Territory Business Manager – Florida Territory

Cisco Customer Education

Brian Avery

Cisco Prime: Transform Your Network with Cisco

This session was recorded via Cisco WebEx! You can watch the live session recording HERE.

Presentation Agenda► Welcome from Cisco

► Digital Transformation in Enterprise

► Q&A, Conclusion

► SDN, DNA and Unified Access

► Cisco Prime and MerakiPriors:Cisco Sales and Channels (11.5 yrs)President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver PartnerFinancial Analyst (7 yrs) - Sprint Corporation

About Your HostBrian AveryTerritory Business ManagerCisco Systems, Inc.bravery@cisco.com

► Digital Disruption

CCE is an educational session for current and prospective Cisco customers

Designed to help you understand the capabilities and business benefits of Cisco technologies

Allow you to interact directly with Cisco subject matter experts and ask questions

Offer assistance if you need/want more information, demonstrations, etc.

What Is the Cisco Customer Education Series?

Welcome from Sysco!Oops! I mean Cisco!

Cisco Confidential 5

Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems

Bosack and Lerner run network cables between two different buildings on the Stanford University campus

A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born

1984

WellFleet

SynOptics

3Com

ACC

DEC

Proteon

IBM

Bay Networks

Newbridge

Cabletron

Ascend

Fore

Xylan

3ComNortel

Ericsson

Alcatel

JuniperLucent

Siemens

NECFoundry

Redback

Riverstone

Extreme AristaHP

Avaya

Juniper

Huawei

Aruba

Brocade

Checkpoint

Fortinet

ShoreTel

Polycom

Microsoft

F5

Riverbed

Dell

Internet of Everything

1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today

The Landscape is Constantly

Changing

Leading for Over 30 Years

2016

Cisco Confidential 7

Who Is Cisco?

Chuck Robbins,CEO, Cisco

• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)

• $154B Market Capitalization

• $48.9B in Revenue

• $10B in Annual Net Profits

• $34B More Cash than Debt

• $6.3B in Research and Development

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

No. 1Voice

41%

No. 1TelePresence

50%

No. 1Web

Conferencing43%

No. 1Wireless LAN

50%

No. 2x86 Blade Servers

29%

No. 1RoutingEdge/Core/

Access

47%

No. 1Security

31%

No. 1SwitchingModular/Fixed

65%

No. 1Storage Area

Networks47%

Market Leadership Matters

Calling all Autobots!

http://www.imdb.com/title/tt0418279/

Cisco Digital Network Architecture

Digital Disruption Impact to Business

Of incumbents are at risk of being displaced

in the next 5 years

40%

Digital Vortex: How Digital Disruption Is Redefining Industries. Global Center for Digital Business Transformation, 2015.

Of digital value at stake across private industries

between 2013-22

$14T

Cisco estimates $14.4 Trillion of digital value at stake across private industries between 2013-22 Where to

begin your journey to digital value in the private sector.

How much more profitable are

organizations that master digital

26%

Leading Digital: Turning Technology into Business Transformation

HealthcareGovernment Manufacturing Education Financial

Cisco Confidential

Digitization Impacts All Sectors

Digital Transformation is Moving IT to the Boardroom

UPS My ChoiceDelivery Control

Personalized Service

Customer ExperiencePhysical and Virtual

RFID Content

Workforce EfficiencyWIP Inventory and

Part Tracking

American ExpressPersonalized Service

Through Mobile

Starbucks AppsOrder AheadSkip the Line

…And Creating New Priorities for Digital Organization

Simplify / Automate Processes

Faster Time to MarketLeaner Operations

Empower Workforce Efficiency and Innovation

Increased ProductivityBetter Retention

Personalize Customer/ Citizen Experience

Increased LoyaltyGreater Insight

IoTMobility Analytics CloudMobile traffic will Exceed

wired traffic by 2017IoT Devices will triple by 2020

75% of companies planning to or investing in Big Data

80% of organizations will primarily use SaaS by 2018

Network Requirements for the Digital Organization

Insights &Actions

Drive Business Innovations

Security & Compliance

Real-time & Dynamic Threat Defense

Cisco Digital Network Architecture (DNA)

