Post on 30-Jan-2018
Cisco Borderless NetworksDie moderne Netzwerkinfrastruktur ermöglicht den sicheren Zugriff auf Daten - zu jeder Zeit, von überall, mit verschiedensten Geräten
Cisco Confidential 1© 2011 Cisco and/or its affiliates. All rights reserved.
auf Daten - zu jeder Zeit, von überall, mit verschiedensten Geräten
Marco Fahrni, R&S Systems Engineer (mfahrni@cisco.com) 18. Mai 2011
Warum ein Borderless Networks?
Borderless Networks Komponenten:
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• TrustSec & Identity Solution Engine
• EnergyWise
• Medianet
The iPad impact
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
z
Client OS
Applications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
ServerArchitecture
Devices
VideoMobility WorkplaceExperience
7 Billion New Wireless Devices
7 Billion New Wireless Devices
Blurring the BordersConsumer ↔ Workforce
Blurring the BordersConsumer ↔ Workforce
Changing the WayWe Work
Changing the WayWe Work
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5© 2010 Cisco and/or its affiliates. All rights reserved.
Wireless Devices by 2015
Wireless Devices by 2015
Mobile Devices
IT Resources
Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual
Consumer ↔ WorkforceEmployee ↔ PartnerPhysical ↔ Virtual
We WorkVideo projected to quadruple IP traffic
by 2014 to 767 exabytes
We WorkVideo projected to quadruple IP traffic
by 2014 to 767 exabytes
Anyone, Anywhere, Anytime
IT Consumerization
Mobile Worker
Location Border
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Device Border
Video/Cloud
IaaS,SaaS
Application Border
External-FacingApplications
Internal Applications
Location
Device
Scalability
Availability
Performance
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Application
Performance
Security
Manageability
Cost of Ownership
Scalability, Availability, Performance, Security
and Manageability
Across Non-IT-Controlled Environments
Then: Linear Now: Multi-Dimensional
SecurelySecurely ReliablyReliably SeamlesslySeamlessly
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
ANYONEANYONE ANY DEVICEANY DEVICE
ANYTIMEANYTIMEANYWHEREANYWHERE
Collaboration Data Center/Virtualization
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Technology Portfolio
Borderless Networks
WAASWirelessSwitching RoutingSecurity
Architecture for Agile Delivery of the Borderless Experience
BORDERLESS
BORDERLESS END-POINT/USER SERVICES Securely, Reliably, Seamlessly: AnyConnect
App Energy Multimedia Security:POLICY
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
BORDERLESSINFRASTRUCTURE
Application Networking/ Optimization
Switching SecurityRoutingWireless
BORDERLESS NETWORK SYSTEMS
BORDERLESS NETWORK SERVICES
Mobility:Motion
App Performance: App Velocity
Energy Management: EnergyWise
Multimedia Optimization:
Medianet
Security:TrustSec
& ISE
UnifiedFabric
Extended Cloud
ExtendedEdge
UnifiedAccess
MANAGEMENT
SMART SERVICES: PROFESSIONAL AND TECHNICALRealize the Value of Borderless Networks Faster
APIs
Cisco Confidential 11© 2011 Cisco and/or its affiliates. All rights reserved.
The RIGHT Person
Anyone
Any Device
Cisco Confidential 12© 2010 Cisco and/or its affiliates. All rights reserved.
An approved Device
In The Right Way
Anywhere
Anytime
Introducing Identity Services Engine (ISE) and TrustSec 2.0
Policy RulesPolicy RulesProfilingProfilingAuthenticationAuthentication PosturePosture
TroubleshootingTroubleshootingMonitoringMonitoring
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
EndpointsEndpoints
TrustSec Planning and Design Service
Network Network EnforcementEnforcement
Non-User DevicesNon-User Devices
ISE: Policies for people and devices
Guest AccessGuest AccessAuthorized AccessAuthorized Access
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Non-User DevicesNon-User Devices
• How do I discover non-user devices?
