cisco’s borderless network architecture vision and strategy
DESCRIPTION
Cisco’s Borderless Network Architecture Vision and Strategy. July 2012. Why Architectures?. Agenda. Why Borderless Network Architecture?. What can a Borderless Network Architecture do for you?. Closing. What Do Enterprises Want to Achieve?. Drive Business Transformation. - PowerPoint PPT PresentationTRANSCRIPT
© 2011 Cisco and/or its affiliates. All rights reserved. 1CISCO CONFIDENTIAL INTERNAL USE ONLY
Cisco’sBorderless Network Architecture Vision and Strategy
July 2012
© 2011 Cisco and/or its affiliates. All rights reserved. 2CISCO CONFIDENTIAL INTERNAL USE ONLY
AgendaWhy Borderless Network Architecture?
Closing
Why Architectures?
What can a Borderless Network Architecture do for you?
© 2011 Cisco and/or its affiliates. All rights reserved. 3CISCO CONFIDENTIAL INTERNAL USE ONLY
Drive BusinessTransformation
Enable ITEffectiveness
Empowerthe User
What Do Enterprises Want to Achieve?
User Experience, Innovation, Productivity,
Efficiency
New Business Models, Revenue Streams & Market Opportunities
Total Cost of Ownership, Risk Mitigation, E2E Security, Investment
Protection
© 2011 Cisco and/or its affiliates. All rights reserved. 4CISCO CONFIDENTIAL INTERNAL USE ONLY
Enterprise Megatrends
MOBILITYBYOD
CLOUDSaaS | DC / VTHE NETWORK
IMMERSIVECOLLABORATIONPervasive Video
COST CONTROL, TCO, Operational Efficiency
IT EFFECTIVENESS, Service and Network Management
SECURITY, Accelerating Cyber-Threats
$
© 2011 Cisco and/or its affiliates. All rights reserved. 5CISCO CONFIDENTIAL INTERNAL USE ONLY
CLOUDSaaS | DC / V
MOBILITYBYOD
IMMERSIVECOLLABORATIONPervasive VideoCisco’s Architectural Approach
Data Center/Virtualization
Collaboration
Borderless Networks
© 2011 Cisco and/or its affiliates. All rights reserved. 6CISCO CONFIDENTIAL INTERNAL USE ONLY
Borderless Networks
Network Implications: Shifting Borders
IT Consumerization
Device Border
Mobile Worker
Location Border
Video/Cloud
IaaS,SaaS
Application Border
External-FacingApplications
Internal Applications
© 2011 Cisco and/or its affiliates. All rights reserved. 7CISCO CONFIDENTIAL INTERNAL USE ONLY
ScalabilityAvailability
Performance Security
and Manageability
Across Non-IT-
ControlledEnvironments
Before: Linear
Scalability
Availability
Performance
Security
Manageability
Cost of Ownership
Now: Multidimensional
Application
Same Challenges: Increasing Complexity
Device
Location
© 2011 Cisco and/or its affiliates. All rights reserved. 8CISCO CONFIDENTIAL INTERNAL USE ONLY
BYOD Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
IT/OT Convergence
Key ITInitiatives
Man
agem
ent P
R
I
M
E
Focus Moves to Key System Pillars Addressing Customer Pain Points
Network and End-Point Services
EnergyWiseEnergy
Management
TrustSecPolicy
Enforcement
App VelocityApp
Performance
MedianetMultimedia
Optimization
Technology Innovation
Wireless Routing SwitchingApplicationNetworking/Optimization
SecurityAppliance
and Firewall
Systems Excellence
SecureX
Unified AccessCloud Intelligent
NetworksConnected Industries
Borderless Networks 2.0
SecureX
Unified Access Cloud IntelligentNetworks
Connected Industries
© 2011 Cisco and/or its affiliates. All rights reserved. 9CISCO CONFIDENTIAL INTERNAL USE ONLY
Borderless Networks 2.0
BYOD Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
IT/OT Convergence
Key ITInitiatives
Man
agem
ent P
R
I
M
E
Focus Moves to Key System Pillars Addressing Customer Pain Points
Systems Excellence
SecureX
Unified AccessCloud Intelligent
NetworksConnected Industries
Network and End-Point Services
EnergyWiseEnergy
Management
TrustSecPolicy
Enforcement
App VelocityApp
Performance
MedianetMultimedia
Optimization
Technology Innovation
Wireless Routing SwitchingApplicationNetworking/Optimization
SecurityAppliance
and Firewall
© 2011 Cisco and/or its affiliates. All rights reserved. 10CISCO CONFIDENTIAL INTERNAL USE ONLY
Enabled by:Borderless Network Architecture
Multi-purpose: Energy Management, Building Control, Physical Security, Asset Tracking, etc.
