cisco borderless networks - ibm · pdf filecisco borderless networks die moderne...

Cisco Borderless NetworksDie moderne Netzwerkinfrastruktur ermöglicht den sicheren Zugriff auf Daten - zu jeder Zeit, von überall, mit verschiedensten Geräten

Cisco Confidential 1© 2011 Cisco and/or its affiliates. All rights reserved.

auf Daten - zu jeder Zeit, von überall, mit verschiedensten Geräten

Marco Fahrni, R&S Systems Engineer ([email protected]) 18. Mai 2011

Warum ein Borderless Networks?

Borderless Networks Komponenten:

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

• TrustSec & Identity Solution Engine

• EnergyWise

• Medianet

The iPad impact


z

Client OS

Applications


ServerArchitecture

Devices

VideoMobility WorkplaceExperience

7 Billion New Wireless Devices

7 Billion New Wireless Devices

Blurring the BordersConsumer ↔ Workforce

Blurring the BordersConsumer ↔ Workforce

Changing the WayWe Work

Changing the WayWe Work

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5© 2010 Cisco and/or its affiliates. All rights reserved.

Wireless Devices by 2015

Wireless Devices by 2015

Mobile Devices

IT Resources

Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual

Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual

We WorkVideo projected to quadruple IP traffic

by 2014 to 767 exabytes

We WorkVideo projected to quadruple IP traffic

by 2014 to 767 exabytes

Anyone, Anywhere, Anytime

IT Consumerization

Mobile Worker

Location Border


Device Border

Video/Cloud

IaaS,SaaS

Application Border

External-FacingApplications

Internal Applications

Location

Device

Scalability

Availability

Performance


Application

Performance

Security

Manageability

Cost of Ownership

Scalability, Availability, Performance, Security

and Manageability

Across Non-IT-Controlled Environments

Then: Linear Now: Multi-Dimensional

SecurelySecurely ReliablyReliably SeamlesslySeamlessly


ANYONEANYONE ANY DEVICEANY DEVICE

ANYTIMEANYTIMEANYWHEREANYWHERE

Collaboration Data Center/Virtualization


Technology Portfolio

Borderless Networks

WAASWirelessSwitching RoutingSecurity

Architecture for Agile Delivery of the Borderless Experience

BORDERLESS

BORDERLESS END-POINT/USER SERVICES Securely, Reliably, Seamlessly: AnyConnect

App Energy Multimedia Security:POLICY


BORDERLESSINFRASTRUCTURE

Application Networking/ Optimization

Switching SecurityRoutingWireless

BORDERLESS NETWORK SYSTEMS

BORDERLESS NETWORK SERVICES

Mobility:Motion

App Performance: App Velocity

Energy Management: EnergyWise

Multimedia Optimization:

Medianet

Security:TrustSec

& ISE

UnifiedFabric

Extended Cloud

ExtendedEdge

UnifiedAccess

MANAGEMENT

SMART SERVICES: PROFESSIONAL AND TECHNICALRealize the Value of Borderless Networks Faster

APIs

The RIGHT Person

Anyone

Any Device


An approved Device

In The Right Way

Anywhere

Anytime

Introducing Identity Services Engine (ISE) and TrustSec 2.0

Policy RulesPolicy RulesProfilingProfilingAuthenticationAuthentication PosturePosture

TroubleshootingTroubleshootingMonitoringMonitoring


EndpointsEndpoints

TrustSec Planning and Design Service

Network Network EnforcementEnforcement

Non-User DevicesNon-User Devices

ISE: Policies for people and devices

Guest AccessGuest AccessAuthorized AccessAuthorized Access


Non-User DevicesNon-User Devices

• How do I discover non-user devices?

• Can I determine what they are?

• Can I control their access?

• Are they being spoofed?

• Can I allow guests Internet-only access?

• How do I manage guest access?

• Can this work in wireless and wired?

• How do I monitor guest activities?

Guest AccessGuest Access

• How can I restrict access to my network?

• Can I manage the risk of using personal PCs, tablets, smart-devices?

• Access rights on-prem, at home, on the road?

• Devices are healthy?

Authorized AccessAuthorized Access

• Centralized Policy

• Distributed Enforcement

• AAA Services

• Posture Assessment

ACS

NAC Profiler


• Guest Access Services

• Device Profiling

• Monitoring

• Troubleshooting

• Reporting

• Flexible licensing

NAC Guest

NAC Manager

NAC Server

Identity Services Engine

STOP

• Identity Services Engine 1.0 with 802.1x/NAC access control

• Switch-to-switch MACSecencryption


STOP

STOP encryption

• Catalyst 3750-X/3560-X,

• Catalyst 4500 – SUP7-E

• Catalyst 6500 SUP2T

• Security Group Tags, incl. enhancements for VDI

Internet“Employees should be able to

access everything but have limited access on personal

devices”

“Everyone’s traffic should be encrypted” Internal

Resources


Campus Network

“Printers should only ever communicate

internally”

Resources

Cisco WirelessLAN Controller

Cisco AccessPoint

Cisco® Identity Services EngineCisco Switch

Cisco Switch

Consolidated Services, Software Packages

ACS

NAC Profiler

NAC Guest

NAC Manager

NAC Server ISE

Location

User ID Access Rights

Session Directory

Flexible Service Deployment

AdminConsole

Distributed PDPs

M&TAll-in-One HA Pair

Device (& IP/MAC)


Simplify Deployment & Admin Tracks Active Users & Devices Optimize Where Services Run

