The Context Aware Network A Holistic Approach to BYOD
1 like2,186 views
The document discusses Cisco's approach to Bring Your Own Device (BYOD) initiatives, emphasizing the need for an all-encompassing network strategy that facilitates secure and flexible access for various device types. It details Cisco's solutions, which include integrated policy management, mobility technology, and support for a wide range of devices, addressing security and compliance concerns while enhancing productivity. The document also highlights the growing demand for mobile connectivity and the challenges faced by IT professionals in managing personal devices within corporate networks.
![Device Profiling
Automated Device Classification Using Cisco Infrastructure Cisco
Innovation
DEVICE PROFILING
Profiling for both wired and wireless devices
POLICY
Printer Personal iPad
ISE
Access Point Personal
Printer Policy CDP CDP
iPad Policy
LLDP LLDP
DHCP DHCP
MAC MAC
[place on VLAN X] [restricted access]
Access
Point
The Solution DEPLOYMENT SCENARIO WITH CISCO IOS SENSOR
Efficient Device COLLECTION CLASSIFICATION AUTHORIZATION
Classification Leveraging Switch Collects Device Related ISE Classifies Device, Collects ISE Executes Policy Based on
Data and Sends Report to ISE Flow Information and Provides Device User and Device
Infrastructure Usage Report](https://image.slidesharecdn.com/cisco-byod-solution-mtauzia-120601100119-phpapp01/85/The-Context-Aware-Network-A-Holistic-Approach-to-BYOD-22-320.jpg)
The Context Aware Network A Holistic Approach to BYOD
- 1. The Context Aware Network A Holistic Approach to BYOD
- 2. Trends BYOD at Cisco Bring Your Cisco® BYOD Solution Own Device Use Cases Summary
- 3. Trends #CiscoPlusCA
- 4. Demand for Mobility 15 billion 56% new networked mobile of information workers devices by 2015 spend time working OUTSIDE THE OFFICE 3/4 of employees uses 100% MULTIPLE DEVICES of IT staff STRUGGLE for work to keep up with mobile needs
- 5. BYOD: An Enterprise Wide Project Network Compliance Team Operations Endpoint Team Security Operations Application Team Human Resources
- 6. A New Approach Is Required Routes All Requests Sources All Data Handles All Devices Shapes All Streams Controls All Flows Touches All Users Sees All Traffic 7
- 7. Cisco Unique BYOD Value Proposition One Network, One Policy, One Management More Than Just Device ownership is irrelevant: corporate, personal, guest, etc… Personal Devices More Than Just BYO devices need wired, wireless, remote and mobile access Wireless Access BYO devices can be any device: Windows PCs, Mac OS devices, More Than Just iPads any tablet, any smartphone, gaming consoles, printers…etc
- 8. BYOD at Cisco #CiscoPlusCA
- 9. Cisco-On-Cisco Client Mix 2,104 73M online Cius 8,144 meetings/yr. iPad 12,290 6,700+ BlackBerry Devices 2,185 -1.6% Growth Other Devices Linux Desktops -3.8% Growth 87,000+ Windows PCs 5,234 Android Devices 9.5% Growth 12,000+ Apple Macs 20,581 iPhones 3.9% Growth
- 10. Cisco-On-Cisco Realized Gain 59% 32% 20% more devices more users fewer cases
- 11. Cisco BYOD Solution #CiscoPlusCA
- 12. BYOD Spectrum Where are you on this BYOD spectrum? Limit Basic Enhanced Advanced Environment requires Focus on basic services Enable differentiated Company’s native tight controls and easy access for services and on-boarding applications, new almost anybody with security both onsite services, and full control and offsite Company’s only device Broader device types but Multiple device types, Manufacturing Internet only Multiple device types plus company issued environments Education environments access methods Innovative enterprises Trading floors Public institutions Healthcare Retail on demand Classified government Simple guests Early BYOD adopters Mobile sales services networks Contractor enablement (video, collaboration, etc.) Traditional enterprises
- 13. 400 IT professionals interviewed about BYOD, more than 65 percent said they don't have the necessary tools in place to manage personal devices on the corporate network, and 27 percent said they aren’t certain of all the personal devices that are accessing the network. #CiscoPlusCA
- 14. Cisco BYOD Smart Solution Elements Collaboration Application Policy Management Central Management Core Infrastructure Secure Mobility
- 15. Cisco Switching Differentiators for BYOD Cisco Switches Scale to Meet Diverse Deployment Scenarios Next Generation Workspace Cisco Switching Differentiators • Unique Support of Next Generation Workspace populated by smartphones, tablets and virtual Any Device HD Video VDI desktops • Support Widest Range of Devices • Prevent eavesdropping and facilitate Catalyst 3K-X Catalyst 4K compliance with MACSec Encryption • Device profilers and device Sensors, Deliver PoE High Consistent Policy Security Video Leadership Availability • Monitor mode greatly simplifies 802.1x Smart Operations deployments Lower TCO Enabling the BYOD Experience