Automation& Assurance

Speed, Simplicity and Visibility

Network Enables New Capabilities

Secure the Enterprise AutomationEngage CustomersMobilize the Workforce

Digital WorkforcePersonalized Workspaces

Effective Collaboration

Omni-channel ExperienceEnhanced Points of ServicePersonalized Experiences

Accelerate the BranchRollout services faster

Application performance

Faster threat detectionContinuous complianceSecure mobile access

Built on the Network as a Platform for the Digital Organization

Faster network services

provisioning1

85%Software value vs.

ala-carte with license portability3

2XBreach

Protection4

99.2%Reduced network installation costs2

79%Energy savings and

reduced building maintenance cost5

80%

GreaterBusiness Agility

Lower Costs

Investment Protection

Reduced Risk

Resource Optimization

1 Based on IWAN App - Estimate based on workflow changing from 900 CLI lines to 10 GUI clicks.2 PnP App - Based on average installation cost for SWM, Rolls Royce Engines and Kaiser Permanente installation costs.3. Cisco ONE Software Buying Model for Access and WAN Based on Cisco Threat Centric Infrastructure Study , 2015

4 Based on Cisco Threat Centric Infrastructure Study , 20155 Cisco Energy Management Solution with Philips LED Systems

DNA Delivers Real Business Benefits

Customer Journey for Digitization

BaseAutomation

Immediate value to existing network

environments

Targeted Policy Services

Active control for critical use cases:

IWAN, QoE

Security

Network as a Sensor / Enforcer

Complete Software Control

E2E policy based automation

Digital Services

Enable Line-of-Business

SDA begins here

Your Network is The Problem

Business Networks today are Complex…

VLAN Based

HQ

Wired Wireless Badges

VLAN 1 VLAN 2 VLAN 3

RemoteVLAN C

Branch B

VLAN B

Branch A

WAN

VLAN A

Lighting

BMS

| Disparate Networks | Complex Provisioning | Not Scalable

..and have multiple Operational Challenges

Policy Violations Due to Human Error

Network Changes Performed Manually

95% 70%

OpEx spent on Network Visibility

and Troubleshooting

75%

Source: 2016 Cisco Study

Traditional Networking CANNOT Keep Pace with the Demands of Digital Business

Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Big LieThe Big Lie

Competitors Say:

“The Network Is a Commodity”

Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Big LieThe Big Lie

Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Typical Multi-Vendor NetworkSwitching Routing Security Wireless Voice

Cisco

HPDell3ComDlinkNetGearLinksys

Cisco

3ComJuniperHuwaiAdtran

Cisco

WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto

Cisco

3ComHPAerohiveAruba

Cisco

NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel

Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Results in The Frankenstein Effect!

Switching Routing Security Wireless Voice

Cisco

HPDell3ComDlinkNetGearLinksys

Cisco

3ComJuniperHuwaiAdtran

Cisco

WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto

Cisco

3ComHPAerohiveAruba

Cisco

NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel

Reliability challenges

Inconsistent warranties

Higher maintenance costs

No single point of support

Basic levels of integration

Easily enforce policies across wired, wireless, and WAN

Enable sophisticated network capabilities with simplicity

Predictably administer changes and add capabilities

Deliver service innovation more quickly

Get instant view of issue location to speed remediation

Treat the network as a single sophisticated system

Policy-Driven Automated Agile

What if you could…

A Fundamental Shift in Networking is Needed

Network

A New Infrastructure for the Digital Organization

Cisco Confidential 28© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Transform Your Network!

Driving Business Agility at the Edge

Unified Access

Access Is Where Users and the Network Come Together…• User gateway to information

• Business engages users and customers

• Contextual policy is applied

• 360° view of users, devices and applications

The Network is the Foundation of the Digital Business The Strategy to Succeed in a Digital WorldAccess is a Key Element to that Network Strategy

NETWORK

Unified Access: The Imperatives to Success

Simple. Smart. Secure.

Simple: Agility to Align to the Digital Business

Single Management

Wired and wireless orchestration, lifecycle

management and troubleshooting

Central Policy

Contextual policy for all users,

devices and locations

Consistent Performance

Functional parity from wireless to wired that

improves user and application experience

Flexible Deployment Models

Aligns to any operational model to meet any

business needs

Smart: Improve Digital Business Experiences

Intelligent Power

Control things from the wired infrastructure to

reduce cost and improve experience

Wireless Excellence

Optimized connections, airspace, performance

and roaming

Accurate Location Data

Up-to 1 Meter locations accuracy for better

analytics and end-user engagement

Fastest Wired and WirelessMulti-gigabit

performance from wireless to wired

High-Availability

Gain sub-second recovery to assure

highest network reliability

Secure: Protect The Digital Business

End Device Security

Integration with industry-leading

EMM/MDM solutions to meet compliance

End-to-End Verification

Consistent contextual policy validation from

access to core to WAN

Anomaly Identification

Deep visibility into unknown devices,

unusual traffic patterns and unexpected

behavior

AttackContainmentEnforce policy

and segmentation or quarantine

anomalous traffic

Compliance Everywhere

Extend policies outside the physical

environment with secure remote access

Software Defined Access(SDA)

