© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Bring Your Own Device Cisco Values in BYOD
Eric NG ([email protected])
Technical Solution Architect
Enterprise Networking Group, Greater China
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
3 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
OLD WAY
EXECUTIVE
EMPLOYEE
IT
• Anywhere, anytime, any device usage
• Work is a function—globally dispersed,
mixed device ownership
• Change in IT control and management
paradigm — granularity beyond device
• Security lives in the network to allow for
BYOD
• Enterprise provided and managed user
devices
• Work is a place you go to—limited off campus access
• IT visibility and control into user devices and
applications
• Security lived on the IT managed endpoint
NEW WAY
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Device Diversity is here to stay
89%
10%
1%
User Wants
• Consistent experience on multiple devices
• Seamless transitions between devices
• Separation of work and personal data
• Keep up with tech and social trends
IT Wants
• Proactive adoption of consumer/mobile devices
• Embrace BYOD without sacrificing security,
management, business standards
• Lower organizational costs
• Improved agility
23%
36%
26%
75%
22%
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Human Resources
Compliance Operations
Security Operations
Application Team
Endpoint Team
Network Team
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Denied or Restricted Bought in Encouraged Allowed
Environment requires
tight controls
Corp Only Device
Mfg Environment
Trading Floor
Classified Gov Networks
Traditional Enterprise
Focus on basic services,
easy access, almost
anybody
Broader Device Types But
Internet Only
Edu Environments
Public Institutions
Simple Guest
Enable differentiated services,
on-boarding with security but
no ownership
Multiple Device Types +
Access Methods, VDI
Healthcare
Early BYOD Enterprise Adopters
Contractor Enablement
Corp native apps, new
services, full control
Multiple Device Types,
Corp Issued, MDM
Innovative Enterprises
Retail on Demand
Mobile Sales Services (Video,
Collaboration, etc.)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Building blocks of Cisco BYOD Solution
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Policy
Next Generation Workspace
Management
Security Unified Access
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
VPN External Wi-Fi Internal Wi-Fi Wired
De
ny o
r R
estr
ict
Bo
ug
ht In
E
nco
ura
ged
A
llow
Devices Layer
Smartphones
Desktop/Notebooks
FW Router Wireless Wired ISE
Tablets
Thin/VirtualClients
Connectivity Layer
Prime Infrastructure
Where to start with BYOD?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
CleanAir
Chip level proactive and automatic electronic beamforming
Simplified advanced RF management
Chip level wired multicast over a Wireless network
ClientLink
VideoStream
Chip level proactive and automatic interference mitigation
Radio Resource
Management
Best-of-Breed and Best-in-Class Mobility Predictability
Best-of-Breed and Best-in-Class Policy and Network Management
ISE (Control)
PI (Visibility)
Who? What? When? Where? How?
Persistent context-aware VPN connectivity AnyConnect
BandSelect Proactive and automatic band steering for 5GHz capable clients
FW Router Wireless Wired
Unified Access
ISE
Policy
NCS Prime
Management
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Policy Profiling
VLAN 10
VLAN 20
Personal
Employee
Corporate
Wireless LAN Controller
Corporate Resources
Restricted Internet Only
USER LOCATION
TIME Access Method
DHCP
RADIUS SNMP
NETFLOW
Corporate Issued Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 10” on same SSID 5. Full access granted 6. Full device visibility
PERSONAL Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to “VLAN 10 or 20” on same SSID 5. Full or Restricted access granted 6. Full device visibility
HTTP
DNS DEVICE
Centralized Policy Engine
Unified Access Management
Single SSID
ISE
Policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
VPN External Wi-Fi
Internal Wi-Fi Wired
De
ny o
r R
estr
ict
Bo
ug
ht In
E
nco
ura
ged
A
llow
Devices Layer
Smartphones
Desktop/Notebooks
FW Router Wireless Wired ISE
Tablets
Thin/VirtualClients
Connectivity Layer
ISE NCS Prime AnyConnect ScanSafe ESA/WSA
NCS Prime
Taking BYOD outside the Enterprise?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Acceptable Use
Access Control
Data Loss Prevention
Choice
Diverse endpoint support for greater
flexibility
Security
Rich, granular security integrated into the
network
Experience
Always-on intelligent connection for seamless
experience and performance Intranet
Corporate File Sharing
Access Granted
AnyConnect Client
Threat Prevention ASA WSA
AnyConnect ScanSafe ASA/WSA
Security
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
VPN External Wi-Fi
Internal Wi-Fi Wired
De
ny o
r R
estr
ict
Bo
ug
ht In
E
nco
ura
ged
A
llow
Devices Layer
Smartphones
Desktop/Notebooks
FW Router Wireless Wired ISE
Tablets
Thin/VirtualClients
Connectivity Layer
ISE NCS Prime AnyConnect ScanSafe ASA/WSA
. . . ISE NCS Prime
NCS Prime
VXI Quad Jabber Webex
Delivering Applications on BYOD
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Only Cisco can tie all the pieces together!
NCS Prime
ISE
Cisco WLAN
Controller
AC NAM (Win Only)
Wired Network Devices
Cisco Catalyst
Switches
AC NAM (Win Only)
3rd Party MDM Appliance
CSM / ASDM
MDM Manager
AC VPN (All Mobile)
AC Cloud Web Security (All PC’s)
IronPort WSA
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Control and Visibility for IT—Predictability for Users
Access Switches
Compact 3750-X/3850 2960-S 4500E
Distribution Switches
6500 Series
Access Points
600 Series
Teleworker
3500p Series
Density
1550 Series
Outdoor
1600
2600
3700
Indoor
3600
Mobility Services Engine
3310 and 3355
Physical or Virtual
Wireless LAN Controllers
2500 Series WLC on SRE
5500 Series WiSM2
7500
Identity and Policy Data Integration
ISE
NCS
Physical or Virtual
8500
vWLC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
• Now Add
• AnyConnect
• IronPort
• ScanSafe
• Wired/Wireless/FW Infra
• ISE
• Prime Infrastructure
Deny or Restrict Bought In Encouraged Allow
• Now Add
• MDM
• Apps (Webex, Jabber, Quad)
Unified Access
Thank you.
Top Related