View
78
Download
2
Category
Preview:
DESCRIPTION
Cisco SMART Designs
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco SMART DesignsSmall Business Network Foundation
Small Business Technical Marketing
December 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Reduce CostsReduce CostsFlexible ways of working boosts productivityFlexible ways of working boosts productivity
Focus on New OpportunitiesFocus on New OpportunitiesReal-time access to mission-critical information, operational Real-time access to mission-critical information, operational efficienciesefficiencies
Improve Effectiveness of SalesImprove Effectiveness of SalesRicher connectivity, stronger relationshipsRicher connectivity, stronger relationships
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• Improve operational efficiency Provide access to real-time business information
• Enhance employee and partner collaborationEnhance customer responsiveness
Give service agents real-time access to customer information
Provide customers with intuitive self-service options
• Protect sensitive informationSecure customer information
Identify, prevent, and adapt to security threats
• Keep costs low and returns highSimplify and accelerate deployment of network devices and intelligent features
Simplify troubleshooting and management of network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
SBNF provides a secure and flexible network infrastructure to deploy other services:
•Cisco Unified CommunicationsIP telephony and related voice services
SBNF is designed for seamless addition of Cisco Unified Communications
•Wireless LANIntegrated in the SBNF solution
Optionally - Can be deployed later
•Other business specific applications Built on top of the SBNF network infrastructure, along with Cisco Unified Communication, and wireless LAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Network infrastructure that helps meet today’s business challenges
• Four types of offices and workers covered in the designs
Main office Primary location, provides most
of the shared data resources (files, databases, business
servers, web servers, and e-mail servers) as well as centralized
networking resources
Remote office Offices other than the main
office are called remote offices
Home office A home office is located at an employee’s residence
Mobile workerAn employee who securely accesses the main office through the Internet by
establishing a VPN connection from a laptop or other device
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• Based on Cisco Small Business Series products
• Covers wired and wireless LAN deployment options
• Ideal for price-sensitive customers who need full support of potentially multiple business locations
• Supports up to 100 users and 5 remote offices
• Fast Ethernet and Gigabit Ethernet support with PoE and non-PoE options
• Security appliance to protect the network from virus, spyware, and unwanted Internet content
• Dual WAN option for redundant connectivity
• Simple GUI-based deployment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Small Business Network Foundation (SBNF)
Secure Network Foundation (SNF)
Advanced Secure Network Foundation (ADVSNF)
ScalabilityUp to 100 users, 5 remote offices
Up to 100 users, 5 remote offices
Up to 250 users, 20 remote offices
Network products used Small Business Series products
Cisco Catalyst 2960, 3560/3560-X, 3750/3750-X switches, Cisco 800/1900/2900/3900 ISRs
Cisco Catalyst 2960, 3560/3560-X, 3750/3750-X switches,
Cisco 800/1900/2900/3900 ISRs, Cisco ASA 5500 Series
Business locations served Main Office, Remote Office, Home Office, and Mobile Worker
Security On WAN router On WAN router Integrated security or dedicated security appliance
VPN Site-to-site IPsecSSL VPN
Site-to-site IPsec VPN, IPsec/GRE, Easy VPN, SSL
VPN
DMVPNEasy VPN, SSL VPN
LAN high availability using switch stacks No Yes Yes
Dual WAN links option for load sharing, failover Yes Yes Yes
Dual WAN routers for load sharing, high availability No No Yes
Dual security appliances for high availability n/a n/a Yes (optional)
Wireless LAN Part of SBNF design Deploy WLAN solutions (on SNF/ADVSNF infrastructure)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Cisco Small Business 500 Series Switches• Especially built for small businesses
• 8 to 50 port Fast Ethernet/Gigabit Ethernet switches
• PoE and non-PoE options
• QoS to prioritize delay-sensitive and high-bandwidth network traffic
• Stacking, for high availability
Basic and enhanced security• IEEE 802.1x port security, ACLs, and several other
security features like port security, BPDU guard, and storm control
Comprehensive ease-of-use capabilities • GUI-based management
• Static SmartPort and Auto SmartPort
Cisco Small Business 500 Series Switches
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Cisco ISA 500 Series Router•Router, with integrated security appliance, Gigabit LAN switch, and Wireless LAN Access Point
•Options for dual WAN ports, up to 4 DMZ ports, and up to 5 LAN ports (depending on model)
•Gigabit Ethernet WAN port Supports xDSL, cable, ISDN, DSL over ISDN, etc.