Consistent Policy

On-DemandServices

SimplifiedProvisioning

Programmable Enterprise Innovations over an Orchestrated Secure Fabric

Enterprise IT Today

VLAN Based

HQ

Wired Wireless Badges

VLAN 1 VLAN 2 VLAN 3

RemoteVLAN C

Branch B

VLAN B

Branch A

WAN

VLAN A

Lighting

BMS

| Disparate Networks | Complex Provisioning | Not Scalable

Lighting

BMS

WAN

Branch B

Remote

Branch AHQ

Digital IT of Future: Logical Virtual Network

Private & PublicCloud Resources

Users & Devices

Building Devices

Agile Fabric ServicesMobility Collaboration Security

APICEM

Software Defined Access Vision

FabricServices

Orchestration and Policy

Infrastructure

Endpoints

SecurityCollaboration

Fabric ServicesMobility Mobility

Seamless roamingElastic WLC

CollaborationQuality of experience (QoE)Voice/Video performance

SecurityIdentity, NAC, EncryptionDevice Onboarding

Branch

Programmable Custom ASICs

Industry LeadingWired & Wireless | Stacking | TrustSec | SDN

Advanced FunctionalityProgrammable Pipeline | VSS | Stack Power

Optimized for CampusIntegrated Stack | Visibility | Security

Future ProofedLong Life Cycle | Investment Protection

`

Network Enabled ApplicationsCollaboration | Mobility | IoT | Security

Automation and AnalyticsController | Visible | Programmable | Open

VirtualizationMPLS | Campus Fabric | Segmentation

Designed for EvolutionStrong Foundational Capabilities | HA

Converged Software Services

Foundational Pillars of SDA

+

Driving Innovations Through Technology Investments

Benefits of SDASimplified ProvisioningConsistent Policy RolloutFlexible User/Device GroupsSecure Network Segmentation

Investment ProtectionGreenfield/BrownfieldSignificant OPEX reductionFuture-proofed

Automation and AssuranceDay 0/1/N Workflow AutomationOpen/3rd Party ApplicationsOrchestrated Data Models

Business Transformation for Programmable Enterprise

Agile ServicesOn Demand Service OnboardingSingle Pane of ManagementContextual Analytics

Mobility Collaboration Security

Endpoints

APICEM

Branch

Secure Fabric Provision Monitor Troubleshoot

A Controller Managed Secure Virtual Interconnect

Secure FabricSecure Segmentation

• Flexible User/Device Grouping• Basic Segmentation• Micro Segmentation

Simplified Provisioning• Device Onboarding• Automated Workflows• Consistent Policy

Monitoring & Troubleshooting• Easy Management• Proactive Network Health Monitoring• Contextual Analytics

Mobility Collaboration Security

Endpoints

APICEM

Branch

Next Generation Mobility for Digital EnterpriseMobility

as aService Elastic

ControllerWired / Wireless

ConvergenceSeamlessRoaming

Mobility as a ServiceWired/Wireless Convergence

• Group Based policies for wired & wireless• Seamless roaming in Fabric domain• Consistent User experience

Simplified Mobility• Flexible controller option – Integrated,

Appliance, VM based• Segmentation for Wireless• Easy IP Addressing

Service Onboarding• Common Guest Services• Extend Identity/NAC/Webauth to wireless• Integrated Analytics for wired & wireless

Collaboration Security

Endpoints

APICEM

Branch

Mobility

ThreatDefense

AccessControl

DeviceOnboarding

Securityas aService

On-demand Security Services

Automates Operations

Scales Enforcement

Increases Visibility

User & Device Onboarding

User devices Building devices

Access Control & Segmentation

PCI DevicesGroup

GuestGroup

Advanced Threat Defense

Before During After

DiscoverEnforceHarden

Detect Block Defend

AssessContain

Remediate

Network-based Security

Collaboration as a Service

IntelligentPolicy

Dynamic QoS

ContextualAnalytics

Unprecedented User Experience

Mobility

Collaboration as a ServiceEasy QoS Provisioning

• Automated best practices CVD template• Consistent QoS policies• Controller based rollout

