Bring Your Own Device Cisco Values in BYOD Eric NG (bokng@cisco.com) Technical Solution Architect Enterprise Networking Group, Greater China 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
OLD WAY Enterprise provided and managed user devices Work is a place you go to limited off campus access IT visibility and control into user devices and applications Security lived on the IT managed endpoint EXECUTIVE EMPLOYEE NEW WAY Anywhere, anytime, any device usage Work is a function globally dispersed, mixed device ownership Change in IT control and management paradigm granularity beyond device Security lives in the network to allow for BYOD IT 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Device Diversity is here to stay User Wants Consistent experience on multiple devices Seamless transitions between devices 89% 26% 75% Separation of work and personal data Keep up with tech and social trends 10% 36% IT Wants 1% 23% 22% Proactive adoption of consumer/mobile devices Embrace BYOD without sacrificing security, management, business standards Lower organizational costs Improved agility 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Compliance Operations Network Team Security Operations Endpoint Team Application Team Human Resources 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Denied or Restricted Allowe d Encouraged Bought in Environment requires tight controls Focus on basic services, easy access, almost anybody Enable differentiated services, on-boarding with security but no ownership Corp native apps, new services, full control Corp Only Device Mfg Environment Trading Floor Classified Gov Networks Traditional Enterprise Broader Device Types But Internet Only Edu Environments Public Institutions Simple Guest Multiple Device Types + Access Methods, VDI Healthcare Early BYOD Enterprise Adopters Contractor Enablement Multiple Device Types, Corp Issued, MDM Innovative Enterprises Retail on Demand Mobile Sales Services (Video, Collaboration, etc.) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Building blocks of Cisco BYOD Solution 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Next Generation Workspace Policy Management Unified Access Security 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Deny or Restrict Allow Encouraged Bought In Where to start with BYOD? FW Router Wireless Wired ISE Prime Infrastructure Connectivity Layer VPN External Wi- Fi Internal Wi-Fi Wired Smartphones Tablets Thin/VirtualClients Desktop/Notebooks Devices Layer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
FW Router Wireless Wired Unified Access ISE Policy NCS Prime Management Best-of-Breed and Best-in-Class Mobility Predictability Best-of-Breed and Best-in-Class Policy and Network Management CleanAir ClientLink Chip level proactive and automatic interference mitigation Chip level proactive and automatic electronic beamforming ISE (Control) Who? What? When? Where? How? Radio Resource Management Simplified advanced RF management BandSelect Proactive and automatic band steering for 5GHz capable clients PI (Visibility) VideoStream Chip level wired multicast over a Wireless network AnyConnect Persistent context-aware VPN connectivity 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
ISE Policy Policy Centralized Policy Engine Profiling USER LOCATION HTTP DHCP NETFLOW TIME DEVICE Access Method DNS RADIUS SNMP VLAN 10 VLAN 20 Corporate Resources Corporate Employee Personal Single SSID Wireless LAN Controller Unified Access Management Restricted Internet Only Corporate Issued Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to VLAN 10 on same SSID 5. Full access granted 6. Full device visibility PERSONAL Device 1. User Authentication and Authorization 2. Profiling to identify device 3. Policy decision 4. Policy enforce to VLAN 10 or 20 on same SSID 5. Full or Restricted access granted 6. Full device visibility 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Deny or Restrict Allow Encouraged Bought In Taking BYOD outside the Enterprise? AnyConnect ScanSafe ESA/WSA ISE NCS Prime FW Router Wireless Wired ISE NCS Prime Connectivity Layer VPN External Wi- Fi Internal Wi-Fi Wired Smartphones Tablets Thin/VirtualClients Desktop/Notebooks Devices Layer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
AnyConnect ScanSafe ASA/WSA Security Choice Diverse endpoint support for greater flexibility AnyConnect Client Security Rich, granular security integrated into the network Data Loss Prevention Threat Prevention WSA ASA Acceptable Use Access Control Experience Always-on intelligent connection for seamless experience and performance Access Granted Intranet Corporate File Sharing 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Deny or Restrict Allow Encouraged Bought In Delivering Applications on BYOD Webex Jabber Quad VXI... ISE NCS Prime AnyConnect ScanSafe ASA/WSA ISE NCS Prime FW Router Wireless Wired ISE NCS Prime Connectivity Layer VPN External Wi- Fi Internal Wi-Fi Wired Smartphones Tablets Thin/VirtualClients Desktop/Notebooks Devices Layer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Only Cisco can tie all the pieces together! NCS Prime ISE IronPort WSA Cisco Catalyst Switches MDM Manager Cisco WLAN Controller 3 rd Party MDM Appliance Wired Network Devices CSM / ASDM AC NAM (Win Only) AC NAM (Win Only) AC VPN (All Mobile) AC Cloud Web Security (All PC s) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Control and Visibility for IT Predictability for Users Mobility Services Engine Physical or Virtual Indoor Access Points Teleworker 3310 and 3355 Wireless LAN Controllers 1600 600 Series Identity and Policy Data Integration 2500 Series WLC on SRE 2600 Outdoor NCS 1550 Series Physical or Virtual ISE 5500 Series WiSM2 3600 Density Distribution Switches 8500 vwlc 7500 3700 3500p Series Access Switches 6500 Series Compact 2960-S 3750-X/3850 4500E 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Deny or Restrict Allow Encouraged Bought In Wired/Wireless/FW Infra ISE Prime Infrastructure Now Add AnyConnect IronPort ScanSafe Now Add MDM Apps (Webex, Jabber, Quad) Unified Access 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Thank you.