Empowered Branch © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Branch Cheng Jang Thye Business Development Manager [email protected]
Empowered Branch
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Branch
Cheng Jang Thye
Business Development Manager
Enterprises New Business Priorities
Globalization Collaboration, Web 2.0Data Center Consolidation
Number of Branches Average number branch Branch Bandwidth
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Green Business Visual NetworkingVirtual Workers
Number of Branches Growing 11% per year
Average number branch devices decreased from 7 to 5
Branch Bandwidth Growth 50% per year
62% of Enterprises adding new branches
91% of employees work away from HQ
Video & Collaboration Tools Top Bandwidth Drivers
NowBranch
Fewer branch services
Then
Multi-services
Branch Transformation
Retail
Healthcare
Financial Services
Challenges
� End-end-QoS
� Saturated WAN
� Operational complexity
TDM VoIP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Point Security Self-Defending
Mobile
Government
Wired
� Reactive ����Proactive
� Compliance
� High Availability
� Services consistency
� App-network integration
Network only Network + Application
Introducing: Empowered Branch
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Moving to an Integrated Network Model
Mobility
Switching
Voice
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Network Analysisand Monitoring
WAN Optimization
Security
MobilityRouting
Security
PRODUCTS APPROACH SOLUTION APPROACH
Service Oriented Network Architecture
Applications
Business Applications Collaboration Applications
Application DeliveryApplication Oriented
Networking
Mg
mt. S
erv
ice
s
Security Services IntegratedUnified
Communications Services
Collaboration Applications
Application Delivery
Unified Communications
Services
Security Services
Places in the Network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Mg
mt. S
erv
ice
s
IntegratedNetwork Services
Services
Mobility Services Compute Services
Storage Services Identity Services
Network Infrastructure Virtualization
Network Systems
Branch-WAN Campus
Services
Datacenter
Anywhere, Anytime Network Access
Operational Challenges in the Branch
BusinessChallenges
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Availability and Performance
Core vs Context
Scarce IT Talent
Network Complexity
Cisco Empowered Branch Innovations
UnitedNetworkServices
MobilityApplicationIntelligence
IntegratedSecurity
RoutingSwitching
Mgmt.
Mar ’07
Dec ’06Get VPN
Voice/Video Enhancements
3G, WLCM
1861
WAASNAM
3560-E
3750-E
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Sep ’07
Apr ‘08
IEEE 802.11n
Messaging GW, SRST w/E-911,
UCME 4.2, CUE 3.0
AXP
1861 ISR
ISR 860, 880
WAAS, PfR,
ACNS
NAC Profiler
NM-NAC
IPS AIM
UCME 4.3
CUBE 1.2
WAAS Virtual Blade
Video Surveillance
Content Filtering
4500-E
2960, 3560
Integrated 802.11n,
3G
CCP
Integration Delivers Operational Efficiency
Overlay Appliances
Security Appliance
Router
Switch
Wireless LANCisco® ISR 3845
With voice, wireless, video,
Integrated Services Router
WAN/App Optimizationvs.
