and network

  • What can we enable

    All Wireless Office Manage growing network demandsMobile access to

    real-time data

    Prioritize mission critical apps

    Improved voice and video communication

  • Seamless Collaboration with Cisco Spark

    Meet anywhere and everywhere

    Always-on, secure team messaging and file sharing

    Integrated business phone with HD voice and video calling

  • Enterprise Voice Integration

    Take your desk phone with you

    Easier than ever to collaborate

    Enable by Cisco Spark and iOS 10 APIs

  • Native Voice Experience Hey Siri!

    Intuitive - use the iOS native dialer for Spark calls

    Convenient - consolidated view of contacts, call history, and favorites

    Control - call waiting allows user to screen and prioritize calls

    Multi-functional - extends hands free experiences using Siri voice commands, Bluetooth and mobile accessories

    Use connected headsets and accessories

  • Enterprise Voice Integration Users never miss a call

    Reliable, high-quality calling with reduced costs

    Improved compliance for calls made through the corporate PBX

    Accelerated user onboarding

    PBX TelcoSwitch

    Desk Phone



  • Recommended platforms

    Networking infrastructure Caching iOS devices Wireless controller: Running

    AireOS 8.3, 8.3MR or connected to Meraki cloud

    802.11ac Aironet and Meraki MR Access points

    Catalyst and Meraki MS Multigigabit-capable switches

    Meraki Systems Manager EMM Software licenses, maintenance

    & support

    ISR 4000 Series WAAS Wide Area Application

    Services Akamai Connect license Software licenses, maintenance

    & support

    Optimized Efficient Roaming

    iPhone 6s and later iPhone 6s Plus and later iPad Air 2 and later iPad mini 4 and later iPad Pro and later iPhoneSE

    Fast Lane

    iPhone 5 and later iPad mini 2 and later iPad Air and later iPad Pro iPod touch (6th generation)

  • CMX & ISE

  • Prime Infrastructure

    Cisco WLAN


    Systems Manager (MDM/EMM)

    MDM Manager

    Wired Network Devices

    Cisco Catalyst Switches

    Office Wired Access

    Office Wireless Access

    IdentityServices Engine

    Remote Access

    ASA Firewall

    CSM / ASDM

    Identity Services Engine Policy Enforcement

  • Cisco Identity Services Engine (ISE)

    Network ResourcesAccess Policy

    Traditional Cisco TrustSec

    BYOD Access

    Threat Containment

    Guest Access


    Identity Profilingand Posture

    A centralized security solution that automates context-aware access to network resources and shares contextual data


    Physical or VM

    ISE pxGridController








    Threat (New!)

    Vulnerability (New!)

  • Demo CMX

  • DNA for Mobility: Summary of Solutions

    AnalyticsPresence Analytics

    Location based AnalyticsVerticalization

    User EngagementCustom Guest Experience

    Location Specific PortalConnected Visitors Analytics

    Mobile Applications Location based Engagement

    3rd party App integrationProgrammability & extensibility

    Lower RiskFaster Innovation Reduce Costand Complexity

    Apple and CiscoOptimize Wi-Fi Connectivity

    Prioritize Business AppsIntegrate Collaboration

    Automation Flexible Radio Assignment

    WLAN Express Setup Plug n Play Provisioning

    VisibilityEasy Monitoring & troubleshooting

    App & Device Awareness

    Fast PolicyBYOD Provisioning

    802.1x Authentication Guest Access

    Embedded SecurityVisibility and Segmentation

    Threat DetectionBYOD Monitoring

    Web Content/ControlCategory-Based Filtering

    Policy SegmentationSecurity Activity Monitor

    Protect The AirInterference and Air Quality Detect Rogues and attacks

  • Ciscos location roadmap and use case vision

    PresenceGreater customer


    Enhanced location


    Bluetooth Low Energy

    Accuracy 20m

    Type In-zone Detection

    Use Cases

    Venue-level,Visitors, Dwell Time

    Accuracy 10m

    Type X,Y coordinates, Optimized refresh

    Use Cases


    Accuracy 1-3m

    Type Real time refresh, app required

    Use Cases

    Way Finding / Indoor navigation / Proximity Marketing

    Accuracy 1-3m

    Type Refresh every 10 seconds, no app

    Use Cases

    Sub-zone-levelWork space optimization

  • CMX now has the capability of sending data natively into a CMX Splunk Application and CMX for ElasticSearch with Kibana visualization. These connectors allow the end user to take advantage of CMX to calculate location and analytics data and use the third party tool to add additional visualizations and data views.

