steven pollock 4-2 smart business architectures with borderless networks

Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.

Smart Business Architecturesand the case for Cisco Borderless Networks

Steven Pollock, CCIE#3148

Sr. Systems Engineering Manager

Borderless Network Architectures

United States Public Sector

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Government Business Challenges

The Network – Your Strategic Investment

Smart Business Architecture for Government

Next Steps


VideoMobilityWorkplaceExperience

© 2010 Cisco and/or its affiliates. All rights reserved.

7 Billion New

Wireless Devices

by 2015

Mobile Devices

IT Resources

Blurring the Borders

Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual

Changing the WayWe Work

Video projected to quadruple IP traffic by 2014 to 767 exabytes

Anyone, Anywhere, Anytime


Borderless Experience

ANYWHERE

ANYONE

ANYTIME

ANYTHING

Securely, Reliably, Seamlessly


Government Solutions

Helping Government Educate, Defend and Serve

Application Layer

Operations Applications Collaboration Applications

Network Infrastructure

Data CenterCollaborationBorderless Network

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7Cisco Confidential 7© 2010 Cisco and/or its affiliates. All rights reserved.

… a building without an architectural blueprint?

One problem creates another

Silo’d projects exist with no integration

plan

Constant re-design with additions

Changes are costly

Provides detailed proper planning and design

Allows a clean integration when additions are

made

Reduces Total cost of ownership

Additions do not require entire building re-design

Without a Blueprint With a Blueprint

Borderless Networks

CollaborationData Center/Virtualization


Infrastructure

Borderless End-Point/User Services

MobilityWorkplaceExperience

Securely, Reliably, Seamlessly:AnyConnect

Borderless Network ServicesBorderless Policy,

Management, and Smart Services

Switching

Wireless

WAAS

Routing

Security

Mobility:Motion

Security:TrustSec

Voice/Video: Medianet

Green:EnergyWise

App Performance: App Velocity

Video

Architecture for Agile Delivery of the Borderless Experience

PROFESSIONAL SERVICES: Realize the Value of Borderless Networks Faster

Optical


Context-Aware, Prioritized, High-Quality Voice and Video

No Resource Reservation, Degraded Voice and Video

CEO Meeting

M&A Negotiation

Sports Event

GLOBAL BUSINESS,

WORLDWIDE OFFICES

Can My Network Deliver Real-Time Collaboration Experiences?

CEO Meeting

M&A Negotiation

Sports Event

Transform Voice and Video Experiences


Up to 2X Improved Response Time and 90% Reduced Bandwidth Cost

Compromisedand Costly Experience

Can My Network Optimize Performance of Applications Anytime, Anywhere?

SP CShortest path

selected!

No applicationcontrol

Wastedbandwidth

SP D

SP D

SP A

SP B

Real-Time Fastest Path

Scalable App Visibility

Embedded WAN Optimization

SP C

SP D

SP D

SP C

SP D

SP D

SP A

SP B

SP A

SP B

Superior Application Performance, Better User Experience


―Lean‖ Application Hosting Provides Branch-to-Cloud Application Survivability

and Infrastructure Agility

Unreliable WAN Leads to Poor Experience with Cloud/Data Center

Hosted Applications

Can My Network Optimize Performance of Applications Anytime, Anywhere?

Cloud

WAN

Cloud

WAN

UCS-E

Enables Business Continuity and Network Reliability


Managed

Nightly Shutdown

$280,000

Additional Energy

Policies

$150,000

Annual

Energy Costs

$770,000

Reducing Energy Costs

Am I Using My Network to Reduce My Energy Costs?

Countywide OfficeEnergy Management

No Energy Management

COUNTY OFFICES

10,000 PCsTotal Savings

$430,000


―Guest‖ Access PolicyIT Devices Changed Manually

CONSULTANTFOR

A PROJECT

Guest Access Made Easy

Do I Have a Consistent Access Policy ArchitectureAcross My Network for All Users and Devices?


Encrypted, Tamper-Proof Transactions

Clear Data and Video Streams in LAN

DD D D D D D D D

VV V V V V V V V

DD D D D D D D D

VV V V V V V V VMALICIOUS GUEST USER

Next-Generation Security

Is My Network Ready for Current and Future Regulatory Requirements?


Next-Generation Security

Can Mobile Devices Access My Network Securely, Reliably and Seamlessly?

Secure Mobile ConnectivityUnmanaged Devices, Risk of

Data Loss, and Lack of Access

AcceptableUse

Access Control

Data Loss Prevention

MOBILEEXECUTIVE


802.11n Performance Protection

Can Mobile Devices Access My Network Securely, Reliably and Seamlessly?

