Cisco Unified Access

Cisco Mobility Vision, Strategy, and Portfolio Aadil Hassim

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Wireless LAN Controller

Internal Resources

Corporate Network

Cisco Access Point

Catalyst Switch

One Policy ISE

© 2013 Cisco and/or its affiliates. All rights reserved.

Internet

Cisco Firewall

One Management Prime Cisco Confidential

2

1

Cisco’s Mobility Vision

2

Mobility Differentiators

3

Mobility Roadmap

4

Controller and Access Point Portfolio

5

Mobility Services Portfolio

6

Sales Tools

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

3

Seamless Mobility HOME OFFICE

CAMPUS

BRANCH

PUBLIC VENUE

CELLULAR

Work from Home

Indoor and Outdoor

Sales Office or Large Branch

Indoor and Outdoor Hotspot

3G/4G

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

4

Mobility/RF Innovation Predictability and Reliability

Award Wining Design ClientLink CleanAir

Purpose-Built Wi-Fi Chipset with 4x4 MIMO, with robust platform - No Open Vents Who?

Stateful fail-over AVC MSE and Thinksmart

What?

When?

Where?

How?

Best-in-class performance to a/g/n clients Chip level proactive and automatic interference mitigation

Committed to Standards VideoStream

Policy and Network Management

First to introduce 802.11r, 802.11u, 802.11w and 802.11ac to Enterprises

ISE Control

Optimized multicast to unicast Sub second failover to hot standby controller

Classification and policies on 1000+ Apps Analytics that aid business decisions

Prime Infrastructure Visibility

Meaningful Interaction with your customers

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

5

AFTER

BEFORE Wireless interference decreases reliability and performance

Wireless Client Performance

AIR QUALITY

PERFORMANCE

AIR QUALITY

PERFORMANCE

Cisco ClientLink—Improves Predictability and Performance © 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

6

WITHOUT

WITH

Manual RF Management

Beam Directed Towards Client Resulting in a Consistent Experience and Better Performance

Beacon Rate 6 Mbps

6 Mbps

65 Mbps

65 Mbps

150 Mbps

150 Mbps 300 Mbps 300 Mbps Connection Rate

450 Mbps

450 Mbps

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

7

Automatic Band Steering and Selection for 5GHz Capable Devices BEFORE All clients crowd the 2.4GHz spectrum lowering performance

AFTER 5GHz capable clients are automatically moved to cleaner 5GHz spectrum Wireless Client Performance

2.4GHz

Speed

5GHz Capable

2.4GHz

2.4GHz

Speed

Speed

5GHz Capable 2.4GHz Capable

5 GHz

Speed

5GHz Capable

5 GHz

2.4GHz

Speed

Speed

5GHz Capable 2.4GHz Capable

Cisco BandSelect—Improves Predictability and Performance © 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

8

BEFORE

AFTER

Manual RF Management

Dynamic RF Management

Global Enterprise

CEO Meeting

M&A Negotiation

© 2013 Cisco and/or its affiliates. All rights reserved.

Sports Event

CEO Meeting

M&A Negotiation

Sports Event

Cisco Confidential

9

Optimized end-to-end video starting at the Access Point Multicast to Unicast Conversion at the AP

Selectable Stream Prioritization

Resource Reservation Prevents Oversubscription

High Priority Event Meeting Room Event Live Sporting Event

Tested for 30X Less Bandwidth Consumed and Double the Performance of Competitors

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

New in 7.4 Apple Bonjour and other consumer protocol service (mDNS) gateway BEFORE Isolated Apple Bonjour Network

AFTER Bonjour Discovery, Advertisement & Policy HP Printer

HP Printer

mDNS & Bonjour Services NOT Routed

Apple TV

Routed Network

Routed Network

X

Apple TV

Apple TV Apple TV

WLAN

mDNS Profiles Policy & Control

WLAN Controller WLAN

Isolated Services

No Network Policy

L2 Only

Service Cache and advertise

VLAN and WLAN Policy Enforcement

Services Across L3 boundary

Cisco Bonjour Services Directory Apple Bonjour discovery, advertisement and policy © 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

New in 7.4 Identify standard ports, L7 Deep Packet Inspection and Heuristics BEFORE

AFTER

Application View & Control based on Firewall sessions

Network Based Application Recognition - NBAR2 Deep Packet Inspection and App ID

Visibility to the port level interaction but not the applications running within the port

