steven pollock 4-2 smart business architectures with borderless networks
DESCRIPTION
Smart Business Architectures and the Case for Cisco Borderless NetworksTRANSCRIPT
Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.
Smart Business Architecturesand the case for Cisco Borderless Networks
Steven Pollock, CCIE#3148
Sr. Systems Engineering Manager
Borderless Network Architectures
United States Public Sector
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Government Business Challenges
The Network – Your Strategic Investment
Smart Business Architecture for Government
Next Steps
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
VideoMobilityWorkplaceExperience
© 2010 Cisco and/or its affiliates. All rights reserved.
7 Billion New
Wireless Devices
by 2015
Mobile Devices
IT Resources
Blurring the Borders
Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual
Changing the WayWe Work
Video projected to quadruple IP traffic by 2014 to 767 exabytes
Anyone, Anywhere, Anytime
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Borderless Experience
ANYWHERE
ANYONE
ANYTIME
ANYTHING
Securely, Reliably, Seamlessly
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Government Solutions
Helping Government Educate, Defend and Serve
Application Layer
Operations Applications Collaboration Applications
Network Infrastructure
Data CenterCollaborationBorderless Network
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7Cisco Confidential 7© 2010 Cisco and/or its affiliates. All rights reserved.
… a building without an architectural blueprint?
One problem creates another
Silo’d projects exist with no integration
plan
Constant re-design with additions
Changes are costly
Provides detailed proper planning and design
Allows a clean integration when additions are
made
Reduces Total cost of ownership
Additions do not require entire building re-design
Without a Blueprint With a Blueprint
Borderless Networks
CollaborationData Center/Virtualization
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Infrastructure
Borderless End-Point/User Services
MobilityWorkplaceExperience
Securely, Reliably, Seamlessly:AnyConnect
Borderless Network ServicesBorderless Policy,
Management, and Smart Services
Switching
Wireless
WAAS
Routing
Security
Mobility:Motion
Security:TrustSec
Voice/Video: Medianet
Green:EnergyWise
App Performance: App Velocity
Video
Architecture for Agile Delivery of the Borderless Experience
PROFESSIONAL SERVICES: Realize the Value of Borderless Networks Faster
Optical
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Context-Aware, Prioritized, High-Quality Voice and Video
No Resource Reservation, Degraded Voice and Video
CEO Meeting
M&A Negotiation
Sports Event
GLOBAL BUSINESS,
WORLDWIDE OFFICES
Can My Network Deliver Real-Time Collaboration Experiences?
CEO Meeting
M&A Negotiation
Sports Event
Transform Voice and Video Experiences
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Up to 2X Improved Response Time and 90% Reduced Bandwidth Cost
Compromisedand Costly Experience
Can My Network Optimize Performance of Applications Anytime, Anywhere?
SP CShortest path
selected!
No applicationcontrol
Wastedbandwidth
SP D
SP D
SP A
SP B
Real-Time Fastest Path
Scalable App Visibility
Embedded WAN Optimization
SP C
SP D
SP D
SP C
SP D
SP D
SP A
SP B
SP A
SP B
Superior Application Performance, Better User Experience
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
―Lean‖ Application Hosting Provides Branch-to-Cloud Application Survivability
and Infrastructure Agility
Unreliable WAN Leads to Poor Experience with Cloud/Data Center
Hosted Applications
Can My Network Optimize Performance of Applications Anytime, Anywhere?
Cloud
WAN
Cloud
WAN
UCS-E
Enables Business Continuity and Network Reliability
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Managed
Nightly Shutdown
$280,000
Additional Energy
Policies
$150,000
Annual
Energy Costs
$770,000
Reducing Energy Costs
Am I Using My Network to Reduce My Energy Costs?
Countywide OfficeEnergy Management
No Energy Management
COUNTY OFFICES
10,000 PCsTotal Savings
$430,000
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
―Guest‖ Access PolicyIT Devices Changed Manually
CONSULTANTFOR
A PROJECT
Guest Access Made Easy
Do I Have a Consistent Access Policy ArchitectureAcross My Network for All Users and Devices?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Encrypted, Tamper-Proof Transactions
Clear Data and Video Streams in LAN
DD D D D D D D D
VV V V V V V V V
DD D D D D D D D
VV V V V V V V VMALICIOUS GUEST USER
Next-Generation Security
Is My Network Ready for Current and Future Regulatory Requirements?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Next-Generation Security
Can Mobile Devices Access My Network Securely, Reliably and Seamlessly?
Secure Mobile ConnectivityUnmanaged Devices, Risk of
Data Loss, and Lack of Access
AcceptableUse
Access Control
Data Loss Prevention
MOBILEEXECUTIVE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
802.11n Performance Protection
Can Mobile Devices Access My Network Securely, Reliably and Seamlessly?