CleanAir Detects and Mitigates Interference for Performance Protection

Wireless Interference Decreases 802.11n Performance

AIR QUALITY PERFORMANCE PERFORMANCEAIR QUALITY

WIRELESSPERFORMANCE


Target: SBA for

Government

Roadmap to Building a Borderless Experience and more!

Deployment Recommendations

•Step by step guide for technology adoption

Prescriptive Solutions

• Specific Cisco tested and validated solutions are prescribed within each guide to speed and simplify borderless enablement

Modular Design for the Future

• Modular approach protects IT investments and ensures phased builds work with the long-term strategy

Tested & Validated

Solutions Work

Together

Architectural

Design

Comprehensive

Solution

Systematic

Approach

• 100 to 10,000 endpoints

• Targeted at CCNA level

• Tested with ASE’s and Partners

• When implemented, it will work!

• Major reduction of deployment time

• Accelerates deployment of AT

• Foundation for all other architectures

• Defense networks (future)


SBA for GovernmentLarge and Midsize Agency Subway Map

COL

BN

BN

DC


• LAN

• WAN/Aggregation

• Internet Edge

• 7K Core

• Regional Office/Remote

• Data Center

• IPv6 Addressing

• Wireless

• Data Security

WAN

Local Area Network

Regional Office

Remote

Teleworker/Mobile Worker

Internet

Hardware and Software VPN

Wireless Access Point

Client Access Switch

Branch Router with Application Acceleration

Collapsed Distribution/Core Switches

Wireless LAN Controller

Regional Router

Application Acceleration

Building 1 Building 2 Building 3 Building 4

Distribution Switches

Core Switches

WAN Aggregation


Wireless LAN

Controller

VPN

Remote Access VPN

Internet Edge Routers

Email Security Appliance

Guest WLAN

FirewallInternet Servers

Web Security Appliance

Internet Edge Data Center

Client Access

Switches

* Each contains a Deployment and Configuration guide

What Does it Look Like…


LAN Design - Resilient Core and Distribution

• Dual Box L3 Core

• Resilient Virtual Switch Design

Distribution Layer

• Loop-free topology

No STP for convergence

• No standby uplinks

Leverages EtherChannel

• No FHRP’s required

• < 1 second recovery

Mostly transparent to users apps

• Multiple product options

3750, 4507RE, 6500VSS

Local Area Network

Building 1 Building 2 Building 3 Building 4

Distribution Switches

Core Switches

WAN Aggregation


Wireless LAN

Controller

VPN

Remote Access VPN



Guest WLAN

FirewallInternet Servers


Internet Edge Data Center

Client Access

Switches


Campus Access Design

• Switch selection

Standalone, stackable, or chassis

PoE on all ports

• CISF (Catalyst Infrastructure Sec

Features)

ARP inspection

DHCP snooping

Port security

IP source guard

• Voice & Video Enabled

Wired and wireless

QoS

Multicast

CDP

Wireless Access Point

IP Phones and Computers

Distribution

Client Access


Collapsed Core with Cisco Nexus 7000

• Target:2,000—10,000 connected users

• Alternate core design: data center and campus cores are collapsed into one pair of devices

• Cisco Nexus 7000 used as core device due to its feature set and 10Gdensity

• Provides DCI with OTV(l2 over l3)

• Hitless ISSUBuilding 1 Building 2 Building 3 Building 4

LAN Distribution Switches

Data Center Access

Switches

LAN Access

Switches

Data Center and LAN Core Switches

Data Center Aggregation Switches

Local Area Network

Data Center


WAN Design

• Primary connectivityvia MPLS WAN

• Optional backupDMVPN WAN

• Application optimization

• Regional Access model

• Config CLI or LMS WAN 100 Product models change based on scale

Internet Edge 10k

WAN Aggregation


Wireless LAN Controller

VPN

Remote Access VPN


Guest WLAN

Firewall Internet Servers


Internet Edge


To Core

Internet

WAN


Deployment Using CiscoWorks LMS (LAN Management Solution)

Best Practice SBA

Templates

Easy Deployment

1. Select Template

2. Select devices in

bulk

3. Override any config

manually

Immediate or

Scheduled Delivery


Deployment Using CiscoWorks LMS


• Together with two colleagues in 2.5 hours, Cisco conducted a live implementation of the Foundation Routing & Switching, WAN, Edge, Firewalling, IPSec VPNRemote Access, EasyVPN branch office, controller-based WLAN and UC using the RDM method.

• Attendees loved it – highest-rated session of the whole Conference.


http://cisco.com/go/govsba

steven pollock 4-2 smart business architectures with borderless networks

Technology

cisco andor

cisco confidential

network ready

performance of applications

guest access

waywireless devices

government business

exabytes mobile devices