    Expanded Visulization - CMX Connectors

  • Notifications based on additional events from RFID tags including button pushes and battery events.

    Notifications to email addresses to enable rapid prototyping of applications

    Configurable encryption key per destination.

    CMX Notifications Improved Support for RFID Tag events and Email notifications

    New Notification Types

    Updated Destination options

    Configurable encryption key

    Note: Enables Asset Tag solution migration from MSE 8.0 to CMX

  • Northbound Notifications MAC hashing

  • SSID based filtering for Location When a customer has multiple different SSID for

    different purposes, they can now isolate which SSID are used for by the system, such as a GUEST SSID and not include data from this SSID in reports

    Connected and Detected client selection in all Analytics reports Each report can now be customized to include

    Connected (i.e. Associated) and Detected (i.e. Probing) Devices to provide additional granularity. (or both)

    CMX Analytics - Report Filtering

  • Analytics reports now have the ability to use customizable opening hours for the reports based on a configuration file. This allows more accurate analytics reporting that is specific to the venue.

    CMX Analytics Customizable Opening hours

    Input File Customized Open Hours

  • CMX Analytics has changed from a NOW report to a dedicated RealTime analytics tab. This allows accurate and timely display of what is occurring right now in the venue at a floor level. RealTimereports can be saved similar to other analytics reports.

    CMX Analytics Real Time Report

  • CMX 10.2.3 now allows creation and editing of Inclusion and Exclusion zones within CMX instead of having to create them in Prime. This simplifies the management process when a map is added or changes.

    CMX Location Configurable Inclusion/Exclusion Zones

  • CMX now has the ability to show a new Portal page after a certain number of days (1 to 1000) or if configured to (0), will show a new portal whenever user is timed out of WLC. This makes it much easier to configure when a portal page will show up to a user.

    CMX Connect Configurable Portal Timeouts


  • System uses Virtual IP and heartbeat check pointing between two systems, active and standby.

    Failover time about 5 mins Database is check pointed

    CMX High Availability

  • What's New in CMX CloudPresence and Connect

  • CMX Cloud - Support Aironet and Meraki Wi-Fi

    Cloud CMX MerakiAPI

    Aironet Meraki MR

    Common Dashboard for CMX Analytics and Connect

  • Guest Voucher Code

    Front-desk or lobby admin creates a voucher code one at a

    time or in bulk

    Customize the email & print formatting and distribute the

    voucher keys

    Full audit capability to trace back the lobby admin, voucher code and last access history

    Create Voucher Format Email Receipt

  • Email Verification: Host Sponsor or Self Sponsor

    Visitor provides an email seeking approval Visitor waits for approval or cancel request.

    Sponsor clicks on URL to approve and Visitor gains access

    Note: leave domain blank for self sponsorship

    Sponsor Guest Settings

  • Customizing Repeat Visitor Portal Experience Location based Policy ControlsMAC Filtering: automatic repeat

    visitor association; MAC database in CMX Cloud

    Repeat visitor login portal experiences customizable

    Add Repeat Visitor context to the captive portal

  • Rules Engine Define Customized ExperiencesNext generation Portal Splash Rules


    Site-based Policy

    SSID-based Policy Assign Rule

    2 Rule-basedportal and POST auth Portal

    ENGAGE Rule for Customer follow Up

    SERVICE PLANfor Network Policy(Bandwidth and Access Duration)

  • Defined Rate-limiting and Access Duration With this, CMX Cloud

    With CMX Cloud any policy enforcement can be done with a simple configuration

    Policy Plan Authorization with CMX Cloud

  • Background: when there are multiple guest SSIDs from Single AP (Managed Wi-Fi, Shopping Mall, etc) CMX can assign each SSID as completely separate Guest Portal Policy and configuration

    New-Use case.SSID-based Connected Experience

  • In Multi-Tenant environment, CMX can display portal upon every new site visit.

