Equip IT for BYOD - Cisco...Equip IT for BYOD: Learn How to Create a Flexible Mobile Architecture...
Transcript of Equip IT for BYOD - Cisco...Equip IT for BYOD: Learn How to Create a Flexible Mobile Architecture...
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.
Equip IT for BYOD: Learn How to Create a Flexible Mobile Architecture with an overview of Cisco’s UA
Paul DeBeasi, Research Vice President, Gartner
Chris Spain, VP of Product Marketing, Cisco
October 10, 2012
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.
Paul DeBeasi
How Do I Create a Flexible Mobile Architecture?
Use System Thinking to Create a Flexible Mobile Architecture
• Enterprises should use system thinking to create a flexible mobile architecture.
- System thinking encourages a holistic perspective, common goals, & collaboration.
- Silo thinking encourages a narrow perspective, individual goals, and isolation.
Mobility Ecosystem
Business Reqs.
User needs
Mobile Data
Mobile Apps.
Identity & security
Wireless
Manage & support
Policies
Mobility Often Has Circular Cause-Effect Relationships
• Circular cause-effect relationships can lead to:
- Premature decisions
- Unintended consequences
• B2E vs. B2C solutions:
- May need different architectures
- May have different lifespans
- Both can have circular cause-effect relationships
• Use system thinking to analyze circular relationships:
- Take a holistic view
- Use a decision framework
1. Virtualize iPad apps to reduce risk
2. Weak WLAN causes poor user
experience
3. Estimate WLAN investment
4. Assess risk versus WLAN investment
5. Rethink original decision
Holistic perspective
Circular cause/effect
Common goals
Collaboration
Generalist
Decision framework
Narrow perspective
Linear cause/effect
Individual goals
Isolation
Specialist
Ad hoc decisions
Mobility Requires System Thinking
Use an Architecture Decision Framework
• Encourages holistic perspective
• Aligns business, user, IT needs
• Guides cross-functional collaboration
• Exposes circular cause/effect relationships
• Adapts to different business needs and use cases
Determine Use Case, Business Requirements
Determine Identity Requirements
Determine Data Mobility &
Governance Requirements
Determine Application Architecture
Requirements
Determine Wireless Requirements
Determine Management Requirements
Determine Endpoint Control
Requirements
Start With Use Case & Business Requirements.
Iterate to Resolve Dependencies.
Business First, Then Technology
• Focus on business first, then on technology
- Mobility is a business problem, not simply a technology issue
• Assess business requirements and use cases
- Require a good working relationship between IT and business units
• Determine which use cases justify investment
- Prioritize uses cases. May require creating a business case
• Healthcare example
- Talk to physicians, understand use case and business importance, assess risk
Data Mobility & Governance
• Focus on your data
- Input/output, accuracy, storage, synchronization
- Often treated as an afterthought
- Affects risk, user experience, privacy, expenses
• Mobile governance requirements
- People, policy and process issues
- Establish a mobile center of excellence
- Assess what policies you can enforce
- Accept what you can't (e.g., BYOD)
BYOD!
Architectural decision
• Local data input & local storage
• Data is sensitive
• BYOD policy allowed
Architectural impact
• Need management & security control
• May need WLAN investment
• May need cellular investment
Determine Identity and Access Management Architecture
• IAM requirements
- Deeply woven into every mobility project
• Authentication
- Prove user legitimacy
• Arch. considerations
- Requirements
- Constraints
- Alternatives
Requirements
Data Sensitivity
User experience
Authorization location
Access governance
Constraints
Connectivity sufficiency
User-to-device auth.
Type of device
Device ownership
Alternatives
Local auth.
Remote auth.
Architectural decision
• Remote authentication
• Two-factor authentication
Architectural impact
• Wireless network dependency
• May impact app. architecture
• May impact user experience
Determine Application Architecture
• Don't begin here
- Resident native app?
- Mobile Web app?
- Framework evaluation?
• Instead, focus here
- App deployment
- App runtime
- Code partitioning
- Data residency
Code Partitioning
Mixed
Server
Device
Data Residency
Device
Mixed Cached
Mixed Unsynchronized
Mixed Synchronized
Server
Application Deployment
Mixed
Dynamic
Static
Application Runtime
Browser
Embedded Managed Container
Hosting Managed Container
Operating System
Virtualization
Architectural decision
• App deploy = static
• App runtime = browser
• Code = server, data = cached
Architectural impact
• Wireless network dependency
• Need security control (sensitive data)
• Match management to security
Determine Management Architecture
• No sensitive information
• No authentication credentials
No Endpoint Management
• Exchange Active Sync, Lotus Notes Traveller
• Low cost, easy to deploy Messaging Client
• Policy managers (e.g. BoxTone, Mobile Iron)
• MDM Containers (e.g., Good Tech.)
