Bring Your Own Device© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2...

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Bring Your Own Device Cisco Values in BYOD

Eric NG ([email protected])

Technical Solution Architect

Enterprise Networking Group, Greater China


OLD WAY

EXECUTIVE

EMPLOYEE

IT

• Anywhere, anytime, any device usage

• Work is a function—globally dispersed,

mixed device ownership

• Change in IT control and management

paradigm — granularity beyond device

• Security lives in the network to allow for

BYOD

• Enterprise provided and managed user

devices

• Work is a place you go to—limited off campus access

• IT visibility and control into user devices and

applications

• Security lived on the IT managed endpoint

NEW WAY


Device Diversity is here to stay

89%

10%

1%

User Wants

• Consistent experience on multiple devices

• Seamless transitions between devices

• Separation of work and personal data

• Keep up with tech and social trends

IT Wants

• Proactive adoption of consumer/mobile devices

• Embrace BYOD without sacrificing security,

management, business standards

• Lower organizational costs

• Improved agility

23%

36%

26%

75%

22%


Human Resources

Compliance Operations

Security Operations

Application Team

Endpoint Team

Network Team


Denied or Restricted Bought in Encouraged Allowed

Environment requires

tight controls

Corp Only Device

Mfg Environment

Trading Floor

Classified Gov Networks

Traditional Enterprise

Focus on basic services,

easy access, almost

anybody

Broader Device Types But

Internet Only

Edu Environments

Public Institutions

Simple Guest

Enable differentiated services,

on-boarding with security but

no ownership

Multiple Device Types +

Access Methods, VDI

Healthcare

Early BYOD Enterprise Adopters

Contractor Enablement

Corp native apps, new

services, full control

Multiple Device Types,

Corp Issued, MDM

Innovative Enterprises

Retail on Demand

Mobile Sales Services (Video,

Collaboration, etc.)


Building blocks of Cisco BYOD Solution


Policy

Next Generation Workspace

Management

Security Unified Access


VPN External Wi-Fi Internal Wi-Fi Wired

De

ny o

r R

estr

ict

Bo

ug

ht In

E

nco

ura

ged

A

llow

Devices Layer

Smartphones

Desktop/Notebooks

FW Router Wireless Wired ISE

Tablets

Thin/VirtualClients

Connectivity Layer

Prime Infrastructure

Where to start with BYOD?


CleanAir

Chip level proactive and automatic electronic beamforming

Simplified advanced RF management

Chip level wired multicast over a Wireless network

ClientLink

VideoStream

Chip level proactive and automatic interference mitigation

Radio Resource

Management

Best-of-Breed and Best-in-Class Mobility Predictability

Best-of-Breed and Best-in-Class Policy and Network Management

ISE (Control)

PI (Visibility)

Who? What? When? Where? How?

Persistent context-aware VPN connectivity AnyConnect

BandSelect Proactive and automatic band steering for 5GHz capable clients

FW Router Wireless Wired

Unified Access

ISE

Policy

NCS Prime

Management


Policy Profiling

VLAN 10

VLAN 20

Personal

Employee

Corporate

Wireless LAN Controller

Corporate Resources

Restricted Internet Only

USER LOCATION

TIME Access Method

DHCP

RADIUS SNMP

NETFLOW

Corporate Issued Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 10” on same SSID 5. Full access granted 6. Full device visibility

PERSONAL Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 10 or 20” on same SSID 5. Full or Restricted access granted 6. Full device visibility

HTTP

DNS DEVICE

Centralized Policy Engine

Unified Access Management

Single SSID

ISE

Policy


VPN External Wi-Fi

Internal Wi-Fi Wired

De

ny o

r R

estr

ict

Bo

ug

ht In

E

nco

ura

ged

A

llow

Devices Layer

Smartphones

Desktop/Notebooks


Tablets

Thin/VirtualClients

Connectivity Layer

ISE NCS Prime AnyConnect ScanSafe ESA/WSA

NCS Prime

Taking BYOD outside the Enterprise?


Acceptable Use

Access Control

Data Loss Prevention

Choice

Diverse endpoint support for greater

flexibility

Security

Rich, granular security integrated into the

network

Experience

Always-on intelligent connection for seamless

experience and performance Intranet

Corporate File Sharing

Access Granted

AnyConnect Client

Threat Prevention ASA WSA

AnyConnect ScanSafe ASA/WSA

Security


VPN External Wi-Fi

Internal Wi-Fi Wired

De

ny o

r R

estr

ict

Bo

ug

ht In

E

nco

ura

ged

A

llow

Devices Layer

Smartphones

Desktop/Notebooks


Tablets

Thin/VirtualClients

Connectivity Layer

ISE NCS Prime AnyConnect ScanSafe ASA/WSA

. . . ISE NCS Prime

NCS Prime

VXI Quad Jabber Webex

Delivering Applications on BYOD


Only Cisco can tie all the pieces together!

NCS Prime

ISE

Cisco WLAN

Controller

AC NAM (Win Only)

Wired Network Devices

Cisco Catalyst

Switches

AC NAM (Win Only)

3rd Party MDM Appliance

CSM / ASDM

MDM Manager

AC VPN (All Mobile)

AC Cloud Web Security (All PC’s)

IronPort WSA


Control and Visibility for IT—Predictability for Users

Access Switches

Compact 3750-X/3850 2960-S 4500E

Distribution Switches

6500 Series

Access Points

600 Series

Teleworker

3500p Series

Density

1550 Series

Outdoor

1600

2600

3700

Indoor

3600

Mobility Services Engine

3310 and 3355

Physical or Virtual

Wireless LAN Controllers

2500 Series WLC on SRE

5500 Series WiSM2

7500

Identity and Policy Data Integration

ISE

NCS

Physical or Virtual

8500

vWLC

http://www.cisco.com/en/US/products/ps11579/index.html

















• Now Add

• AnyConnect

• IronPort

• ScanSafe

• Wired/Wireless/FW Infra

• ISE

• Prime Infrastructure

Deny or Restrict Bought In Encouraged Allow

• Now Add

• MDM

• Apps (Webex, Jabber, Quad)

Unified Access

Thank you.

Bring Your Own Device© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2...

Documents

Transcript of Bring Your Own Device© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2...