Mobilize Employees with the Cisco Mobile Workspace Solution

Similar documents
Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

What Is Cisco Mobile Workspace Solution?

Bring Your Own Device

Productive and Secure Enterprise Mobility with Cisco and Citrix

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Secure Your Mobile Device Access with Cisco BYOD Solutions

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Move beyond BYOD to Mobile Workspace with Cisco and Citrix

Good MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Bring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In?

Secure mobility with Citrix & Cisco

Cisco Adaptive Security Appliances and Citrix NetScaler Gateway citrix.com

Cisco s BYOD / Mobility

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

Cisco and Citrix for Productive and Secure Enterprise Mobility citrix.com

ForeScout MDM Enterprise

What We Do: Simplify Enterprise Mobility

Solve BYOD with! Workspace as a Service!

The ForeScout Difference

Cisco TrustSec Solution Overview

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Cisco Mobile Collaboration Management Service

Taking Charge with Apps, Policy, Security and More. October 16, 2012 Sheraton Denver Downtown Hotel Denver, CO

Cisco Unified Access Technology Overview: Converged Access

BYOD Strategy and Solutions

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Secure Enterprise Mobility Management The system integrator point of view.

AirWatch Solution Overview

Citrix Enterprise Mobility more than just device management (MDM)

Cisco Secure BYOD Solution

Empowering Students with Mobility and BYOD Technology

BYOD: BRING YOUR OWN DEVICE.

Meraki: Introduction to Cloud Networking

Citrix Update Webinar

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Readiness Assessments: Vital to Secure Mobility

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

VMware End User Computing Horizon Suite

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Systems Manager Cloud-Based Enterprise Mobility Management

Cisco WAAS Optimized for Citrix XenDesktop

Comprehensive Enterprise Mobile Management for ios 8

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

Citrix ShareFile Enterprise technical overview

Preparing your network for the mobile onslaught

Embracing Complete BYOD Security with MDM and NAC

Windows Phone 8.1 in the Enterprise

ShareFile Enterprise for healthcare

Simple, scalable and secure unified wired and wireless networking

Cisco Virtual Office Express

Enterprise Mobility Empowered by Logicalis / Cisco / Citrix

Secure iphone Access to Corporate Web Applications

Symantec Mobile Management 7.2

BYOD How-To Guide. Securely deliver business applications and data to BYOD using Workspace as a Service

ShareFile Enterprise technical overview

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

How Cisco IT Built Virtual Desktop Infrastructure

Deliver Secure and Accelerated Remote Access to Applications

BYOD Networks for Kommuner

Systems Manager Cloud Based Mobile Device Management

MDM and beyond: Rethinking mobile security in a BYOD world

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Anders Keis Hansen. Solution Architect Commaxx Danmark

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Cisco EXAM Enterprise Network Unified Access Essentials. Buy Full Product.

Workspot Enables Spectrum of Trust. Photo by Marc_Smith - Creative Commons Attribution License

Implementing Cisco Secure AccessSolutions Exam

Safeguard Protected Health Information With Citrix ShareFile

Citrix XenMobile technology overview

SA Series SSL VPN Virtual Appliances

Cisco Validated Design

Cisco Validated Design

Transcription:

Mobilize Employees with the Cisco Mobile Workspace Solution Mike Jessup, Engineering Tech Lead, Systems Development Unit, Cisco Systems Marcelo Brosig, Solution Architect, Americas Strategic Alliances, Citrix Systems John Monaghan, Consulting Systems Engr., EMEAR Enterprise Networking, Cisco Systems June 4 2014

What is a Mobile Workspace? MOBILE DEVICES MOBILE APPLICATIONS MOBILE EXPEREINCES Native Virtual HTML5 SAAS Voice Video A mobile workspace provides consistent, seamless and secure mobile access to applications, content and communications on any user or corporate device, anywhere. Security Infrastructure OFFICE MOBILE TELE COMPLETE END-TO-END MOBILITY SOLUTION INFRASTRUCTURE AND MOBILE APP EXCELLENCE SIMPLIFIED DEPLOYMENT AND SUPPORT LINKED INFRASTRUCTURE AND MOBILE APP POLICY