Mobile Device Management
• Managed application containers (e.g., Syclo, Verivo)
• Build management controls into mobile apps
Application Management
Architectural decision
• Use messaging client
Architectural impact
• May increase risk
• May need app. container (sensitive data)
• Local identity credential management?
Determine Wireless Requirements
• 802.11g/a/n, spatial streams
• 2.4 GHz vs. 5 GHz
• Stand-alone vs. coordinated APs
• 802.11ac, HotSpot 2.0 (future)
Wireless LAN
• Distributed Antenna Systems
• Small cell technology
• Wi-Fi vs. cellular
• Hybrid options
Mobile Cellular
Architectural decision
• No investment (802.11g WLAN)
• No investment (in-building cellular)
Architectural impact
• May limit application architecture
• May require endpoint controls
• May require MDM system
Determine Endpoint Security Controls
• Unmanaged endpoint:
- Low risk
• Moderately managed:
- Moderate risk
- Some policy & user restrictions
• Heavily managed:
- High risk
- Provisioned with restrictive policies
• Managed containers:
- Separates enterprise and personal information
Unmanaged endpoint
Moderately managed endpoint
Heavily managed endpoint
Managed containers
Architectural decision
• Heavily managed endpoint
• Managed containers required
Architectural impact
• May limit application architecture
• May required MDM system
• May impact user experience
Architectural Decision Framework Guides System Thinking
• Real world may not be so tidy
- No clear business case
- Poor communication, collaboration
- Silo decision making
- IT not aligned with business
• Decision framework can help
- Evolve process over time
- Improve decision making
- Improve collaboration
- Improve value of IT organization
Determine Use Case, Business Requirements
Determine Identity Requirements
Determine Data Mobility &
Governance Requirements
Determine Application Architecture
Requirements
Determine Wireless Requirements
Determine Management Requirements
Determine Endpoint Control
Requirements
Mobility Ecosystem
Business Reqs.
User needs
Mobile Data
Mobile Apps.
Identity & security
Wireless
Manage & support
Policies
Recommendations
Use systems thinking
- Provides holistic perspective, common goals, communication
Follow mobility decision framework
- Guides mobile architectural decisions
- Focuses on the key mobile architecture elements
Business first, then technology
- Mobility is a business problem, not simply a technology issue
Focus on your data
- Enterprises that fail to gain control over their data will increase their security and compliance risks
Improve your people skills
- Mobility requires cross-functional, cross-departmental collaboration
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.
Paul DeBeasi
How Do I Create a Flexible Mobile Architecture?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Chris Spain
Vice President of Marketing, Wireless Networking Group, Cisco
October 10, 2012
Enabling Business Innovation
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
By 2014, 90% of Organizations will allow Personal Devices For Work Use
BYOD CLOUD DATA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Connected Banking Connected Consumers
FINANCIAL RETAIL HEALTHCARE
Connected Healthcare
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Securing Device and Data
Managing Policy Consistently
Limited Visibility and Control
Unpredictable Performance
Inconsistent Application Behavior
IT CHALLENGES
Network Users and Devices Applications
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Connecting Clouds
Connecting People Connecting Devices
Secure
Consistent User
Experience
Simplified
CISCO UNIFIED ACCESS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Secure
Consistent User
Experience
Simplified
CISCO UNIFIED ACCESS
ONE Network
• Wired and wireless portfolio
• Consistent functionality across solutions
ONE Policy – Cisco ISE
• Single source of policy for wired/wireless/VPN, MDM
• Context-aware: Who, What, Where, When, How
ONE Management – Cisco Prime
• Wired/wireless/policy
• Real-time monitoring
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
UNIFIED ACCESS - WHAT’S NEW
Identity Services Engine (ISE)
Prime Management
Wired and Wireless Network
• New self-provisioning portal – My Devices
• Secure Group Access (SGA) - simplified role-based access control and enforcement based on context, avoids manual ACL/VLAN configs
• Consistent functionality across wired and wireless
Sub-second stateful switch over (SSO) for wireless
Application Visibility and control
• Context-aware access
• Enhanced Wireless portfolio
• One application for Cisco Prime Infrastructure 1.2 – wired/wireless
• Enhanced Application Visibility and Control (AVC), visualizing application flow for wired and wireless
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
ONE MANAGEMENT - WHAT’S NEW
Cisco Prime Infrastructure 1.2
Converged Visibility
Prime 360 Integrated Workflows Aligned
with Lifecycle Processes
Support the way network operators do their job
Prime Assurance Manager Enhanced Application Visibility
and Control (AVC)
Offering Wired and Wireless
Application Insight and Control
ISR G2 Routers NAM
ASR WLAN Controller
NEW
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
ONE POLICY - WHAT’S NEW Cisco Identity Service Engine Rel 1.1.1
Identity-based access control policy platform across wired, wireless or VPN.