•An integrated business-class firewall
•Cisco Unified Threat Management (UTM) Cloud based advanced security services – filtering based on Web reputation, and/or Network reputation, Spam filtering, Web URL filtering
Signature based advanced security services – Anti-virus, Application Control, and Intrusion Prevention
•Multiple VPN optionsSite to Site IPSec VPN, Remote IPSec VPN, SSL VPN, Easy VPN
•Integrated WLAN, with Captive Portal
Cisco ISA 500 Series Router
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• Integrated switch in the WAN routerSuitable for small deployments when router has enough ports to connect all user devices
• Single external switchSuitable for deployments when a single switch has enough ports to connect all user/network devices
• Multiple switchesTraffic from multiple access switches is aggregated by an aggregation switch
Higher LAN scalability and performance
Reduces cabling if users are located in different areas of the office
Enables the router to focus on secure routing functions
• Stacked switch (aggregation and/or access)Increases high availability in LAN
Minimizes network administration of multiple (stacked) switches
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• Rapid Spanning Tree Protocol Fast recovery from LAN loops caused by link failures or connection mistakes
• Separate VLANs for different traffic types, helps traffic isolation and security
Data
Voice
DMZ
Other deployment-specific VLANs can be added
• Layer 2 switching by all switches
• Automatic detection of Cisco IP phones
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• Stacked aggregation switch (optional)
Stacked switches act like a single switch, which reduces management effort
Stacked aggregation switch connected to, access switches, and servers
Improved LAN high availability: No LAN traffic disruption if a stacked switch fails or if an Ethernet link of the EtherChannel fails
• Stacked access switch (optional)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Change to “Security / Unified Threat
Management (UTM)”
Change to “Security / Unified Threat
Management (UTM)”
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Simplicity: Single WAN LinkUse the dedicated 10/100/1000 WAN interface
• Dual WAN LinksUse the dedicated 10/100/1000 WAN interface as the primary link
Use an additional 10/100/1000 configurable port as a load-sharing backup WAN link
• Up to 4 DMZ linksConfigure up to 4 Configurable 10/100/1000 ports as DMZ ports
• Remote Office ConnectivityTraffic is forwarded through in a secure tunnel
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
• ISA500 Security Appliance integrates WAN security
• Network Infrastructure ProtectionPrevents unauthorized access to network devices
• Demilitarized Zone (DMZ)Isolates publically accessible servers in the network for security purposes
• Firewall protectionPrevents unauthorized access to network connected devices
Helps maximize network uptime by mitigating DoS attacks
• LAN SecurityHelps protect from inside the network
Port Security – limits the number of end user devices that can be connected to a switch port
BPDU Guard – prevents a malicious user from attaching a real or simulated switches to the LAN
Storm Control – limits the effect of broadcast, multicast, or unknown unicast traffic storms in the LAN
802.1x Authenticated Access – only authenticated users are connected to the LAN (Optional)
IP Source Guard, and Dynamic Arp Inspection – to ensure that only valid users are sending traffic to the LAN (Optional)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
• Cisco Unified Threat Management (UTM)Cloud-based security services that scan traffic to/from the small business network
Based on a global data base constantly being updated by analyzing worldwide network traffic
Effective protection from known and new threats
Simplifies security administration
• UTM - Signature Based Security Signatures can be auto-downloaded
Anti-Virus - prevents network threats over a multitude of protocols, including HTTP, FTP, POP3, SMTP, CIFS, NETBIOS, and IMAP.
Application Control - monitors and controls the use of applications on your network- Instant messaging, P2P, File Transfer, games, etc.
Intrusion Prevention (IPS) - monitors network traffic for malicious or unwanted behaviors and can react, in real-time, to block or prevent those activities.