- 16. Cisco Wireless Technology for BYOD Cisco Mobility Technology for High Performance Wireless Network Best-of-Breed Mobility Technology AP3600 Clean Air ClientLink 2.0 VideoStream Access Point Innovation Improved Performance Improved Performance Improved Performance The Tablet AP, Enhanced Proactive and automatic Proactive and automatic Wired multicast over a throughput and coverage interference mitigation beamforming Wireless network targeting advanced applications for tablets and For 802.11n and legacy smart devices clients Identity Services Engine (ISE) - Unified Policy Management Prime NCS – Central Network Management
- 17. Universal Management for BYOD Deployments Cisco Prime NCS for Unified Network Management Converged Access Management for Wired and Wireless Networks Wireless | Wired | Security Policy | Network Services Converged Security and Policy Monitoring Contextual status and monitoring across wired & wireless networks Centrally Organizes Day 1-to-n Management tasks Instructional configuration workflows Reduces the Time to Troubleshoot Integration with Cisco NCS Prime Improved Network Visibility - Faster Troubleshooting - Eliminate Configuration Errors
- 18. TrustSec Architecture Identity and Context Centric Security WHERE Business-Relevant WHAT WHEN Policies Security Policy WHO HOW Attributes Centralized Policy Engine Dynamic Policy & Enforcement Identity User and Devices SECURITY POLICY MONITORING AND APPLICATION ENFORCEMENT REPORTING CONTROLS
- 19. Policy: Who, What, Where, When, How Identity Services Engine (ISE) for Advanced Policy Management IDENTITY PROFILING 1 ISE HTTP 802.1x EAP NETFLOW User Authentication SNMP VLAN 10 DNS 2 VLAN 20 RADIUS Profiling to identify device Corporate DHCP Company asset Resources HQ 4 Wireless LAN Controller Policy 2:38pm Decision Internet Only Person 3 5 6 al asset Posture Enforce policy of the device in the network Full or partial Unified Access access granted Management
- 20. Simplified On-Boarding for BYOD Putting the End User in Control • Reduced Burden on IT staff – Device On-Boarding – Self Registration – Supplicant Provisioning • Reduced Burden on Help Desk Staff – Seamless, Intuitive User Experience • Self Service Model – My Device Registration Portal – Guest Sponsorship Portal
- 21. Device Authentication Leveraging Your Infrastructure Network Cisco Catalyst® Switch Identity Differentiators Monitor Mode Flexible Authentication Sequence IP Telephony Support Support for Virtual Desktop Guests Environments Authorized Tablets IP Phones Network Device Users 802.1X MAB and Profiling Web Auth Authentication Features IEEE 802.1x MAC Auth Bypass Web Authentication Consistent identity features supported on all Catalyst switch models
- 22. Device Profiling Automated Device Classification Using Cisco Infrastructure Cisco Innovation DEVICE PROFILING Profiling for both wired and wireless devices POLICY Printer Personal iPad ISE Access Point Personal Printer Policy CDP CDP iPad Policy LLDP LLDP DHCP DHCP MAC MAC [place on VLAN X] [restricted access] Access Point The Solution DEPLOYMENT SCENARIO WITH CISCO IOS SENSOR Efficient Device COLLECTION CLASSIFICATION AUTHORIZATION Classification Leveraging Switch Collects Device Related ISE Classifies Device, Collects ISE Executes Policy Based on Data and Sends Report to ISE Flow Information and Provides Device User and Device Infrastructure Usage Report
- 23. Device Posture Assessment ISE Posture Ensures Endpoint Health before Network Access Wired, Wireless, VN User Temporary Limited Network Non- Access Until Remediation Is Compliant Complete Sample Employee Policy: Challenge: Value: • Microsoft patches updated • Understanding health of device • Temporal (web-based) or • McAfee AV installed, running, Persistent Agent • Varying level of control over devices and current • Automatic Remediation • Cost of Remediation • Corp asset checks • Differentiated policy enforcement- • Enterprise application running based on role
- 24. Guest Management ISE Guest Service for Managing Guests Guest Policy Web Authentication Internet Wireless or Wired Guests Access Internet-Only Access Provision: Manage: Notify: Report: Guest Accounts via Sponsor Privileges, Guests of Account Details On All Aspects of Sponsor Portal Guest Accounts and Policies, by Print, Email, or SMS Guest Accounts Guest Portal