Integrated Security from Premise to the Cloud
Application and Endpoint Intelligence with Policy, Optimization, and location-awareness
Media Aware Control to Support Voice/Video Integration
Standards + Innovations Driving Standards
Enabled by:‘Good Enough’ Network
Single Purpose
Security as a Bolt-On
Application and Endpoint Ignorant
Basic QoS
Standards-Based
Which Workspace Will Your Customer Deliver?
Traditional Workspace Next-Generation Workspace
Data Voice AnyDevice
ImmersiveCollaboration
VirtualDesktop
Mobile
© 2011 Cisco and/or its affiliates. All rights reserved. 11CISCO CONFIDENTIAL INTERNAL USE ONLY
TIME
The Post PC Era Is Here
Any Place, Any Time
B e n e f i t s
Improved Productivity
Cost Control
Today 56% of US workers are located outside of an office (Forrester)
From 2010 to 2011 there was a 30% increase in # of Consumer devices accessing business applications (IDC)
By 2015, 90% of businesses will allow personal devices for work use (Gartner)
By 2015, 802.11n and 802.11ac Wi-Fi technology will dominate the wireless market (ABI Research)
Wi-Fi is may become the primary means by which wireless data is consumed on smart phones (The Guardian)
© 2011 Cisco and/or its affiliates. All rights reserved. 12CISCO CONFIDENTIAL INTERNAL USE ONLY
The Post PC Era Is Here
Technical Risk• Difficult to secure and control• How do you know user devices haven’t
been compromised already?• Malware• Access control breach• Oversubscribed Infrastructure Source: 2011 ISACA IT Risk/Reward Barometer, US
Edition (www.isaca.org/risk-reward-barometer)
Business Risk• Intellectual Property vulnerability• Data loss from stolen or lost devices• Privacy rights (Personal vs Corporate
Owned)• Frequently Traded in and traded up• Challenges tracking compliance
…but, BYOD Brings Great Risk
© 2011 Cisco and/or its affiliates. All rights reserved. 13CISCO CONFIDENTIAL INTERNAL USE ONLY
BYOD Starts with a Business Decision:Who Should Have Access?