Customer Challenges with BYOD and Mobility WiFi Growth and Reliability Number of devices, 40-100% Y/Y growth Mobile applications driving higher bandwidth requirements 802.11ac (and LTE) Ubiquitous wired-like service expectation BYOD is just a subset CYOD Choose Your Own Device, corporate assets Ownership is less important, its about managing/securing data Data Loss Prevention Strategy Compliance with industry/government regulations (HIPAA, PCI, S-Ox, etc.) Balancing Security with User Experience Sources: *Accenture CIO 2013 Survey ** Gartner Research *** IDC Research **** Nemertes 2013 Application Support How to provide access to Legacy applications (Windows, Office, others)? App and Desktop Virtualization shifting to Mobile use cases Mobile App Lifecycle including Portability, Development Costs Complexity and Confusion of Solutions in the Market Should I use an MDM? Which one? How do I secure it? Which security technologies? How will HTML5 affect my strategy? Cloud vs On-premise? Cisco Confidential 3

Simplified integrated solution customers do not have to select/integrate many technologies Cisco Mobile Workspace with Citrix Solution Differentiators Modular building-block approach provides insertion for different buying centers: network, security, desktop, mobility, application Seamless zero touch BYOD onboarding (ISE and XenMobile integration) Mobile data protection for security/compliance for Healthcare, Finance, Retail, etc. Flexible support for all application delivery models (native, virtual, HTML5, SaaS, collaboration) Improved Mobile User Experience (Cisco WLAN prioritizes Citrix protocol/traffic) Validated designs mitigate deployment risk with proven reference architectures Cisco Confidential 4

The Mobile Workspace Solution Components Architecture and Components BYOD Solution Components Desktop Virtualization Solution Components Mobile Workspace Solution Components Any Device Mobile Collaboration Unified Comms, Jabber, WebEx Unified App Store XenMobile, Storefront Network Policy Control ISE, AnyConnect Mobile Productivity Application Delivery Mobile Policy Mobile Data Security Worx Mobile Apps, ShareFile, Receiver App/Desktop Virtualization XenApp, XenDesktop Mobile Device Management XenMobile Applications and Content Mobile Networking Unified Access, Secure Access Core Infrastructure + Security Cloud Infrastructure Unified Data Center, Security Services Cisco Confidential 5

Cisco Mobile Workspace Solution With Citrix: Benefits Best for BUSINESS Best for IT Best for END USERS SIMPLE Single architecture accelerates, enabling mobile workstyles, apps Integrated modular, validated solution for faster risk-free deployments Easy, seamless mobile device on-boarding and app experience SECURE Protecting access, data, and applications for maximum risk mitigation Centralized, multilayer policy management, and enforcement: users, access, devices, data, apps Worry-free secure access for any app on any device, anywhere SMART Flexible architecture to support broad set of use cases and workstyles Built on scalable, intelligent Cisco Unified Access, and HDX for great mobile user experience Choice and flexibility to roam between devices, networks, locations Complete Best-in-Class B2E Mobile Solutions and Services

Mobile Workspace Solution Demo John Monaghan, Consulting Systems Engr. EMEAR Enterprise Networking Cisco Confidential 7

Core Infrastructure and Security Cisco Confidential 8

Cisco Mobile Workspace with Citrix Starts with Unified Access / BYOD Foundation Secure network access anywhere, anytime AAA Services provided by Cisco Identity Services Engine. Authentication with PKI, AD, and OTP (RSA) Role based assignment with access restrictions Access Control Lists TrustSec Security Group Tags. ISE MDM integration for mobile device policy. Cisco Confidential 9

Cisco High Density Experience Technology Enabling the Mobile Workspace Performance, Mitigation, Scalability and Roaming Optimized for High Client Density WiFi Networks CleanAir 80 MHz Optimal performance for high throughput, high density environments RF interference detection & mitigation optimized for 802.11ac s wider channel bandwidths. ClientLink 3.0 Increase performance & range by up to 60% Cisco patented implicit beamforming technology for 802.11ac clients, complementing Explicit BF. Also extend capabilities to 802.11a/g/n clients. RF Noise Reduction Enables higher density AP deployments to support client density and increased bandwidth Increase spectrum usage efficiency to improve co-channel performance RF Turbo Performance Support highly dense clients without performance degradation Scale seamlessly to 60+ 802.11ac clients using interactive video & multimedia traffic. Smart Roam Intelligently assist client roaming Right size WiFi cell to better assist client handoff in a dense network. Cisco Confidential 10