Automated, role-based and consistent access control
enforcement across wired and wireless
Based on context: user, device, and location.
Self-registration personal device onboarding
Users self-management of their registered devices –
Moves, Adds, Changes & Blacklist (Lost)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
ONE NETWORK - WHAT’S NEW
• Extending enterprise features to midmarket
• Full RF excellence: Spectrum intelligence
• Client acceleration
• Industry’s first Enterprise-class 802.11ac AP
• Investment protection - field upgradable modular design
• Virtualized Controller
• Virtualized Mobility Services Engine
• Virtualized Prime
• Virtualized ISE
• Industry’s most scalable controller in 1RU
• 6000 APs and 64,000 clients support
• SP, large enterprises
2nd Generation 802.11n Access Points
AIRONET 2600 & 1600
2nd Generation 802.11n Access Points
AIRONET 3600
Mega Scale Wireless Controller
8500 SERIES
Complete Virtualized Deployment Option
Granular and Context-Aware Access Security Controls for BYOD Catalyst 2K & 3K Switches
TrustSec Secure Group Access (SGA), IPv6 Security
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
CISCO AIRONET ACCESS POINTS
Teleworker/Hospitality
600
Enterprise Class
1600
Mission Critical
2600
Best in Class
3600
• Basic Connectivity
• Deployment Flexibility
• Basic Connectivity
• Deployment Flexibility
• CleanAir Express
• ClientLink 2.0
• High Client Scalability
• CleanAir
• ClientLink 2.0
• VideoStream
Second Generation 802.11n
• High Client Density
• Investment Protection, modularity
• 802.11ac Support
• HD Video/VDI, VideoStream
• Best In Class Security
• ClientLink 2.0, CleanAir
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
2500 50APs
500 Clients
SRE – WLCM2 50 APs
500 Clients
5500 500 APs
7000 Clients
WiSM2 1000 APs
15000 Clients
FlexConnect
Private Cloud
Multi-architecture capable
Support Flex and Centralized
CONTROLLER PRODUCT PORTFOLIO
8500 6000 APs
64000 Clients
New
(7.3)
Virtual Controller 200 APs
3000 Clients
New
(7.3)
Flex7500 6000 Aps
64000 Clients
New
(7.3)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
UNIFIED ACCESS CUSTOMERS Cisco 2600APs - Predictable
and Scalable Wi-Fi for Rutgers
Business
Challenge
• Scalability: unstable and unmanageable wireless network due to significant increase in number of student (58,000), faculty (7000+), and mobile devices
• Rapidly growing school district in Texas
• Requires enhanced communications, collaboration and academic engagement in BYOD environment
Results Better User Experience
• No Interference - Cisco CleanAir detected leaky microwave in student center fixing a top issues
• Faster connection – 1000 Cisco AP 2600 with 3x4:3 MIMO
• Cost-effective deployment
Operational Efficiency
• More than $75,000 in annual cost savings
• Easy-to-manage environment foster collaborative communications
• Support higher-bandwidth demands
Pflugerville Independent
School District (PISD)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Investment Protection
Simplified Operations. Lower TCO
The ONLY Solution that Brings It All Together
Making IT More Responsive to the Business Less Time on IT Operations, More Time on IT Business Innovation
NEW Connected Experiences
CISCO UNIFIED ACCESS
Innovative Business Scenarios
Best Wired and Wireless In the Industry
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Presentation_ID
Cisco Aironet 2600 and 1600 Series Access Points
AVAILABILITY AND PRICING
• Available globally, now shipping
• (2600e) with external antennas: $1,195 USD list
• (2600i) with internal antennas: $1,095 USD list
• Available Q4CY2012
• (1600e) with external antennas: $795 USD list
• (1600i) with internal antennas: $695 USD list
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Presentation_ID
Cisco 8500 Series and Virtual Wireless Controller
AVAILABILITY AND PRICING
• Available globally, now shipping
• Starting price $75,000 for 300APs
• Available globally, now shipping
• 5 AP support: $750
• 25 AP support: $3750
Virtual Deployment
on any X86 Server
with VMWare HyperVisor