• UTM – Reputation Based Security
Spam Filter- drops or tags e-mails as spam, based on their reputation score
Network Reputation - blocks incoming traffic from IP addresses that are known to initiate attacks throughout the Internet.
Web Reputation Filtering - prevents client devices from accessing dangerous websites containing viruses, spyware, malware, or phishing links.
Web URL Filtering- allows you to block HTTP access to malicious websites based on URL categories.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
• Network congestion in the WAN devices/links (also in LAN) results in packet drop, delay, and jitter
Affects voice and video applications
Business quality voice requires:
End-to-end delay of 150 msec (G.114)
Jitter < 30 msec recommended by Cisco
• QoS classifies traffic of various applications and treats them differently depending on application needs
• Priority treatment to delay sensitive traffic (voice)
• Ensures minimum bandwidth guarantee to other classes of traffic
• SBNF enables QoS on each network device (WAN and LAN)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
• Remote office and Home OfficeEach remote office is connected to main office by IPsec site-to-site VPN
VPN maintains data integrity and confidentiality
AES with 256 bit or higher (3DES if AES is not feasible)
Hash: SHA-1
Authentication: pre-shared keys
DH group 2
Encapsulation: ESP
• Home Office
Remote IPSec VPN, SSL VPN (AnyConnect)
• Mobile WorkerSSL VPN (AnyConnect) on laptop
Traffic is encrypted and routed through the Internet
Main office router acts as the VPN gateway
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Wireless LAN, as part of SBNF, can be built seamlessly over SBNF wired infrastructure
•Uses small business specific wireless products
•Covers main office, remote office, home office
•Supports data and voice
•Wireless router with integrated access point (AP) Ideal for small deployments when the router’s area of wireless coverage is sufficient
•Multiple APs are used for larger area of wireless coverageExternal APs can work with the AP integrated with a wireless router
•Provides QoS and security relevant for wireless networks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
• Most cost-effective and simplest WLAN deployment for a small office
• Can work independently or with external APs
• Guest access support, with captive portalRedirects unauthenticated users to a portal for authentication
• Roaming supported among external APs (if RF coverage is adequate)
• SecurityFirst line of defense is encryption: WPA2 with AES
Appropriate level of authentication per business requirements
• QoS: Wi-Fi Multimedia (WMM) Prioritizes traffic in to four traffic classes
Provides each traffic class with its traffic priority or required minimum bandwidth guaranties
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
• Suitable for small deployments
• Cost effective, no WLAN controller
• Multiple APs placed in coverage area
• Router may have an integrated AP as well
• All standalone AP deployments use single data VLAN (and single voice VLAN)
• Supports wireless QoS and security
• Layer 2 roaming is supported if RF coverage is adequate
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
• Layer 2 roaming: a wireless LAN device physically moves so that its radio associates with a different AP with a stronger signal
• Layer 2 roaming requires each AP to have identical configuration (SSID, VLAN, security)
• Wireless LAN client VLAN / IP address remains valid across the APs while roaming
Wireless cells should overlap
Wireless IP client re-authenticates every time it connects to a different AP (when it roams)
Roaming delay is not a big problem for data applications
Business quality voice need delays of less than 150 ms end-to-end
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
• Allows several standalone APs to be clustered for management purpose
• Configuring any AP in a cluster replicates the configuration to other APs
• Helps mitigate effort to manage multiple APs
• Available only on standalone AP 541N
• All APs participating in a cluster are configured to have the same parameters:
Wireless network identifier (SSIDs)
Security features
User names and passwords
Traffic priorities (for QoS)
Radio settings
Wireless interface settings
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
• Lower total cost of ownership• Enhanced business performance
Profit-line benefits from operational efficiency and minimal downtime
More responsive and personalized customer relationships
Increased system performance and security
• Faster business evolution Longer lifecycle for technology investments
Spend more time managing business and less time managing technology
Employees are more productive and happy
• Smart business roadmap Right choice for today and right choice for tomorrow
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Pre-sales assets• Solution bill of materials and
product selection guide
• Solution profile
• Overview presentation
Post-sales deployment assets• Design guide
• Device role configuration guides
• Implementation guide
• Application notes
www.cisco.com/go/smartdesigns/sbnf
Recommended