Mobile Traffic and the need for QoS Intelligently Managing Mobile Traffic Assuring voice quality from wireless applications meets enterprise VoIP requirements Ensuring video applications are delivered to/from wireless devices with a high Quality of Experience Provisioning preferred services for business-critical applications running on wireless devices De-prioritizing "background" business application traffic Identifying and de-prioritizing (or dropping) non-business applications Cisco Confidential 11

Cisco Application Visibility and Control for WLCs Provides Deep-Packet Inspection (DPI) capabilities Identifies applications via Layer 7 stateful signatures Leverages the IOS Network-Based Application Recognition (NBAR2) Engine Over 1000 applications Available on Cisco Wireless Controllers, Routers, and Switches Introduced for WLANs in AireOS 7.4 AireOS 7.6 added Protocol Pack support Application signatures can be added to the engine without requiring a system-software update Cisco Confidential 12

BYOD - Cisco Validated Designs v2.5 v2.6 v2.7 Aug 2013 q Security and Policy 3rd Party MDM Integration ISE Logical Profiles Personal/Corporate devices TrustSec/SGA Enforcement q UA/Mobility Infrastructure Converged Access q User Experience App Visibility & Control (AVC) Bonjour Application Gateway Mar 2014 June 2014 q Security and Policy TrustSec for Converged Access IOS XE 3.3.2SE q Location Awareness Cisco Mobility Services Engine q Converged Access Wireless QoS, AVC q Updated Hardware/SW 802.11ac via 3600 AP CUWN release 7.6 ISE 1.2 Patch 6 q Mobile and Remote Access for Jabber q FQDN q Scalability Testing http://www.cisco.com/c/en/us/solutions/ enterprise/data-center-designs-cloud-computing/ own_device.html#~overview Cisco Confidential 13

Mobile Policy Cisco Confidential 14

Cisco Identity Services Engine (ISE) All-in-One Enterprise Policy Control Who What Where When How Identity Context Security Policy Attributes Business-Relevant Policies Wired Wireless VPN VM client, IP device, guest, employee, remote user Cisco Confidential 15

BYOD Use Cases BASIC/GUEST LIMITED ENHANCED ADVANCED Focus on Basic Services, Guest Access Environments with Tight Controls Differentiated Services, On-Boarding Securely Posture from Mobile Device Management Broader Device Types Internet Only Only Corporate Devices IT Whitelist Personal Devices Deny Some Devices Any Device, Any Ownership MDM Compliance Cisco Confidential 16

ISE and MDM Integration Better together ISE has limited awareness of device posture. E.g. ISE can t detect if PIN-lock is enabled, the device has been jailbroken/rooted,etc. While Mobile Device Managers (MDM) provide posture information, their capacity to enforce network policies is limited With the REST API Integration, ISE 1.2 is able to : Receive device compliance information from the MDM in order to make network access policy decisions Push administrative device actions (such as remote-wiping) via the MDM Cisco Confidential 17

ISE and MDM Integration Critical Foundation for Mobile Workspace Enrollment: ISE-orchestrated to simplify user experience Non registered clients redirected to MDM registration page Non compliant clients will be given restricted access ISE 1.2 Daily Access: network+device Update data from endpoint which can be tied into access policy De-enrollment: Ability to Initiate Device Action from ISE Device stolen è need to wipe data on client Cisco Confidential 18

MDM Policy Compliance Dictionary Attributes Is the device compliant with MDM policy? Has the device registered with MDM? Has the device been jail-broken/ rooted? Is PIN-lock enabled? Cisco Confidential 19

Application Delivery Cisco Confidential 20

It s All About the Apps Key capabilities are currently extended to Smartphones more than Tablets 2014 73% 66% 50% 47% 37% 47% 32% 32% 35% 27% 14% 20% Email/ Calendar Collaborations Apps Productivity Apps Custom Business Apps UC/ IP Telephony/ VoIP Virtualized Desktops FUTURE Key capabilities will be extended to Tablets more than Smartphones in the future and device form will influence the types of apps and resources extended 96% 96% 86% 91% 83% 92% 82% 89% 84% 87% 75% 86% Email/ Calendar Collaborations Apps Productivity Apps Custom Business Apps UC/ IP Telephony/ VoIP Virtualized Desktops Source: Cisco Strategic Marketing Organization/2014 Mobility Landscape Survey 1000 large and mid-sized companies Cisco Confidential 21