• Can I determine what they are?
• Can I control their access?
• Are they being spoofed?
• Can I allow guests Internet-only access?
• How do I manage guest access?
• Can this work in wireless and wired?
• How do I monitor guest activities?
Guest AccessGuest Access
• How can I restrict access to my network?
• Can I manage the risk of using personal PCs, tablets, smart-devices?
• Access rights on-prem, at home, on the road?
• Devices are healthy?
Authorized AccessAuthorized Access
• Centralized Policy
• Distributed Enforcement
• AAA Services
• Posture Assessment
ACS
NAC Profiler
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Guest Access Services
• Device Profiling
• Monitoring
• Troubleshooting
• Reporting
• Flexible licensing
NAC Guest
NAC Manager
NAC Server
Identity Services Engine
STOP
• Identity Services Engine 1.0 with 802.1x/NAC access control
• Switch-to-switch MACSecencryption
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
STOP
STOP encryption
• Catalyst 3750-X/3560-X,
• Catalyst 4500 – SUP7-E
• Catalyst 6500 SUP2T
• Security Group Tags, incl. enhancements for VDI
Internet“Employees should be able to
access everything but have limited access on personal
devices”
“Everyone’s traffic should be encrypted” Internal
Resources
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Campus Network
“Printers should only ever communicate
internally”
Resources
Cisco WirelessLAN Controller
Cisco AccessPoint
Cisco® Identity Services EngineCisco Switch
Cisco Switch
Consolidated Services, Software Packages
ACS
NAC Profiler
NAC Guest
NAC Manager
NAC Server ISE
Location
User ID Access Rights
Session Directory
Flexible Service Deployment
AdminConsole
Distributed PDPs
M&TAll-in-One HA Pair
Device (& IP/MAC)
Cisco Confidential 18© 2010 Cisco and/or its affiliates. All rights reserved.
Simplify Deployment & Admin Tracks Active Users & Devices Optimize Where Services Run
Policy Extensibility
Link in Policy Information Points
Manage Security Group Access
Keep Existing Logical Design
System-wide Monitoring & Troubleshooting
Consolidate Data, Three-Click Drill-In
SGT Public Private
Staff
Guest
Permit
Deny
Permit
Permit
Converged Policy Platform
Unified AgentIdentity Based
Firewall
• AAA, 802.1x, guest, profiler, posture• System monitor & diagnosis
ISENAC ACS
GuestProfiler
• Offers Cisco AnyConnect™ technology: On- and off-premises security • User, group, device based policy
User group enforcement
Sales
HR
UK Employees
Cisco Confidential 19© 2010 Cisco and/or its affiliates. All rights reserved.
Simplified DeviceProfiling Network Infection Containment
System-wide Monitoring & Troubleshooting
• System monitor & diagnosis• “ISE”: Next-generation ACS + NAC
security• Extends 802.1x & VPN client + NAC• Extends management to Prime NCS
• User, group, device based policy• ASA & Positron platforms
• Cisco delivered device template feed• Switches collect & forward device
fingerprint, no traffic re-engineering
• Streamline the locate, contain, & remediation process
• Leverage reputation & NIPS feeds
• Single admin pane-of-glass• Wired & wireless infrastructure
Network Device
ProvisioningIdentity Policy
Monitoring & Troubleshooting
Client Management
Cisco Security Intelligence Ops
Cisco Confidential 20© 2011 Cisco and/or its affiliates. All rights reserved.
Environmental Reduce Costs Compliance
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
�Reduce greenhouse gas emissions
� Increase sustainability
�Reduce energy consumption and cost
�Measure Return On Investment
�Comply with government directives
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
http://www.uvek.admin.ch/dokumentation/00474/00492/index.html?lang=de&msg-id=31937
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
http://www.harvardbusinessmanager.de/heft/artikel/a-713450.html
• Lightning produces 20% of worldwide GhG Emissions.
• IT Industry produces 2% of worldwide GhG Emissions.