Rich User Experience• Application Driven QoS• Dynamic Policy management• Performance monitoring

Easy Monitoring and Troubleshooting• Flow based analytics• Contextual insights• 3rd party tools

Security

Endpoints

APICEM

Branch

Collaboration

WAN as a Service

Application-centric SD-WAN

AccelerateIdentify Prioritize

Identify Prioritize Accelerate

See 1000+ apps running on your network

Automate app priority based on business policies

Boost app performance

Securely on any connection or platform for all users

Cisco Intelligent WANApplication-centric SD-WAN

Automation & Assurance

3rd PartyApplications

OpenStandards

On-DemandServices

Controller based Eco-system for Programmable Enterprise

TODAYCLIs and scriptsManual configurationsScript maintenanceWired access onlyStatic network environmentsSlow and unpredictable workload changeHardware-centric

FUTURESimple user interfaceAutonomic with control and visibilityOrchestration with data modelsExtensibility with native 3rd party app hostingOpen sourced programmable interfacesSeamless wired and wireless accessProgrammable using software

Standards Based Object Model APIs

TCO Savings

Enterprise Automation Key Benefits

TCO Savings

Software Defined Access Summary

Begin Your Digital Journey Today

Mobility Collaboration Security

Endpoints

APICEM

Branch

BusinessAgility

AutomatedEnterprise

ConsistentPolicy

InvestmentProtection

Cisco Confidential 54© 2013-2014 Cisco and/or its affiliates. All rights reserved.

This MUST be Autobot

technology.

Foundational Services

Cisco Unified Access Portfolio

Policy – Identity Services Engine

Management – Cisco Prime Infrastructure

Small-Med Wireless Controller

Med-Large Wireless Controller

Stackable Switches

Stackable Converged Access

Switches

Converged Access Switch

Platform

Network as a Sensor and Enforcer

End-to-End Policy Orchestration

Fundamental Wireless

Wireless Access Points With HDX

Wireless Access Point With HDX and Modularity

Low-Profile Outdoor Access

Points

High-PerformanceOutdoor Access

Point

Access Deployment ModesMobility Express | Centralized | Converged | FlexConnect

Comprehensive, Integrated Wired-Wireless Solution

Cisco Leadership With Innovation in PoE

Wider Choice of End Points

Efficient Power Delivery

Extend HA to critical devices

Universal RJ45

Lower CapEx/OpEx

2000 2003 2007

7WInline Power

15W (PoE)

30W(PoE+)

2011

60W(UPOE)

A Historical Perspective

Industry Standard IEEE 802.3af (15W PoE)

Industry Standard IEEE 802.3at (30W PoE+)

Virtual Desktop

Trading Floor Healthcare

Building Management

Campus, Retail,

Hospitality

Telepresense

Compact Switches

DEP Lighting

5 Gigabit Port

Enabling Next Generation MobilityMultigigabit Technology for 802.11ac Wave2

Cisco MultigigabitStandard Cat 5e/Cat6 Cables

1 Gigabit Port

Delivers up to 5X Speeds in Enterprise WithoutReplacing Cabling Infrastructure

Supports PoE Up to 60W

5 Gigabit Port

Available on 3800

Cisco Multigigabit Ethernet Key Differentiators

Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G)