    Franchise or branches that are located across multiple site, can suppress splash page if customer visited same branch in last login frequency

    New-Use casePortal display policy upon visiting new site

  • Use-case : Multi-Tenant, Managed SP customer can assign different sponsor per tenant

    Sponsor Portal now can support multiple accepted email domains

    Settings > CONNECT Tab

    New Use-CasesMultiple Sponsor Email Domains

    Use Sponsor element On portal

  • CMX Cloud - Push Notification Generate Push Notification message based on Presence Detection from AP

    Can send different message per types of movement PASSERBY, VISITOR, CONNECTED, GONE,

    App NotificationMessage

    SMS-MessageWhen leave venue

  • Twitter (Oauth 1.0) and LinkedIn (Oauth 2.0) has been added

    CMX Cloud - Now supports 5 Different Social ID Login. Facebook, Instagram, Foursquare, Twitter and LinkedIn

    CMX Cloud support - Social Network Login

  • Resources

    CMX Cloud homepage: http://cmxcloud.cisco.com

    Mobility Express homepage: http://cisco.com/go/mobilityexpress

    dCloud CMX Cloud demo: https://dcloud-rtp-web-1.cisco.com/dCloud/drn.jsp

    dCloud Mobility Express demo: https://dcloud2-rtp.cisco.com/content/demo/222996

  • Making it Easier: Assurance

  • ServiceManageFix Predict

    Predict Client and network issues before they occur

    Fix real time issues and get insight into historic trends


    Surface undetected client and network anomalies

    Machine Learning01001011000101110010010101100


    PlanningInfrastructure Data

    Behavioral analytics InsightSensor Data

    Root cause issues in few Clicks

    Build Resilient and Reliable Networks

    Automate tools to discover outliers

    Proactive wireless network assurance

  • Making it Easier: Licensing

  • A complete wireless system with ONE License

    Enterprise Class Wi-Fi


    Identity-Based Secure Access


    Network Management End-to-End Security

    Comprehensive Management For User,

    Network and Application


    Industry-Leading Mobility Capabilities


    Centralized Identity-Based Policy Management(ISE-Base)

    Software-Defined Segmentation


    Location Based Mobile Services

    Customizable Location Tracking


  • Location Tracking HyperlocationvBLE

  • No Single Technology Delivers for All Use Cases

    CMX delivers high accuracy indoor location, leveraging Wi-Fi & BLE, today


    Proximity MarketingFast Refresh Rates


    Space UtilizationZone-based Triggers

  • Enabling High Accuracy Wi-Fi

    Client Side ApplicationPhunware Software

    Delivers mobile experience

    Uses Wi-Fi and BLE from Hyperlocation plus device

    sensors to enhance location and refresh rate

    HardwareHyperlocation Solution

    Module and/or Antenna

    Applies to Aironet AP3700 &

    other AP 3K

    Uses 16 to 32antennas to

    determine mobile client location

    Using Wi-Fi for Highly Accurate and Near-Real Time Location

  • Location Excellence Means BetterBusiness Intelligence

    Cisco CleanAir Technology - Detects BLE beacons and interferers;optimizes RF

    Cisco FastLocate - A faster refresh provides more location detail

    Hyperlocation - Provides enhanced location accuracy

    BLE Gateway - Complete BLE management, integrated and plugin BLE options, and BLE analytics*