The majority of IT’s power
IT Equipment
25%Lighting
11% Other
6%
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
IT Electricity
Use Outside the
Data Center
55%
Data Center
Electricity Use
45%
• The majority of IT’s power consumption occurs outside of the data center.
Heating, Coolingand Ventilation
58%
Source: UK Energy Efficiency Best Practice Program; Energy Consumption Guide 19: Energy Use in Offices
Source: UK Energy Efficiency Best Practice Program; Energy Consumption Guide 19: Energy Use in Offices
Source: Forrester, Enterprise And SMB Hardware Survey, North America And Europe, Q3 2008
Poll Power of Network-Attached Devices:
Phones, APs, PCs, Building Systems
Optimize PowerDelivery of Policies
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Building Systems
Show Power and Cost Savings Correlate Power and Actions
EnergyWise Management Application
EnergyWise Management Communications (TCP for Network-wide)
SNMP Management API
LMS
Third-Party Power Management Applications
TCP
Cisco ® EnergyWise Orchestrator
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
wide)
Domain—logical grouping of entities (child/ neighbor)
Endpoints are managed by policies and monitored for energy usage
EnergyWiseEndpoints
AP
Wireless Controller
EnergyWiseDomain
PoE Devices Building Facilities
Mediator
PCs and Laptops
Taking Control Of Your Business Energy Costs
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Measure and Monitor IT Devices:PCs, Switches, PoE
Measure and Monitor IT Devices:PCs, Switches, PoE
Compelling, Easy to Use, Reporting for All AudiencesCompelling, Easy to Use, Reporting for All Audiences
Sophisticated, GranularPower Management thatMaximizes Energy Savings
Sophisticated, GranularPower Management thatMaximizes Energy Savings
Enterprise Energy Usage
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
*Source: Gartner Dataquest, Forecast of IT Hardware Energy Consumption, Worldwide, 2005-2012.
Über 60% vom Energieverbrauch kann mit
Cisco EnergyWise gemanaged werden.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• Collects and uploads time in
Management Server, Console, and Database
• Configure and manage endpoints• At-a-glance view of rolled-up data
PC Client
Cisco EnergyWise Orchestrator Sustainability Dashboard
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
IP Telephony
Wireless
Cisco EnergyWise PC Client
• Collects and uploads time in state data
• Enforces policies locally• Initiates communication with
server
• Normalizes power levels & policies
• Proxies for legacy devices
Cisco ® EnergyWise in Cisco IOS ®
Business Objectives:� Branches and HQ operate from 9:00
a.m. to 6:00 p.m.
� Control laptops, PCs, APs, phones
Solution:� Cisco EnergyWise deployed on
existing Cisco® Catalyst® Switches + BATTERY
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
existing Cisco Catalyst Switches + PC Agent
Business Value:� $415,475 annual savings (assuming
0.10/kwh), 55.6% power savings
� Emission reduction of 2,197 metric tones, equal to emissions from 399 cars; contributes to 81% of overall corporation emission reduction goals 10,000 Phones, 1000 APs
5,000 laptops, 5,000 PCs, 200 IP cameras
LOW
BATTERY
January 2009
March 2010 Future
PoE Devices
EnergyWise
FY10-FY12
Cisco EnergyWiseOrchestrator (Network + PC)
Building-automation
Extended
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
EnergyWise
Architecture(Network + PC)
Open API/SDK
Additional Platforms
Extended Management
Extension of Ecosystem
Phase 1.5:Cisco LMS 3.2
Integration
Building utility management and power distribution
Lighting
HVAC
Elevators
Security:Access Control
CCTV
IntruderAlert
PowerDistribution
Building Management Systems
Badge
Provides visibility, control ,and automation
Enterprise Service Management
Cisco Confidential 33© 2010 Cisco and/or its affiliates. All rights reserved.
Monitoring and managing PC
energy use Monitoring and reporting network energy use IT Power Management
Management Applications
PC
Printer
BadgeReader
Scanner
And many more…