The BYOD Access SpectrumBasic
• Internet Access• Guest Networks• Education
Limited Access• Classified
Networks• Compliance
Issues• Critical
information
Enhanced• User needs
workspace access to application plus confidential information based on location
Advanced• User needs full
workspace regardless of location
• IT needs to control and manage data
© 2011 Cisco and/or its affiliates. All rights reserved. 14CISCO CONFIDENTIAL INTERNAL USE ONLY
VPN WIRELESSWIRED
Unified Access
© 2011 Cisco and/or its affiliates. All rights reserved. 15CISCO CONFIDENTIAL INTERNAL USE ONLY
Good
MDMManage
r
AnyConnect VPN
Cisco WLAN
Controller
PrimeNCS
Wired Network Devices
Unified AccessIntegrates Wired+Wireless+VPN together simply and securely with scale
CiscoCatalystSwitches
Identity Services Engine
© 2011 Cisco and/or its affiliates. All rights reserved. 16CISCO CONFIDENTIAL INTERNAL USE ONLY
Cisco ISEIdentity Services
Engine
Simplified Policy
Management
Unified AccessPolicy Management - A System to Implement Technical Policy
Authentication Services
I want to allow the “right” users and
devices on my network
Authorization Services
I want user and devices to receive appropriate
network services
Guest Lifecycle Management
I want to allow guests into the network
Profiling Services
I need to allow/deny iPADs in my network
(BYOD)
ProvisioningServices
I want to allow the “right” users and
devices on my network
Security Group Access Management
I need a scalable way of authorizing users or devices in the network
© 2011 Cisco and/or its affiliates. All rights reserved. 17CISCO CONFIDENTIAL INTERNAL USE ONLY
Source Group Access
Unified Access – Policy EnforcementExceptional Control Through the Network – TrustSec
Unrestricted for Employees/Partner
s
Employee
Partner
GuestInternet
Group users independent of IP address and location
Packets are “tagged” based on user role and context
Scalable and simplified management with a single policy per group
Scalable Enforcement independent of network topology
The Solution
Deployment Scenario with Security Group Access (SGA)
© 2011 Cisco and/or its affiliates. All rights reserved. 18CISCO CONFIDENTIAL INTERNAL USE ONLY
Unmanaged Devices, Risk ofData Loss, and Lack of Access
Unified Access – Securing Client MobilityNext-Generation Security – AnyConnect
MOBILEEXECUTIVE
Secure Mobile Connectivity
Can Mobile Devices Access My Network Securely, Reliably and Seamlessly?
AcceptableUse
Access Control
Data Loss Prevention
© 2011 Cisco and/or its affiliates. All rights reserved. 19CISCO CONFIDENTIAL INTERNAL USE ONLY
Improved Network Visibility Faster Troubleshooting Eliminate Configuration Errors
Unified Access – Simplified Management Single Pane of Glass View and Management
• Converged Security and Policy Monitoring• Contextual status and monitoring dashboards
across wired and wireless networks
• Integration with Cisco NCS Prime
• Improves IT efficiency• Provides single view of all user access data• Advanced troubleshooting - Less time
and resources consumed
Converged Access Management for Wired and Wireless Networks Wireless | Wired | Security Policy | Network Services
© 2011 Cisco and/or its affiliates. All rights reserved. 20CISCO CONFIDENTIAL INTERNAL USE ONLY
Interference ProtectionDetect, Classify, Locate and Mitigate Interference Improving Network Reliability and Performance
Improved Client PerformanceBeam Forming = More Bars Everywhere and a Superior User Quality of Experience
Superior Video Quality Improves predictability and performance to deliver Wired-like video experience over Wireless
Unified AccessEnsuring Ubiquitous and High Quality Wireless
CleanAir
ClientLink
VideoStream
• Multicast to Unicast Conversion at the AP
• Selectable Stream Prioritization
• Resource Reservation Prevents Oversubscription
Air Quality Performance
© 2011 Cisco and/or its affiliates. All rights reserved. 21CISCO CONFIDENTIAL INTERNAL USE ONLY
Borderless Networks 2.0