CleanAir Detects and Mitigates Interference for Performance Protection
Wireless Interference Decreases 802.11n Performance
AIR QUALITY PERFORMANCE PERFORMANCEAIR QUALITY
WIRELESSPERFORMANCE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Target: SBA for
Government
Roadmap to Building a Borderless Experience and more!
Deployment Recommendations
•Step by step guide for technology adoption
Prescriptive Solutions
• Specific Cisco tested and validated solutions are prescribed within each guide to speed and simplify borderless enablement
Modular Design for the Future
• Modular approach protects IT investments and ensures phased builds work with the long-term strategy
Tested & Validated
Solutions Work
Together
Architectural
Design
Comprehensive
Solution
Systematic
Approach
• 100 to 10,000 endpoints
• Targeted at CCNA level
• Tested with ASE’s and Partners
• When implemented, it will work!
• Major reduction of deployment time
• Accelerates deployment of AT
• Foundation for all other architectures
• Defense networks (future)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
SBA for GovernmentLarge and Midsize Agency Subway Map
COL
BN
BN
DC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• LAN
• WAN/Aggregation
• Internet Edge
• 7K Core
• Regional Office/Remote
• Data Center
• IPv6 Addressing
• Wireless
• Data Security
WAN
Local Area Network
Regional Office
Remote
Teleworker/Mobile Worker
Internet
Hardware and Software VPN
Wireless Access Point
Client Access Switch
Branch Router with Application Acceleration
Collapsed Distribution/Core Switches
Wireless LAN Controller
Regional Router
Application Acceleration
Building 1 Building 2 Building 3 Building 4
Distribution Switches
Core Switches
WAN Aggregation
Application Acceleration
Wireless LAN
Controller
VPN
Remote Access VPN
Internet Edge Routers
Email Security Appliance
Guest WLAN
FirewallInternet Servers
Web Security Appliance
Internet Edge Data Center
Client Access
Switches
* Each contains a Deployment and Configuration guide
What Does it Look Like…
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
LAN Design - Resilient Core and Distribution
• Dual Box L3 Core
• Resilient Virtual Switch Design
Distribution Layer
• Loop-free topology
No STP for convergence
• No standby uplinks
Leverages EtherChannel
• No FHRP’s required
• < 1 second recovery
Mostly transparent to users apps
• Multiple product options
3750, 4507RE, 6500VSS
Local Area Network
Building 1 Building 2 Building 3 Building 4
Distribution Switches
Core Switches
WAN Aggregation
Application Acceleration
Wireless LAN
Controller
VPN
Remote Access VPN
Internet Edge Routers
Email Security Appliance
Guest WLAN
FirewallInternet Servers
Web Security Appliance
Internet Edge Data Center
Client Access
Switches
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Campus Access Design
• Switch selection
Standalone, stackable, or chassis
PoE on all ports
• CISF (Catalyst Infrastructure Sec
Features)
ARP inspection
DHCP snooping
Port security
IP source guard
• Voice & Video Enabled
Wired and wireless
QoS
Multicast
CDP
Wireless Access Point
IP Phones and Computers
Distribution
Client Access
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Collapsed Core with Cisco Nexus 7000
• Target:2,000—10,000 connected users
• Alternate core design: data center and campus cores are collapsed into one pair of devices
• Cisco Nexus 7000 used as core device due to its feature set and 10Gdensity
• Provides DCI with OTV(l2 over l3)
• Hitless ISSUBuilding 1 Building 2 Building 3 Building 4
LAN Distribution Switches
Data Center Access
Switches
LAN Access
Switches
Data Center and LAN Core Switches
Data Center Aggregation Switches
Local Area Network
Data Center
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
WAN Design
• Primary connectivityvia MPLS WAN
• Optional backupDMVPN WAN
• Application optimization
• Regional Access model
• Config CLI or LMS WAN 100 Product models change based on scale
Internet Edge 10k
WAN Aggregation
Application Acceleration
Wireless LAN Controller
VPN
Remote Access VPN
Internet Edge Routers
Guest WLAN
Firewall Internet Servers
Web Security Appliance
Internet Edge
Email Security Appliance
To Core
Internet
WAN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2525
Deployment Using CiscoWorks LMS (LAN Management Solution)
Best Practice SBA
Templates
Easy Deployment
1. Select Template
2. Select devices in
bulk
3. Override any config
manually
Immediate or
Scheduled Delivery
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2626
Deployment Using CiscoWorks LMS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2727
Deployment Using CiscoWorks LMS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Together with two colleagues in 2.5 hours, Cisco conducted a live implementation of the Foundation Routing & Switching, WAN, Edge, Firewalling, IPSec VPNRemote Access, EasyVPN branch office, controller-based WLAN and UC using the RDM method.
• Attendees loved it – highest-rated session of the whole Conference.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
http://cisco.com/go/govsba