    FastLocate: Critical toactionable data

    T=00s T=30s

    70 APs, 147 Connected Clients, 352 Detected Clients, 10 Zones, 18 Beacons, 17 Interferers


  • Enabling High Accuracy Location

    Client Side ApplicationPhunware Software/ Cisco SDK / Sample App

    Delivers mobile experience

    Uses BLE from Beacon point enhance location and refresh rate

    HardwareCisco Beacon Point

    Applies to Cisco Beacon


    Using BLE for Highly Accurate and Near-Real Time Location

  • CMX Virtual Beacon Solution

    Eliminates battery operated BLE beacons

    Operational Simplicity with virtual beacons

    Proximity Engagement and Indoor navigation

    Customer BenefitsWhat is it? Beacon Point generates BLE beams

    Beacon Center creates virtual beacons and manages beacon points via Cloud. Priced per beacon point per year

    Cisco Virtual

    Beacon www.cmxcisco.com


  • CMX Virtual Beacon Value Proposition

    Eliminate battery operated physical beacons

    Replace up to eight physical beacons

    Add or move virtual beacons with a click

    Scale beacon deployment with operational simplicity

    Eliminate RF calibration with advanced machine learning

    Deliver high location accuracy, Reduced latency

  • Cisco Cloud Machine learning

    and location engine

    Beams | Hear

    Location Estimate

    CMX Beacon Points

  • Simplify Beacons CMX Cloud Beacon Center


    Manage Beacon Points

    Machine Learning Across Device Types

    Drag and Drop Virtual Beacons

    Create Proximity Message

  • Cisco Cloud Machine learning

    and location engine

    Customer Cloud

    How It Works





    Mobile app with Cisco SDK

    Cisco Beacon Point






    Mobile device listens to the BLE beacons from the Beacon Point1

    Cisco Cloud sends location & map information to the mobile app. 3

    Customer app interacts with Customer app cloud with additional information about it location


    Cisco SDK (integrated into the mobile app) sends information to the Cisco cloud


    When users are in proximity of a virtual beacon, custom notifications or URLs can be sent or actions can be taken


    Virtual Beacons can be created anywhere in the coverage area 6

  • Cisco Virtual Beacon - Ordering Information

    PID / SKU Description List Price

    AIR-VBLE1-K9 CMX Beacon Point $695

    AIR-CMX-SVC-VBLE CMX Cloud Beacon Center Subscription software includes software support

    With multi-year discount$190 per BP per yr. (12 mos)$150 per BP per yr. (36 mos)$130 per BP per yr. (60 mos)

    CON-SNT-AIRVBL1K Technical services 8x5xNBD SNT Replacement

  • Federal Certifications

  • Current Cisco Wireless Government CertificationsCertify every MD/long lived release

    Whats Certified: All Cisco 11ac and 11n Access Points All appliance and integrated

    controllers MSE 8.0, and PI 2.2 APL Listing for WLAS, WAB,WIDS

    Whats unique to Cisco: Cisco ONLY Wireless vendor with DCE

    and Common Criteria Certification Predictable wireless certification MD

    SW release gets certified Common release both Enterprise and

    Government customers Feature consistency and deployment flexibility

    Certification 7.0 8.0 IOS 3.6






    Comprehensive end-end solution certified !

  • Roadmap - Cisco Wireless Government Certifications8.3 (MR1) and IOS 16.3 Q3CY16

    Whats Certified: 11ac Wave 2 Access Points 5520, 8540, 5508, 2504, WiSM2 3650 and 3850 switches/WLC CMX 10.3 APL Listing for WLAS, WAB,WIDS Cisco SSL 6.x Integration w/AireOS

    Whats the timeline: FCS Nov 16 JITC Eval Began Oct 16 Estimate Completion Q2CY16

    Certification 8.3 IOS 16.3






    NGE and Wave 2 Certified Release!

  • Making Wireless Easier

    Network of Tomorrow Digital Network Architecture Automation Security Insights

    Full Line of Products

    Full Speed 802.11ac Excellence

    Full Control Services & Security ensure granular control & enforcement

    More Ways to Do things Making it even Easier

  • Thank You!