BYOD Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
IT/OT Convergence
Key ITInitiatives
Network and End-Point Services
Focus Moves to Key System Pillars Addressing Customer Pain Points
EnergyWiseEnergy
Management
TrustSecPolicy
Enforcement
App VelocityApp
Performance
MedianetMultimedia
Optimization
Technology Innovation
Wireless Routing SwitchingApplicationNetworking/Optimization
SecurityAppliance
and Firewall
Systems Excellence
SecureX
Unified AccessCloud Intelligent
NetworksConnected IndustriesP
R
I
M
E
Man
agem
ent
© 2011 Cisco and/or its affiliates. All rights reserved. 22CISCO CONFIDENTIAL INTERNAL USE ONLY
The Big Issue in NetworkingDramatic Increase in Network demand
Bandwidth (Core CapNet)
GROWTH420%
58 Gbps
11 Gbps20112006
Video End Points
20112006
7,000
~500
GROWTH1,300%
Cisco Virtual Offfice Users/Routers
20112006
22,000
~1,500
GROWTH1,366%
Cisco IT Experience
© 2011 Cisco and/or its affiliates. All rights reserved. 23CISCO CONFIDENTIAL INTERNAL USE ONLY
Causes….Service Level Requirements
Source: Cisco Visual Networking Index 2011, The Strategic Network - Cisco, Forrester, 2010
Video will Quadruple all IP traffic by 2014
Latency and Jitter become critical factors in
deployment
High Definition Video drives large bandwidth increases
Video
56% of organizations want to virtualize the desktop
Availability requirements increase dramatically
The new workspace will increase WAN BW
significantly, including voice and video
Visibility and Control are greatly reduced
VDI
Cloud Technology will be used by 70% of Enterprises in 2012
More than 90% route public cloud traffic through the
central site
Cloud applications are bandwidth and delay
sensitive
Security and Availability become critical
Cloud
© 2011 Cisco and/or its affiliates. All rights reserved. 24CISCO CONFIDENTIAL INTERNAL USE ONLY
Cisco Cloud Intelligent NetworkNext Generation Enterprise WAN
Secure & Scalable Architecture
• Modularity to support continued growth
• Pervasive Security, including Cloud access
• Scale from regional to global networks
• High Availability to 6 9’s
Rich Network Services
• Medianet for Pervasive Video
• Application Performance enhanced user experience
• IPv6 for emerging markets and solutions
• PfR for availability and Application performance
Simplified Operation & Implementation
• Simplified deployment with validated designs
• Prime Management for ease of operations
Transform Enterprise WAN and Campus Core to support evolving Business Environments and Applications
© 2011 Cisco and/or its affiliates. All rights reserved. 25CISCO CONFIDENTIAL INTERNAL USE ONLY
Key ITInitiatives
Focus Moves to Key System Pillars Addressing Customer Pain Points
Network and End-Point Services
EnergyWiseEnergy
Management
TrustSecPolicy
Enforcement
App VelocityApp
Performance
MedianetMultimedia
Optimization
Technology Innovation
Wireless Routing SwitchingApplicationNetworking/Optimization
SecurityAppliance
and Firewall
Systems Excellence
SecureX
Unified AccessCloud Intelligent
NetworksConnected Industries
Borderless Networks 2.0
P
R
I
M
E
Man
agem
ent
Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
IT/OT ConvergenceBYOD
© 2011 Cisco and/or its affiliates. All rights reserved. 26CISCO CONFIDENTIAL INTERNAL USE ONLY
CAPABILITIES
MARKETSEGMENT
FOCUS Process Mfg. Oil & Gas Transportation Discrete
ManufacturingMachine to
Machine
Ruggedized Wireless
Access Points
IndustrialSwitches
Industrial Security
Hardened Mobile M2M Gateway
Industrial Professional
Services
© 2011 Cisco and/or its affiliates. All rights reserved. 27CISCO CONFIDENTIAL INTERNAL USE ONLY
Today: Disparate, Unconnected Legacy Networks
CORE BUSINESS OPERATIONSIT
IP-Rich
© 2011 Cisco and/or its affiliates. All rights reserved. 28CISCO CONFIDENTIAL INTERNAL USE ONLY
Cisco - positioned to assist companies transform their business thanks to its holistic IT and OT focus
But Operational Technology Networks Are Moving
…to open systems and standard protocols