First Generation Firewall

HTTP = 75% SMTP = 15% FTP = 2% Telnet = 1% SNMP = 3%

Wireless LAN Controller Traffic

NBAR2 LIBRARY Deep Packet inspection

Netflix = 50% YouTube = 15% WebEx = 10% Citrix = 9% exchange= 8% POLICY Packet Mark and Drop

Netflow v9 export

• Classify 1000+ applications with sub-classification within applications: e.g. Lync – desktop

share, video/voice, file transfer • Apply Granular policies - Per SSID, Device, Campus, Building, Floor

• Real-time troubleshooting on the Wireless LAN Controller •© 2013Wired-wireless consistent export to standard netflow collectors Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

New in 7.4

Visibility into traffic at the access Detect network anomalies Understand Application Traffic Patterns Analyze usage trends over time and location

NETFLOW (STATIC TEMPLATE) provides Flow Export

NETFLOW COLLECTOR (THIRD PARTY or PAM)

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Mobility/WLAN Market Credentials

Mobility/WLAN Industry Credentials



$1.9 billion; fastest growing BU in Cisco



Gartner listed market leader 7+ years



350,000+ enterprise customers



15+ years Mobility development experience



Well over 10M Access Points shipped



Most IEEE active members in the industry



Largest Mobility R&D team in the industry



Most Mobility patents in the industry



Broadest mobility portfolio in the industry



95% Fortune 1000 companies selected Cisco WLAN

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

Cisco Confidential—NDA Only Committed

Executed

S/W Release

May 2012

September 2012

7.2MR1

7.3

7.4

8.0

AP 2600 802.11n G2

AP1600 802.11n G2

AP3600 11ac module

Outdoor AP Uni Band Antenna

AP3600 Security Module

WLC 8500 Target customer - SP

Application visibility and control (AVC)

IPv6 infrastructure

Virtual Controller

Bonjour Gateway

Profiling and Policy on WLC

Unified Access WLAN Infrastructure

Outdoor AP Integrated Antenna

Outdoor AP Honeywell integration

802.11r L2 Fast Roaming

Scale Flex7500 6K APs HA - AP SSO HA Licensing

ISE - Flex integration Flex / Local Mode parity with ISE

Local and FlexConnect support on 1552 APs

Voice Enterprise Certification**

Scale WLC 2500

Q2 CY13

Mid-Market 1 Box Solution

HA – Client SSO

Flex enhancement (11w, PEAP+TLS, override…)

FlexConnect Split Tunneling

HA Licensing, N:1

HA SSO over any L2 connection

802.11r – Flex Modes

802.11w Mgmt Frame Protection

AP-based firewall

Bi-directional ratelimiting

LAG on Flex7500, WLC 8500, WLC 2500

Voice/Video: 11n CAC PMIPv6 on WLC

© 2013 Cisco and/or its affiliates. All rights reserved.

December 2012

Proxy Mobile IP (PMIPv6)– AP-Based HA on 2500

Guest Anchor on WLC2500

FIPS, CC, UCAPL Cisco Confidential

16

**Voice Enterprise Certification targeted on a special release – FCS beyond 7.4

Cisco Confidential—NDA Only Committed

Executed

S/W Release

May 2012

September 2012

7.2MR1

7.3

High Availability Virtual Appliance Scalability Improvements

M S E

Location Support for FLEX Rogue Detection Enhancements WiFi Direct detection & Classification

© 2013 Cisco and/or its affiliates. All rights reserved.

December 2012 7.4

Improved location accuracy for CleanAir

Mobile Concierge (CMX)

MSE 3355 Scaling

Location Analytics I

Q2 CY13 8.0 aWIPS Prevention Location Analytics II FIPS, CC, UCaPL

Automated Switchport tracing

ELM Signature Parity

Global Forensics

Better Rogue Classification, Containment, Detection

AP 3600 Security Module

Rogue Contain Enhancements II

Better Attack Mitigation for aWIPS (Location)

aWIPS Rogue Contain Enhancements

Channel Scanning Optimization

New Signatures

Cisco Confidential

17

Since 7.3, and evolving

5500, WiSM2, 7500, 8500 Series

Backup Controller (Requires L2 Adj.)