Unified App Store XenMobile AppController and WorxStore delivers secure access to mobile and native Windows Apps to Mobile Devices Unified Application Store offering Integrated with XenDesktop StoreFront Native & Enterprise Mobile Apps Web and SaaS apps Seamless delivery of Windows apps WorxHome client for secure access to corporate applications Apps launched from within WorxHome requiring user authentication Optional application containerization Apps and data easily wiped in event device is lost or stolen. Cisco Confidential 22

Desktop Virtualization Mobile worker must be able to access corporate apps from any device XenDesktop providing access to Windows apps on mobile devices Native, in-house, mobile application development may be delayed or impractical and hence access to Windows app must be made available. XenDesktop and Receiver improves mobile user experience Incorporates integrated optimizations for mobile devices Use of mobile device controls Automatic keyboard display in editable field Touch-optimized desktop SDK available for developing Window apps with capabilities and behaviors typical of a mobile device. Button usage definition Screen orientation On-screen keyboard activation Access device s telephone, SMS, and camera Local interface controls instead of Windows Cisco Confidential 23

Before Cisco Confidential 24

After Cisco Confidential 25

Mobilizing Windows Apps High Definition Experience (HDX) Mobile Translates keyboard / mouse tasks to a touch environment Edit box Keyboard Pop-up Combo Box Picker Pop-up Cisco Confidential 26

Mobile SDK for Windows Apps HDX Mobile: Autosense and refactors hosted apps Optimized for screen resolution and orientation Cisco Confidential 27

Mobile SDK for Windows Apps HDX Mobile: Local device features translated for virtual apps Citrix Mobility Pack permits: GPS data access Camera access Cisco Confidential 28

Mobile Productivity Cisco Confidential 29

Cisco Mobile Workspace Solution for Mobile Workers Have secure remote access to corporate network Have access to corporate Unified Communications and reachable via corporate number or messaging anywhere Have ability to attend meetings via web with rich, collaborative, capabilities. Have access to corporate apps regardless of device they are using Have access to work files anywhere without having to download everything to the device. Cisco Confidential 30

Remote Access and Cisco AnyConnect Mobile worker must have secure, consistent access anywhere Cisco AnyConnect Secure Mobility Client IPsec/SSL full-tunnel VPN client Always-on connectivity & superior user experience Posture for desktops and mobile Broad desktop and mobile OS platform support Pushed transparently by XenMobile Device Mgr along with connection profile to mobile devices. Clientless SSL VPN Portal on the ASA Granular access control Users presented with defined resources Secure vault Virtual desktop access for Citrix Receiver as ICA Proxy Broad browser and application support Cisco Confidential 31

Unified Communications and Collaboration Mobile workers must be able to work anywhere with anyone on any device... Upon MDM registration, XenMobile Device Manager and AppController redirect clients to download Cisco Jabber Client and Webex. Jabber communications to Cisco UC, IM, and Video services enabled while on or off Campus. AnyConnect not required while remote through use of Cisco Expressway Seamless interoperability with AnyConnect when deploying Expressway at the Edge AVC on WLC classifies voice and video traffic QoS on Cisco wireless controllers enables a great overall user expoerience Cisco Confidential 32

Desktop Virtualization Mobile workers must be able to securely access Windows apps and associated data from any device XenDesktop delivers Secure access to corporate applications Provides a consistent and secure virtual workspace for contractors and employees with personal devices. Allows for role-specific access to applications based on user credentials Data securely stored in the data center. Desktop and user preferences customizable by Citrix Policies as well as Microsoft GPO. Cisco Confidential 33

Secure File Sharing and Storage Mobile workers must be able to access and share files securely anywhere Access, share and sync files from any device Apps for mobile devices Sync for Windows and Mac for laptops and MacBooks Mobile-optimized ShareFile web site Data stored in cloud or locally in StorageZone Local data stored in NAS, CIFS Shares, & SharePoint AD integration incorporating SAML authentication Built-in mobile editor for rich content editing on-the-go PDF annotation SaaS Control Plane Data Plane Cisco Confidential 34