Policy Extensibility

Link in Policy Information Points

Manage Security Group Access

Keep Existing Logical Design

System-wide Monitoring & Troubleshooting

Consolidate Data, Three-Click Drill-In

SGT Public Private

Staff

Guest

Permit

Deny

Permit

Permit

Converged Policy Platform

Unified AgentIdentity Based

Firewall

• AAA, 802.1x, guest, profiler, posture• System monitor & diagnosis

ISENAC ACS

GuestProfiler

• Offers Cisco AnyConnect™ technology: On- and off-premises security • User, group, device based policy

User group enforcement

Sales

HR

UK Employees


Simplified DeviceProfiling Network Infection Containment

System-wide Monitoring & Troubleshooting

• System monitor & diagnosis• “ISE”: Next-generation ACS + NAC

security• Extends 802.1x & VPN client + NAC• Extends management to Prime NCS

• User, group, device based policy• ASA & Positron platforms

• Cisco delivered device template feed• Switches collect & forward device

fingerprint, no traffic re-engineering

• Streamline the locate, contain, & remediation process

• Leverage reputation & NIPS feeds

• Single admin pane-of-glass• Wired & wireless infrastructure

Network Device

ProvisioningIdentity Policy

Monitoring & Troubleshooting

Client Management

Cisco Security Intelligence Ops

Environmental Reduce Costs Compliance


�Reduce greenhouse gas emissions

� Increase sustainability

�Reduce energy consumption and cost

�Measure Return On Investment

�Comply with government directives


http://www.uvek.admin.ch/dokumentation/00474/00492/index.html?lang=de&msg-id=31937


http://www.harvardbusinessmanager.de/heft/artikel/a-713450.html

• Lightning produces 20% of worldwide GhG Emissions.

• IT Industry produces 2% of worldwide GhG Emissions.

The majority of IT’s power

IT Equipment

25%Lighting

11% Other

6%


IT Electricity

Use Outside the

Data Center

55%

Data Center

Electricity Use

45%

• The majority of IT’s power consumption occurs outside of the data center.

Heating, Coolingand Ventilation

58%

Source: UK Energy Efficiency Best Practice Program; Energy Consumption Guide 19: Energy Use in Offices

Source: UK Energy Efficiency Best Practice Program; Energy Consumption Guide 19: Energy Use in Offices

Source: Forrester, Enterprise And SMB Hardware Survey, North America And Europe, Q3 2008

Poll Power of Network-Attached Devices:

Phones, APs, PCs, Building Systems

Optimize PowerDelivery of Policies


Building Systems

Show Power and Cost Savings Correlate Power and Actions

EnergyWise Management Application

EnergyWise Management Communications (TCP for Network-wide)

SNMP Management API

LMS

Third-Party Power Management Applications

TCP

Cisco ® EnergyWise Orchestrator


wide)

Domain—logical grouping of entities (child/ neighbor)

Endpoints are managed by policies and monitored for energy usage

EnergyWiseEndpoints

AP

Wireless Controller

EnergyWiseDomain

PoE Devices Building Facilities

Mediator

PCs and Laptops

Taking Control Of Your Business Energy Costs


Measure and Monitor IT Devices:PCs, Switches, PoE

Measure and Monitor IT Devices:PCs, Switches, PoE

Compelling, Easy to Use, Reporting for All AudiencesCompelling, Easy to Use, Reporting for All Audiences

Sophisticated, GranularPower Management thatMaximizes Energy Savings

Sophisticated, GranularPower Management thatMaximizes Energy Savings

Enterprise Energy Usage


*Source: Gartner Dataquest, Forecast of IT Hardware Energy Consumption, Worldwide, 2005-2012.

Über 60% vom Energieverbrauch kann mit

Cisco EnergyWise gemanaged werden.

• Collects and uploads time in

Management Server, Console, and Database

• Configure and manage endpoints• At-a-glance view of rolled-up data

PC Client

Cisco EnergyWise Orchestrator Sustainability Dashboard


IP Telephony

Wireless

Cisco EnergyWise PC Client

• Collects and uploads time in state data

• Enforces policies locally• Initiates communication with

server

• Normalizes power levels & policies

• Proxies for legacy devices

Cisco ® EnergyWise in Cisco IOS ®

Business Objectives:� Branches and HQ operate from 9:00

a.m. to 6:00 p.m.

� Control laptops, PCs, APs, phones

Solution:� Cisco EnergyWise deployed on

existing Cisco® Catalyst® Switches + BATTERY


existing Cisco Catalyst Switches + PC Agent

Business Value:� $415,475 annual savings (assuming

0.10/kwh), 55.6% power savings

� Emission reduction of 2,197 metric tones, equal to emissions from 399 cars; contributes to 81% of overall corporation emission reduction goals 10,000 Phones, 1000 APs

5,000 laptops, 5,000 PCs, 200 IP cameras

LOW

BATTERY

January 2009

March 2010 Future

PoE Devices

EnergyWise

FY10-FY12

Cisco EnergyWiseOrchestrator (Network + PC)

Building-automation

Extended


EnergyWise

Architecture(Network + PC)

Open API/SDK

Additional Platforms

Extended Management

Extension of Ecosystem

Phase 1.5:Cisco LMS 3.2

Integration

Building utility management and power distribution

Lighting

HVAC

Elevators

Security:Access Control

CCTV

IntruderAlert

PowerDistribution

Building Management Systems

Badge

Provides visibility, control ,and automation

Enterprise Service Management


Monitoring and managing PC

energy use Monitoring and reporting network energy use IT Power Management

Management Applications

PC

Printer

BadgeReader

Scanner

And many more…

cisco borderless networks - ibm · pdf filecisco borderless networks die moderne...

Documents