L2 Redundant Link

Active WLC

Hot-Standby WLC

5508

$20,000

WiSM2

$25,000

Flex7500

$40,000

8500

$60,000

2500

(Future) $2,000

• 1:1 wireless stateful failover capability in appliance and integrated controllers • SSID is always beaconing (even after primary controller is down) • Subsecond WLAN network convergence © 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

WLAN Controller Portfolio Large Campus Catalyst 3850

Service Provider

WISM2

5508

• 1 to 50 APs per • 12 to 500 APs switch/stack (Directly connected APs) • 7000 clients • 2000 clients per stack • 8 Gbps • 40 Gbps per switch

• 100 to 1000 APs • 15,000 clients • 20 Gbps

5760

• 25 to 1000 APs • 12,000 clients • 60 Gbps

Small Campus / Branch (Controller On-Premise) vWLC on UCS-E

• 5 to 200 APs • 3000 clients • 500 Mbps

2500

• 5 to 75 APs • 1000 clients • 1 Gbps

© 2013 Cisco and/or its affiliates. All rights reserved.

Virtual Controller

Catalyst 3850

• 5 to 200 APs • 3000 clients • 500 Mbps

• 1 to 50 APs per switch/stack (Directly connected) • 2000 clients per stack • 40 Gbps per switch

8500

• 300 to 6000 APs • 64,000 clients • 10 Gbps

Branch (Controller in DC) Virtual Controller

• 5 to 200 APs • 3000 clients • 500 Mbps

Flex 7500

• 300 to 6000 APs • 64,000 clients • 1 Gbps

Cisco Confidential

19

Autonomous

FlexConnect

Centralized

Converged Access

Traffic Centralized at Controller

Traffic Distributed at Switch

WAN

Standalone APs

Where it fits Purchase Decision

Small Wireless Network

Branch

Campus

Branch and Campus

Wireless only

Wireless only

Wireless only

Wired and Wireless

• Simple and costeffective for small networks

• Highly scalable for large number of remote branches • Simple wireless operations with DC hosted controller

• Simplified operations with centralized control for Wireless • Wireless Traffic visibility at the controller

• Wired and Wireless common operations • One Enforcement Point • One OS (IOS) • Traffic visibility at every network layer • Performance optimized for 11ac

• Limited RRM, no Rogue detection

• L2 roaming only • WAN BW & latency requirements

• System throughput

• Catalyst 3850 in the access layer

Benefits

Key Considerations

Traffic Distributed at AP

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

20

New since 7.3

Product Scope

Target Market



5 to 200 AP support, 3,000 clients



Mid-market with spare compute platform



One AP adder license



Alternative to Flex 7500 for customers with fewer branches



FlexConnect mode only



Partner/MSP-hosted Wi-Fi service



NOT for large campus



Support on VMware ESX/ESXi at FCS (similar to NCS and MSE)



Support on Cisco UCS C-Series and B-Series and equivalent servers

Pricing

Cisco Mobility in a BOX

vWLC

vPI

vMSE

ESX ESXi Hypervisor •

Base SKU (with five AP licenses) = $750



One AP Adder license = $150

© 2013 Cisco and/or its affiliates. All rights reserved.

UCS/x86 Servers

Cisco Confidential

21

• • • • •

• Any Device / BYOD Optimized • Client Scalability • RF Interference Mitigation

• Basic Connectivity • Deployment Flexibility • Teleworker

Home

© 2013 Cisco and/or its affiliates. All rights reserved.

High Client Density HD Video/VDI Investment Protection 11ac Migration Comprehensive Security

• Enterprise-class Performance • Voice/Video/Multimedia

Sm/Med

Sm/Med/Large

Med/Large Enterprise

Cisco Confidential

22

4x4 Antenna Design, Three Spatial Streams Fastest, Most Consistent Device Uplink Speeds, Sustained Further from the AP

ClientLink 2.0 Beamforming Fastest Downlink Performance to ALL Mobile Devices 802.11a/g and Now 802.11n Across One, Two, and Three Spatial Streams

Cisco Aironet 3600 Series Access Points

CleanAir Spectrum Intelligence Always-On Interference Protection, Plus New Full-Spectrum Security Module 38% Better Than Aruba

Future-Proof 802.11ac Module Option Support Upcoming Wave of 11ac Clients

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Availability - NOW!!!

• Field upgradable 802.11ac module 5 GHz radio module, 802.11ac Wave 1

1.3 Gbps PHY/~900 Mbps MAC (throughput) Three spatial streams, 80 MHz, 256 QAM

• AP3600 maintains dual-band

support 2.4 and 5 GHz Supporting b/g/n on 2.4 GHz base radio, a/n on 5 GHz base radio, and AC on 5 GHz module radio CleanAir and ClientLink 2.0 maintained

• Power requirement with the

802.11ac module installed Power draw with 802.11ac module ~20W, and will require either enhanced PoE, PoE+, or Power Injector

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

• Most efficient Wi-Fi standard to date



• Optimized for power savings

• Optimized for high density • Multi-user mode – “Switch-like”

• •

Practical Considerations for 802.11ac • 802.11ac will mostly be deployed in 5.0GHz only.