3G
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Over 70% OpEx Reduction
Security ApplianceVoice Appliance
With voice, wireless, video, WAN optimization, switch
Total Cost of Ownership
Dir
ect
an
d In
dir
ect
Co
sts
$0
$10,000
$20,000
$30,000
$40,000
$50,000
$60,000
$70,000
$80,000
Cisco Integrated Services RouterCompetitive Overlay Appliances
Revenue Loss
Employee Productivity
Unplanned Downtime
Planned Downtime
Maintenance Contracts
Facilities (Space, Power, Cooling)Implementation Costs
NMS Costs
Routing and Switching in the Branch
� Industry-leading Routing and switching portfolio
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
� Gold standard Cisco IOS
� New innovations
Perf
orm
ance a
nd S
erv
ices D
ensity
Integrated Services Router Portfolio
High Density and
2800 Series
3800 SeriesService IntegrationScaled to Fit Every Size Branch Office
3200 Series
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Perf
orm
ance a
nd S
erv
ices D
ensity
Embedded Wireless, Security, and Data
Density and Performance for
Concurrent Services
Embedded, Advanced Voice, Video, Data, and Security Services
800 Series
1800 Series
Rugged and Mobile
Applications
Small Office and Teleworker
Medium toLarge BranchSmall Branch
MediumBranch
Mobile/Rugged Branch
Pe
rfo
rma
nce
an
d S
erv
ice
s S
ca
lab
ility
Cisco Unified WAN Services Router Portfolio
ASR 1000 with ESP-5G
New ASR 1000 with ESP-20G
Secure WAN Aggregation
Integrated Threat Control
Application Optimization
Pe
rfo
rma
nce
an
d S
erv
ice
s S
ca
lab
ility
ASR 1000 with ESP-5G
or ESP-10G
ASR 1000 with ESP-10G
Modular software,
Consistent LAN/WAN services
Broadband,
Metro Ethernet services
Catalyst 6500 Series
Cisco 7600 Series
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Pe
rfo
rma
nce
an
d S
erv
ice
s S
ca
lab
ility
Branch
Head Office / WAN Aggregation
Secure, Reliable, Concurrent WAN Services Aggregation
High-performance Embedded Services
Hardware/Software Resiliency, Modular Software
Pe
rfo
rma
nce
an
d S
erv
ice
s S
ca
lab
ility
or ESP-10G
7200 SeriesHighest Capacity, Highly Available,
Modular Services
LAN/WAN services services
Integrated Security
� Broad set of security services
� Regulatory compliance
� Single security architecture
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
� Single security architecture
� Protect against Day-zero threats
� New innovations: GET-VPN, NAC, IPS-AIM
Threat Threat
Branch Evolving Security Requirements � Compliance drivers for security:
PCI (Retail); HIPAA (Healthcare); Sarbanes-Oxley/GLBA (Finance)
� Vulnerabilities from public Internet resources (web and email)
� Security threats from contaminated laptops, guest and rogue users
� Targeted attacks aimed at sensitive information in the data center
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Threat
Employees Data Center
Threat
Wireless Guests
Threat
Web and Email
Threat
IPSec Tunnel
Corporate OfficeBranch
Infrastructure Internet
Complete Security Architecture
� Flexibility—mix and match integrated and appliance security
� Guidelines for secure deployments
� Leverages best-in-class Cisco technologies
� Rapid response to emerging security threats
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Network Admission
Control
Advanced Firewall
Intrusion Prevention
Router Integrated Security
URL Filtering
802.1x
Network Foundation Protection
Flexible Packet
Matching
011111101010101011111101010101
VPN
Unified Threat Management Self-Defending Network
Network Admission
Control
Advanced Firewall
Intrusion Prevention
Content Security
VPN NetworkIntelligence
Flexible Packet
Matching
App Security Malware
Defense
011111101010101011111101010101
Secure Voice
Compliance
Secure Mobility
Business Continuity
Integrated Security
IOS Firewall, IPSec VPN, SSL VPN, IOS-IDS, NAC, IPS, GET VPN
Branch Security Solutions Portfolio
ASA, IPS 4200,
Security Appliances
� Integration ensures availability of technology
� Hardware flexibility and feature parity
� Common management interfaces
Add Physical Security
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Security Design Guide
Cisco Security Center
Cisco Security Manager
CS-MARS, Cisco ACS
Cisco SDM, ADSM
ASA, IPS 4200,
NAC Appliance
Security Management� Management for large enterprises/many branches
� Centralized security alerts, signatures, and patches
� Self-Defending network – adaptive, intelligent defense
� Moving from defensive to proactive security
Best Practices
Cisco NAC Appliance Portfolio
SuperManager
Manages up to 40
Enterprise andBranch Servers
Enterprise andBranch Servers
StandardManager
Manages up to 20
� NME-NAC for 50 and 100 users, integrates CAS
Now Extending to Cisco Integrated Services Router
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
3500 Users Each
Branch Servers
1500 Users Each
Branch Office, SMB Servers or Cisco ISR Network Modules
100 Users 250 Users 500 Users
ManagerLite
Manages up to 3
50/100Users
CAS functionality
� Supports Cisco 2811, 2821, 2851, 3825, 3845 Integrated Services Routers
Intrusion Prevention System (IPS) Advanced Integration and Network Modules
Incorporates Network Admission Control (NAC) appliance server
� Enforces security policies,
Scans for latest anti-virus software
Prevents unauthorized access and spread of viruses on the network
Supports wired, wireless and guest NAC
Integrated Threat Control for Cisco ISR
� Enables Inline Intrusion Prevention (IPS)
� Runs same software (CIPS 6.0) and enables same features as Cisco IPS 4200
Performance Improvement by Hardware Acceleration.