Mobile Workspace Solution with Citrix 1.0 CVD Overview Cisco Confidential 35

Cisco ISE integrated with Citrix XenMobile Device Manager and AppController Device & App Management Cisco Identity Services Engine 1.2 Policy management for device on-boarding and network access for wired or wireless device while on network. RADIUS AuthC/AuthZ for remote access VPN. EM-BYOD v2.6 policies used as foundation. Policy enforced through ACLs and TrustSec (SGT) Integrated With XenMobile Device Manager for visibility into mobile device policy compliance; quarantined if noncompliant. Cisco UCS Servers Providing Microsoft AD, DNS/DHCP, and CA services Supporting all Citrix infrastructure and built on VMware ESXi 5.1 Scaling guidance provided in Desktop Virtualization Solutions with Citrix CVD http://www.cisco.com/c/en/us/solutions/enterprise/datacenter-designs-virtualization/landing_vdi_citrix.html Cisco ASA Edge Firewall & VPN Edition Providing Remote access to Network. AnyConnect Client used for access to corporate applications and Citrix infrastructure. Clientless (WebVPN) access for case where ONLY access to XenDesktop is required. Cisco Confidential 36

ASA VPN Remote Access AnyConnect SSL or IPsec Remote Users Remote Users ASA-Out ASA-Out XM-MDM ASA-In & SSLVPN Clientless WebVPN ASA-In & SSLVPN I-Edge 6500 I-Edge 6500 Core 6500 Core 6500 Data Center Nexus 7000 Data Center Nexus 7000 Cisco UCS AD Mail ISE CA Cisco UCS StoreFront 2.1 XenDesktop 7.0 XenMobile 2.10 App Cntl Cisco UCS AD Mail ISE CA Cisco UCS StoreFront 2.1 XenDesktop 7.0 AnyConnect Client AC Client required on device Access to AppC Mobile apps via Worx and XenDesk HSD via Receiver after AC launched. Clientless WebVPN AC Client not required. Only access to XenDesk HSD Receiver clientless WebVPN access to XenDesk HSD. Cisco Confidential 37

Cisco ISE integrated with Citrix XenMobile Device Manager and AppController Mobile Device & App Mgmnt Citrix XenMobile Device Manager 8.7 Role-based restrictions of mobile device features; i.e. password/pin lock, Camera, applications, clipboard, etc. Role-based deployment packages with policies and apps such as Cisco AnyConnect Client, AC Profile, Jabber and Webex. MDM serves as SCEP Proxy for certifcates required for MDM and AnyConnect Client. Users can register with MDM either on or off network. Integrated with XenMobile App Controller. Citrix XenMobile App Controller Provides Unified App Store with Citrix Receiver and ShareFile as well as other mobile applications. Reciever configuration profile pushed transparently to mobile device based on user s AD credentials. Provides support for the WorxHome client from which apps can be securely launched using AD credentials. Citrix XenMobile App Controller Cont d Supports selective wipe of corporate applications launched from within WorxHome. Provide SAML Federation Services required for ShareFile AD integration. Integrated with XenDesktop StoreFront. Cisco Confidential 38

Citrix XenDesktop 7 Application and Desktop Virtualization Citrix XenDesktop 7 XenDesktop Server OS Machine Catalogs providing Hosted Shared Desktops based on Server 2008 R2. Implement StoreFront to provide access to XenDesktop HSD and Windows applications. Hosted Shared Desktops enumerated by Machine Creation Services Fills requirement for shared desktop addressing tablet and laptop users without intensive graphic or computing requirements. Machine Catalogs and Delivery Groups dedicated for each user role. Desktops customized for specific user roles based on Active Directory credentials. ShareFile Sync for Windows available on shared desktops Cisco Confidential 39

Citrix ShareFile Mobile Information Management Citrix ShareFile Providing enterprise-grade file sharing Split control and data plane Control plane resident in Citrix cloud User authentication Resource List; ie files, folders Files can be stored in cloud storage or in a local StorageZone for regulatory compliance of sensitive files. NAS, CIFS, Sharepoint support. Ubiquitous access regardless of device as a mobile app, Outlook plug-in, and Sync app for Windows and MacOS. AD-SSO via SAML services deployed on XenMobile App Controller. Sync for Windows deployed on XenDesktop HSD Cisco Confidential 40

The Mobile Workspace Solution Components In Summary CMWS 1.0 CVD - http://www.cisco.com/c/en/us/td/docs/solutions/enterprise/borderless_networks/unified_access/cmwswc.html BYOD 2.6 CVD - http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-cloud-computing/own_device.html Desktop Virtualization CVD - http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-virtualization/landing_vdi_citrix.html Cisco Confidential 41

Q & A

Thank you.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information