Future proofed for higher speeds

Supports 5G speeds up to 100m distance over Cat5e cabling in Brownfield

Supports higher speeds over Cat6a cabling in Greenfield deployments

Cisco Innovation over 10GT standard to support high end point power needs

1G and 10G BaseT IEEE standards, intermediate speeds standards in progress

Maintain Switch to AP Reach at Higher Speeds

Infrastructure Investment Protection

POE / POE + / UPOE

Standards Compliant

Smart OperationsLower TCO

Zero Touch Deployments and Maintenance

NG Plug n PlaySmart Install

Instant Access

• Software image & Configuration downloaded

• Consistent for Devices & PIN

• On-going Image Update and Configuration Backup

Easy Configurations for endpoints

Auto Smart PortsAuto Conf

Interface Templates

• Port Configuration: Applied

• QoS Policy: Enforced

• Security Policy: Enforced

Monitor and troubleshoot

Smart Call HomeIPSLA

• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team

Program the network

EEM, XMLProgrammability

• Ability to take custom actions based on syslogs/triggers

• Enhanced Flexibility and control

Reduce energy consumption

Energywise and EEE

• EEE ready• Energywise – Time of the

day policy based on/off of access devices

• 0 $ SKUs for energy management

APIC EM

Sleep Sleep Sleep

High AvailabilityProtecting Business Continuity

StackPower Stateful SwitchOver Virtual Switching System

Physical Redundancy

• Redundant Power Supplies

• StackPower with 3850• Redundant Fan Trays for

Chassis Systems• Redundant Supervisors

for Chassis Systems

StatefulSwitchover

• Stackable Support: 3850 and 3650

• Intra-chassis support: 6800, 6500 and 4500

• Inter-Chassis support: with VSS

Network Resiliency

• NSF support for OSPF, EIGRP, ISIS, BGP

• NSF reduces forwarding table churn

• BGP PIC• Graceful Restart for IPv4

& IPv6 with various routing protocols

• OSPFv3 Non-Stop Routing

Upgrade Management

• ISSU for hitless software upgrade

• EFSU for minimal disruption during software upgrade

Infrastructure Redundancy

• VSS• Instant Access• Multi-chassis

EtherChannel (MEC) provides hardware-based failover

• VSS Quad-Sup SSO with Sup2T

FlexStack+

Flexible Radio AssignmentAdjust radio bands to better

serve the environment.

Innovations Only Cisco DeliversRadio Frequency Excellence for High-Density Environments

Optimized RoamingIntelligently connects the proper Access point as people move

Turbo PerformanceScales to support more devices

running high bandwidth apps.

Zero Impact AVCHardware-based application visibility and

control without impact to performance.

Cisco CleanAir®

Remediates device Impacting interference

Cisco ClientLink Improves performance of Legacy and 802.11ac devices.

Expandability Add functionality via module, Smart Antenna Port or USB Port

Multi-Gigabit UplinksFree up wireless with faster wired

network offload Gb+

Flex Dynamic Frequency SelectionAutomatically adjusts so as not to interfere with other radio systems

Connected Mobile Experiences

Anonymous data about every visitor

Detect

Guest WiFi optimized for branding

Connect

APIs for real-time location based apps

Engage

User Analytics and Engagement

• Location Analytics

Optimize marketing and business operations

Analyze capture rate, dwell time, and new/repeat visitors to measure the impact of advertising, promotions, site utilization, etc.

Built-in location analytics Integrated in the WLAN; no extra sensors, appliances, or software

Extensible API Integrate location data with CRM, loyalty programs, and custom applications for targeted real-time offers

`

Intelligent WAN (IWAN) Solution Components

WAASAkamai

PfRv3

IPSec WAN overlayConsistent operational model

DMVPN, PKI

Management and Orchestration

MPLS

Internet

3G/4G-LTE

PrivateCloud

VirtualPrivate Cloud

PublicCloud

IWAN APP

Cisco Prime™

Branch

AVC

TransportIndependence

Optimal application routingEfficient use of bandwidth

Performance Routing(PfR) QoS

Intelligent Path Control

Performance monitoringOptimization and caching

AVC, WAAS, Akamai

Application Optimization

NG strong encryptionThreat defense

Suite-B, ZBFW, AMP, Umbrella, Stealthwatch

Secure Connectivity

Cisco IWAN Deployment ModelsDual MPLS Hybrid Dual Internet

Highest Service Level (SLA) x Inflexible for new servicesx Expensive

Consistent VPN Overlay enables Security across Transition

Enable SaaS and/or high BW apps Balanced Service Level (SLA) Up to 99.999% Reliability

Best price/performance IT Managed Service Levels Up to 99.999% Reliability

Public Public Enterprise

Internet MPLS Internet Internet

Internet

MPLSMPLS

Internal Security

A Threat-Centric Security Model

Network as an Enforcer

Network as a Sensor

BEFOREDiscoverEnforce Harden

AFTERAccessContain

Remediate

Detect Block

Defend

DURING

A T T A C K C O N T I N U U M

Security—User Device Onboarding

User and Device Profiling Authentication

Mobile Device Management

Voice Employee

Supplier BYOD

Non-Compliant

Guest

Visibility with Cisco Identity Services Engine (ISE)Discover Known and Unknown in Your Network