AIM-IPS-K9
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Supports wired, wireless and guest NAC
Integrated into Cisco ISRs
� Provides size and scale ideal for remote offices (<100 users)
Works with NAC appliances at headquarters in a network system
� Benefits of router integration
Systems Integration
Lower Operating Costs
Cisco IOS Advanced Security & above AIM – Cisco 1841, 2800, 3800NME –Cisco 2800 and 3800
�Dedicated CPU and DRAM to offload host CPU
AIM – Up to 45 Mbps
NME – Up to 75 Mbps
Management by both Routing and IPS software
Cisco IPS Device Manager (IDM)
Cisco Configuration Professional (CCP) (Device)
Cisco Security Manager (CSM) (Network wide)
IPS Manager Express (IME) and CS-MARS (event monitoring and correlation)AIM-IPS
NME-IPS-K9
NME-IPS
Cisco IOS® Content Filtering for ISRwith Trend Micro
Incorporates Network Admission Control (NAC) appliance server
� Enforces security policies,
Scans for latest anti-virus software
Prevents unauthorized access and spread of viruses on the network
Supports wired, wireless and guest NAC
Control spyware and malware at the remote site; conserve WAN bandwidth
Block malicious sites and enforce corporate policies
�Offer category-based security and productivity ratings
�Enforce HIPAA, FISMA, CIPA (Children’s Categories: Porn,
InternetTrend Micro
Rating Server
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Supports wired, wireless and guest NAC
Integrated into Cisco ISRs
� Provides size and scale ideal for remote offices (<100 users)
Works with NAC appliances at headquarters in a network system
� Benefits of router integration
Systems Integration
Lower Operating Costs
For Cisco 800, 1800, 2800, and 3800 Integrated Services Routers
�Enforce HIPAA, FISMA, CIPA (Children’s Internet Protection Act)
Enforce with latest information, hassle-free
�Trend Micro maintains and updates the security and productivity database 24x7
�No local database is required on the router
Enable Registration and Configuration through
Cisco Configuration Professional® (CCP)
Categories: Porn, Violence, Gambling,
Sports,…
Cisco Integrated Services Router (ISR) Portfolio for Video Surveillance
Cisco
Cisco 3825
Cisco 3845
Analog Video Encoding Module
Cisco IP Video Surveillance Solution
New
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Enterprise Branch Office
Cisco
2821
Cisco 2851
High-Density Services
Encoding Module
Extended Modular Connectivity
Multiple Services Modularity with Performance Optimized for “All-in-one” Solution
Video Management and Storage System
New
“Router-Integrated” Video Surveillance
The network is the platform reinvents safety and security
Easier to deploy new and extend existing sites
Greater monitoring flexibility, anywhere anytime
Tighter linkage between video
Unified Communications
IP Video SurveillanceCisco ISR
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Investment Protection
Tighter linkage between video surveillance and other branch applications
� Leverages existing IP network
� Smooth analog to IP transition
� Leverages installed base of ISRs
Operational Efficiency
� Fewer devices at the branch
� Converged UC-VS platform
� One management system
� Simplified troubleshooting
� Lower TCO
Best in Class Network Security
Branch Application Performance
� Improve application response times
� Increase network availability
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
� Increase network availability
� Service level guarantees
� Recent innovations: Application eXtension Platform (AxP) WAAS, PfR
The Network is the PlatformO
pe
ratio
na
l E
ffic
ien
cy