- 25. Extended Security on and off-premise AnyConnect, ASA, IPS, WSA & ScanSafe Cisco Cloud and Web Security Information Sharing Between ASA and WSA ASA & IPS Cisco Web Users Outside Security Appliance Network Social Networking Enterprise SaaS Corporate AD Email News
- 26. Remote Access: Cisco AnyConnect Optimized User Mobility • User friendly design • Industry-leading connectivity features • Integrated connection manager for enhanced security • Key Features: • Always On or On-Demand VPN • Auto Re-Connect (Persistence) • IPSec, SSL & DTLS VPN • Clientless WebVPN • Optimal Gateway Selection • Endpoint Posture Assessment
- 27. Device Management MDM & Cisco Solutions MDM Partners Cisco Device inventory User/device Threat defense Secure remote access authentication Device provisioning/de-provisioning Web usage policy Posture assessment Device data security Web application Policy enforcement DLP Device application security Context aware Cost management access control Full or selective device remote wipe ISE ScanSafe WSA IPS AnyConnect ASA
- 28. Simple BYOD Deployment Diagram Tying all the pieces together NCS Prime ISE MDM Manager 3rd Party MDM Appliance Cisco Catalyst Switches Cisco ASA WLAN Firewall Controller CSM / Wired ASDM Network Devices Office Wired Access Office Wireless Access Remote Access
- 29. Advanced Collaboration with Cisco Jabber Win, Mac iPad, Cius Smartphone Web
- 30. WebEx: Industry-Leading Meeting Solutions Industry-leading Document, Integrated with Delivered Securely Consistent, Web Conferencing Application, TelePresence and Over Cisco Cross-Platform Desktop Sharing Jabber for Enhanced Collaboration Cloud Experience • Audio, web, and high-quality video Collaboration • Windows, Mac, Linux, Unix, Solaris • Meeting, Training, Event, and Support • Supported on versions leading mobile devices • Available in 13 languages
- 31. Use Cases #CiscoPlusCA
- 32. BYOD Use Case: Basic Implementation Business Policy: Enable Wired and Wireless Access for Company and Personal Devices Unified Policy-Based Management Uncompromised Security Simplified On-Boarding • Provide identity-aware networking • Provide secure, scalable guest • Provide zero-touch device and data integrity access solutions registration and provisioning of • Universally and effectively control employee and guest devices • Authenticate users and endpoints user and device access through wired wireless access with consistent policy across the enterprise network Cisco® Cisco Wireless Wired Prime™ ISE NCS Smartphones Tablets Games and Thin and Virtual Desktop/Notebooks Printers Clients Devices Layer
- 33. BYOD Use Case: Advanced Implementation Business Policy: Provide Granular Access to Full Company Workspace, Both On and Off Site Enable a Full Mobile and Collaboration Experience Provide integrated policy management with mobile device management, deliver granular endpoint controls, provide layered security, and enforce network security policies for BYOD deployments Cisco WebEx Cisco Cisco ® Jabber™ Quad™ Enterprise Applications Cisco AnyConnect™ Cisco ® ScanSafe Cisco WSA Cisco ASA Cisco ISE Cisco Prime™ NCS Router Wireless Wired Smartphones Tablets Games and Thin and Virtual Desktop and Notebook Printers Clients Computers Devices Layer
- 34. Summary #CiscoPlusCA
- 35. Embrace Mobility While Ensuring Security Some Questions to Answer Do I have the WLAN capacity and reliability to support an increased number of mobile devices and future applications? How do I enforce security policies on noncompliant devices? How do I grant different levels of access to protect my network? How do I help ensure data loss prevention on devices for which I do not have visibility? How do I mitigate emerging threats targeted at mobile devices? How do I monitor and troubleshoot user and client connectivity problems on my access (wired and wireless) network? Is my network capable of delivering the scalability and performance required to achieve the benefits of a BYOD strategy?
- 36. Looking Ahead Is the Network Ready for Next Generation Applications? Mobile BYOD clients drive advanced applications for Voice, Video, and VXI Before: 1 Employee = 1 PC Next Generation Applications require more bandwidth and performance Tomorrow:Infrastructure3 or more Network Employee =Applications Today: 1 Multimedia Will Have = High To Scale Use Devices Bandwidth
- 37. Q&A #CiscoPlusCA
- 38. We value your feedback. Please be sure to complete the Evaluation Form for this session. Access today’s presentations at cisco.com/ca/plus Follow @CiscoCanada and join the #CiscoPlusCA conversation