ACCESS POLICY

Network / User Context

How

WhatWho

WhereWhen

Partner Context Data

PxGrid

Consistent Secure Access Policy Across Wired, Wireless, and VPN

Security – Access Control & Segmentation

Group Based Policy Elastic Services

PCI DevicesGroup

GuestGroup

BMS DeviceGroup

IoT DeviceGroup

Network SecuritySegmentation with Cisco TrustSec

Data Center Firewall

Voice Data Suppliers Guest Quarantine

Access Layer

Data Tag

Supplier Tag

Guest Tag

Quarantine Tag

Aggregation Layer

Business Policy:

SourceDestination

Exec PC

HR Database

HR Database Prod HRMS Storage

Exec BYOD X XX XX

X

• Who can talk to whom• Who can talk to what systems• What systems can talk to other systems

• Simplifies policy implementation• Simplifies security operations• Accelerates business agility• Lowers network cost and

complexity

Cisco Application SensorsInnovative approach for Application Awareness and Control

Granular knowledge of appsPerformance monitoringGranular Network Security

QoS – Optimize ApplicationsRate-limit non-business criticalDisallow malicious applications

Proactively identify application degradationVisualize and determine problem

Awareness: move from Reactive to Proactive

Visibility Applications Control

Cisco AVC: The Key to Contextual Insights and Assurance

Cisco AVC ecosystem

Cisco AVC

Device Sensors/Platforms Orchestration/Management

3rd Party Visualization 3rd Party Security/Billing

Switch Router AP Controller FW VM

APIC-EM Prime Web GUI

Full NetFlow

APICEM

Quarantine & Remediation

Secure Fabric

PxGrid

Network/User Context

APIC-EMCloud Threat

Telemetry

Corporate Network PerimetersMalware dropped via backdoorVictim clicks phishing email link

Lateral movement to find admin

Escalate privilege to become admin

Data exfiltration using admin privilege

Security—Advanced Threat Defense

Network as a Security Sensor & EnforcerFull NetFlow with Lancope Integration | FirePOWER Services | Rapid Containment

Reconnaissance

Information monetized after breach

Cisco Stealthwatch: Ubiquitous visibility via flow telemetry

76

… your infrastructure is the source:

InternetAmador

Delta

Solano

Border

DMZ

Virtual Hosts

PerimeterDatacenter

WAN Hub

WAN

Access

IDFDatacenter

WAN

DMZ

Access

FlowFlow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

FlowFlow

76

enterprise network

Attacker

Perimeter(Inbound)

Perimeter(Outbound)

Infiltration and Backdoor establishment

1

C2 Server

Admin Node

Reconnaissance and Network Traversal

2

Exploitation and Privilege Elevation

3

Staging and Persistence (Repeat 2,3,4)

4

Data Exfiltration

5

Anatomy of a Data Breach

Architecting a Secure NetworkCombining Network as a Sensor / Network as an Enforcer

Network Sensor(Lancope)

Campus/DCSwitches/WLC

Cisco Routers / 3rd Vendor Devices

Threat

PxGRID

Network Sensors Network EnforcersPolicy & Context Sharing

Cisco Collective Security Intelligence

ConfidentialData

NGIPS

PxGRID

ISE

NGFW

TrustSecSoftware-Defined

Segmentation

Cisco Confidential 79© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Prime!

Cisco Prime Infrastructure

Prime InfrastructureEnd-to-End Lifecycle Management

Centralized lifecycle management -discovery, inventory, configuration, SWIM, and proactive/reactive monitoring

NEW: Compliance Baseline* Audit device configurations

Customizable configuration templatesbased on Cisco validated designs and guided workflows

Rapid device support through Device Packs for new Cisco® network devices

Advanced troubleshooting of wired and wireless infrastructure issues

Cisco Unified Access™ management and client tracking• Integration with Cisco® Identity Services Engine (ISE) for simplified troubleshooting

• Integration with Cisco® Mobility Services Engine (MSE) for location-based service and rogue detection

*requires Pro OVA or Gen2 hardware appliance

Prime InfrastructureUser Application Experiences

Simplified troubleshootingof applications and client access issues

QoS configuration and monitoring applied to interfaces and class-based traffic patterns

Multi-NAM management• Traffic analysis• Application response-time

metrics • Packet capture and decode

End-to-end visibility for service-aware networking

Out-of-the-box support for Cisco® advanced technologies

Service health dashboardallows quick check on your business-critical applications

Visibility Support Dash-board

Trouble-shooting QoS Multi-

NAM

Why Choose Cisco Prime Infrastructure?The Cisco Advantage

WhyPrime?