A Few Years Ago
Integrated Services Routers
Integrated Application Platform
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Op
era
tio
na
l E
ffic
ien
cy
Network IntegrationMultiple Overlay
ProductsApp and Server
Integration
WAN Optimization
Security
MobilityRouting
Network Analysis/
Monitoring
Voice
Switching � Service Integration
� Survivability
� 50–70% Opex reduction
� Applications and network integration
� New business models
� Optimized branch footprint
Application eXtension Platform
AIM-102
NME-302/522512MB-2GB RAM80-160GB storageIntel Pentium M
SDK (IOS APIs)
AXP Development
Portal
Complete Ecosystem
� Linux-based
� IOS APIs (AXP SDK)
� Supports multiple
concurrent applications
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
AIM-1021GB RAM256MB FlashIntel CeleronAXP
Partner Program
AXP Development and Advanced
Services
Ecosystemconcurrent applications
� 1841, 2800, 3800 ISRs
� Optimized, open branch architecture
� Tight Network-Application linkage
� A new business architecture
� Anything you need in the branch
� Applications are designed to work well on LAN’s
High bandwidth
Low latency
Reliability
� WANs have opposite
The WAN is the Barrier to Branch Application Performance
Round Trip Time (RTT) ~ 0mS
ClientLAN
SwitchServer
Round Trip Time (RTT) ~ many many milliseconds
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
� WANs have opposite characteristics
Low bandwidth
High latency
Packet Loss
Round Trip Time (RTT) ~ many many milliseconds
ServerClient LAN Switch
LAN Switch
Routed Network
WAN Packet Loss and Latency = Slow Application Performance =
Keep and manage servers in branch offices ($$$)
Cisco WAAS and Performance Routing
Application Optimization Solutions
� Choice of router integrated solutions
� WAAS Appliance / Integrated solution consistency
� Maximizes branch bandwidth, minimizes latency
� Maximize value of WAN investment
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
IOS Application Intelligence
� Enhances performance of business critical applications
� Transparent service interoperability
� Network visibility minimizes operational overhead
� Maximize value of WAN investment
IPSLA
NetFlow
QoS
PfR
A solution approach to Application Acceleration
Monitor and Provision
IP SLAs
Cisco NME-NAMVoice
Storage
IP
IP
UDP
TCP
Preserves Queuing, Shaping, Policing, and PfR
Transactional
QoS and Control
Inspect
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
IP SLAs
NetFlow
Wide Area File Services
WAN Optimization
Routing
QoS IPS
Firewall
Encryption
2X–100X
Integrated NME-WAE
Preserve Network Services Accelerate Applications
NME-WAE-302/K9 NME-WAE-502/K9
NME-WAE-522/K9
Traffic from Any Mix of Applications Can Coexist and Be Optimally Delivered on Converged IP Networks
Web content� Browsing
� Shopping
Real-Time Traffic� Voice over IP (VoIP)
� Videoconferencing Transactional Traffic� Order Processing & Billing
� Inventory & Shipping
� Accounting & Reporting
Streaming Traffic� Video on Demand (VoD)
� Movies
Bulk traffic� Email
� Data Backups
� Print Files
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
Convergence
All Traffic Is Not Alike => Need QoS
Converged IP Networks
Converged IP Networks
Cisco Empowered Branch
Largest Set of ServicesLower Barriers to Entry for Branch
Service Adoption
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Complete and Integrated Branch Solution
Service Integration and Interoperability
Choice of Integrated or Separate Appliance
Consistent Services, Flexible
Performance/Pricing
Continuous Innovation
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30