• Most implementations will be 3 Streams for the first few years. • Nominal throughput will consistently be in the range of ~300 to 400Mbps • Client device adoption will be rapid to take advantage of extended battery life

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

25

Advanced Spectrum Capability

Indoor Location / Context-Aware

• System wide Interferer details • Event correlation • Visualization of interferer zone of impact • Interferer notification • Track & Trace interferers & Layer 1 threats

• Real time location tracking • Tracking probing & associated clients, RF tags & wired endpoints • Geo fencing / Zone based alerts • Location Analytics

Wireless Intrusion Prevention • • •

Detection & Mitigation of security penetration attacks Detection & Mitigation of denial of service attacks Capability supported in Monitor Mode & data serving AP (Enhanced Local Mode -ELM)

© 2013 Cisco and/or its affiliates. All rights reserved.

Mobile Concierge (CMX) • •

Detecting Presence Delivering location based services Physical & Virtual Appliance MSE tracks up to 50,000 endpoints & supports 10,000 Monitor Mode or ELM AP

Cisco Confidential

26

WIDS Architecture Options

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

27

ELM Single Data and WIPS AP

Monitor Mode AP

Security Module

Data Serving AP Monitor Mode AP

AP 3600 with Security Module

Security Module  3600 Security Module provides 24x7 dual band WIPS monitoring  Does not require a dedicated AP  Dwells longer on all 2.4 and 5 GHz channels & provides better forensic capability  Recommend Security Module with WIPS Monitor Mode license on all APs

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28

Connected Mobile Experience DETECT

GUEST PRESENCE The customer’s personal mobile device and its characteristics are detected before they enter the venue.

CONNECT

ENGAGE

GUEST ACCESS

GUEST EXPERIENCE

The customer is seamlessly and securely connected to the Wi-Fi network based on their personal preferences and profile, including device type and roaming credentials.

The customer receives highly relevant content and services based on their preferences, profile, and real-time location within the business venue.

LOCATION ANALYTICS Customer: Presence in the venue.

© 2013 Cisco and/or its affiliates. All rights reserved.

IT: understand network utilization, peak usage, number and types of devices on the network.

Business: insights into customer online and onsite behavior, most traffic paths, dwell times, location density etc. Cisco Confidential

29

CRM Server

App Server Cisco Mobility Services Engine

Cisco Wireless Access Point Cisco Wireless LAN Controller

Example – Enhancing customer experience - MSE detects presence, passes MAC to app server - App server will push notification based on analytics, heuristics & policy - Mobile receives notification, user accepts notification - App launched

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

30

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

31

www.cisco.com/go/byoddemo Email: [email protected]

UA (BYOD) Hosted Demo Available for Cisco Field and Partners

“Many of my teams believe that the BYOD hosted demo is the largest opportunity we have in the near term to accelerate Cisco business.” Senior SE Manager US Public Sector

“Cisco, big thank you, this is one of the best sales tools you’ve delivered in last couple of years, the demo enabled me to close a large BYOD deal which was very competitive.” Gold Partner SE US

© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

32

www.cisco.com/go/partnerdesign

Create Accurate and Complete Network Designs and BoMs, with Best Practices, That Are Lean and Competitive

• Integrated with design best practices • Vertical specific collateral • Upgrade recommendations

for EoS products • Latest Cisco products included

(Mobility, Prime, ISE, etc.) • Automatic updates

1

2

3

4

5

6

Launch Advisor from Netformx DesignXpert

Preliminary Info, i.e., Customer Name and Sites

AP Count, Type, and Options OR Import AP Quantity

Controllers Quantity, Type and Location

ISE, Prime, and MSE Services

Generate Collateral

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

33

1

2

3

How Cisco Wireless delivers Unified Access Services

Industry’s most comprehensive Wireless Portfolio

CleanAir

Client Troubleshooting

AP3600, AP2600, AP1600

ClientLink

Resiliency

WLC8500, Virtual Controller

VideoStream

Application Visibility Control

802.11ac module

BandSelect

SmartOperations

Mobile Concierge

Preparing Wireless for BYOD

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

34

Thank you.