To simplify management and automationof network operations

Single pane of glass for campus, branch, and data center

Out-of-the-box templates

Compliance baseline

Plug-and-Play (PNP) app integrated with APIC-EM

Read/write API

Topology view of devices, links, and alarms

IWAN configuration and monitoring

Rapid device andtechnology support

Application Visibility and Control (AVC)

Integration with Cisco® MSE and ISE

Cisco Unified Access Portfolio

Policy – Identity Services Engine

Management – Cisco Prime Infrastructure

Small-Med Wireless Controller

Med-Large Wireless Controller

Stackable Switches

Stackable Converged Access

Switches

Converged Access Switch

Platform

Network as a Sensor and Enforcer

End-to-End Policy Orchestration

Fundamental Wireless

Wireless Access Points With HDX

Wireless Access Point With HDX and Modularity

Low-Profile Outdoor Access

Points

High-PerformanceOutdoor Access

Point

Access Deployment ModesMobility Express | Centralized | Converged | FlexConnect

Comprehensive, Integrated Wired-Wireless Solution

Cisco ONE for Unified Access

* Requires software support service

In Deployment• Access to ongoing

innovation*• Improved management

At Refresh• Lower cost due to

license portability*• Simplifies management

and saves time

At Purchase• Simplified purchase with

all licenses in 1 SKU• Outcome driven: licenses

detached from hardware• Better together pricing

and lower TCO

Comprehensive, Integrated Wired-Wireless Solution

Cloud Managed Solution

Cisco Meraki Cloud-managed Portfolio

Policy – Meraki, Identity Services

Engine

Virtual and Physical Stackable Switches

Aggregation Switches

Access Switches

Indoor Access Points

Outdoor Access Points

Teleworker Gateway Security Appliance /UTM MDM

Management –Meraki Dashboard

Network as a Sensor and Enforcer

Comprehensive, Integrated Wired-Wireless Solution End-to-End Policy Orchestration

Intuitive web-based dashboard

Site wide search

Client location

Traffic analytics

Real-time control

Client fingerprints

Single pane of glassmanagement

Phone

Use Cases

BYOD/CYOD and Guest

Simple.Establish contextual policy and deploy high-performance infrastructure

Smart.Streamline on-boarding with EMM integration

Secure.Enforce policy across wired and wireless

Application and Device Performance

Simple.Deploy multi-gigabit wired and wireless environment

Smart.Optimize the wireless environment and align applications to business priorities

Secure.Link policy to management data to better resolve client and application issues

Analytics and User Engagement

Simple.Quickly scale wireless environments to capture employee and customer insight everywhere

Smart.Improve location data accuracy and display reports to make better business decisions

Secure.Identify rogue access point and interferers with up to 1 meter accuracy

Simple.High-availability wired and wireless infrastructure

Smart.Leverage available switch ports to create a more inviting environment and reduce cost

Secure.Detect new IP devices when they come online for compliance

Power Things

Network as a Sensor and Enforcer

Simple.Validate traffic against security policy from access to WAN

Smart.Identify anomalies and trends and segment potential malicious traffic

Secure.Quickly identify, mitigate and correct the impact of malicious activity

Cisco Confidential 95© 2013-2014 Cisco and/or its affiliates. All rights reserved.

9

Questions?

0% Financing with Easy Pay

Accelerate Digital Network Architecture transformation

It’s easy• Divide 90% of total product cost

by 36 months; make 36 monthly payments at 0% interest

• Finance Cisco Services at 0%

Flexible end-of-term options• Return and refresh your

technology• Extend the lease• Purchase the product solution at

10% of the original cost

Customers can use our funds and stay ahead of the curve.

Thank You and Next Steps

Brian Averybravery@cisco.com

Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

www.

Learn more about DNA and Unified Access:www.cisco.com/go/unifiedaccess/

• CCE sessions are held weekly on a variety of topics

• CCE sessions can help you understand the capabilities and business benefits of Cisco technologies

• Watch replays of past events and register for upcoming events!

Visit http://cs.co/cisco101 for details

Join us again for a future Cisco Customer Education Event