From proprietary operating systemsand protocols
…to integrated and connected information flow
From segmented and siloed data flow
…to converged, secure and collaborative operations
From disparate wired and wireless networks
Leveraging Core Cisco IT Capabilities to Assist theIndustrial World on Its Path to Convergence
© 2011 Cisco and/or its affiliates. All rights reserved. 29CISCO CONFIDENTIAL INTERNAL USE ONLY
IT and OT converge
Tomorrow: A Converged Network with Connected Devices
CORE BUSINESS OPERATIONSIT
The Network
+
IP-Rich
© 2011 Cisco and/or its affiliates. All rights reserved. 30CISCO CONFIDENTIAL INTERNAL USE ONLY
FROM TO
Piecemeal Designs# ! %
Coordinated Systems
Point Enforcement Unified Enforcement
Limited Foresight 360° Visibility & Control
Customer Tested Validated Designs
End-To-End SecurityNew Networks Require A New Approach
© 2011 Cisco and/or its affiliates. All rights reserved. 31CISCO CONFIDENTIAL INTERNAL USE ONLY
Compliance (GRC)
Services (TS, AS, Partner)
Network (Enforcement)
Distributed Workers & BYOD
Secure Unified Access
Protecting NetworkEdges
Threat Defense
SecuringCloud
Transition
Virtualization & Cloud
Application Visibility & Control
AuthorizingContentUsage
Threat Intelligence (Visibility)
Contextual Policy (Control)
SecureXAn integrated and holistic network-based security strategy
© 2011 Cisco and/or its affiliates. All rights reserved. 32CISCO CONFIDENTIAL INTERNAL USE ONLY
NETWORK
Embedding Security within the InfrastructureOffers Comprehensive Visibility and Scalable Enforcement
Enhances Security Greater Scalability Comprehensive Visibility Lower TCO
Threat Intelligence
Visibility
Enforcem
ent
Behavioral Analysis
EncryptionIdentity Awareness
Device Visibility Policy Enforcement
Access Control
Threat Defense
Sees All Traffic
Routes All RequestsSources All Data
Controls All Flows
Handles All Devices
Touches All UsersShapes All Streams
ESA ASA WSAAnyConnectScanSafe IPS
Contextual Policy
© 2011 Cisco and/or its affiliates. All rights reserved. 33CISCO CONFIDENTIAL INTERNAL USE ONLY
Borderless Network ArchitecturalFramework Benefits
In Closing…
Empower the UserUser Experience,
Innovation, Productivity, Efficiency
Drive Business Transformation
New Business models, Revenue streams & Market opportunities
Enable ITTotal Cost of ownership,
Risk Mitigation, Investment Protection
© 2011 Cisco and/or its affiliates. All rights reserved. 34CISCO CONFIDENTIAL INTERNAL USE ONLY
Thank you.
© 2011 Cisco and/or its affiliates. All rights reserved. 35CISCO CONFIDENTIAL INTERNAL USE ONLY
Innovation with Lower Costs
TCO Comparison
ArchitectureGood Enough
Up to-15%
CAPEX
Administration & Staffing
Energy Savings
Refresh Cycle
© 2011 Cisco and/or its affiliates. All rights reserved. 36CISCO CONFIDENTIAL INTERNAL USE ONLY
IPv6
The Evolution of the Network…the journey continues…
Millions
Billions
Trillions
1985 2020+
© 2011 Cisco and/or its affiliates. All rights reserved. 37CISCO CONFIDENTIAL INTERNAL USE ONLY
Network Trends Affect Security
MOBILITY
• BYOD - Anywhere• 3rd Party Applications• Policy Management• Mobile Data
THREATS
• Expanding Attack Surface• Increasing Sophistication• Everything Is A Target• Inverted Network Design
CLOUD
• Physical to Virtual• Virtual to Cloud• Cloud Applications• Changes Everything
© 2011 Cisco and/or its affiliates. All rights reserved. 38CISCO CONFIDENTIAL INTERNAL USE ONLY
Borderless Networks 2.0
BYOD Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
IT/OT Convergence
Key ITInitiatives
Network and End-Point Services
Focus Moves to Key System Pillars Addressing Customer Pain Points
EnergyWiseEnergy
Management
TrustSecPolicy
Enforcement
App VelocityApp
Performance
MedianetMultimedia
Optimization
Technology Innovation
Wireless Routing SwitchingApplicationNetworking/Optimization
SecurityAppliance
and Firewall
Systems Excellence
SecureX
Unified AccessCloud Intelligent
NetworksConnected IndustriesP
R
I
M
E
Man
agem
ent