Mobila Trender inom Kommuner Anders Johansson Tapper & Peter Jerhamre Cisco Systems, Sverige September 2014 Mobil Kommun = Smart Kommun, en trendspaning
Mobila Trender inom Kommuner
Anders Johansson Tapper & Peter JerhamreCisco Systems, Sverige
September 2014
Mobil Kommun = Smart Kommun, en trendspaning
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Två kablaroch en önskan att fåkontakt…
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vår Vision och Strategi
StrategiLösa våra kunders mest affärskritiskautmaningar genom att levereraintelligenta nätverk och tekniskaarkitekturer byggda på integreradeprodukter, tjänster och mjukvara.
VisionFörändra sättet vi alla arbetar, lever, leker och lär.
#1 IT Company in the world
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• För företag och organisationer• Livskvalité för invånare• Arbetsmiljön för anställda
• För företag och organisationer• Livskvalité för invånare• Arbetsmiljön för anställda
ATTRAKTIVATTRAKTIV• För företag och organisationer• Livskvalité för invånare• Arbetsmiljön för anställda
ATTRAKTIV• Teknik som en möjliggörare för
lösningar som bidrar till att uppnåKommunens mål.
• Teknik som en möjliggörare förlösningar som bidrar till att uppnåKommunens mål.
INNOVATIVINNOVATIV• Teknik som en möjliggörare för
lösningar som bidrar till att uppnåKommunens mål.
INNOVATIV
Säkra lösningar för:• Skolor• Äldrevård• Daghem• Fastigheter
Säkra lösningar för:• Skolor• Äldrevård• Daghem• Fastigheter
SÄKERSÄKER Säkra lösningar för:• Skolor• Äldrevård• Daghem• Fastigheter
SÄKER
• Grön IT• Kommunen blir ett utbildat samhälle• Uppstyrda processer som resulterar
i en budget i balans
• Grön IT• Kommunen blir ett utbildat samhälle• Uppstyrda processer som resulterar
i en budget i balans
EFFEKTIVEFFEKTIV• Grön IT• Kommunen blir ett utbildat samhälle• Uppstyrda processer som resulterar
i en budget i balans
EFFEKTIV
Information tillgänglig för allaInformation tillgänglig för alla
… och Invånarvänlig… och InvånarvänligInformation tillgänglig för alla
… och Invånarvänlig
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
IntelligentaNätverk
Samverkan Data Hallar
Säkerhet
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Attraktiv kommun: - för invånare, företag och som arbetsgivare
• Hålla kostnaderna nere• Innovation och Utveckling• Effektivare och Öppnare
• Outsourcing Vs. Gemensam drift - Konkurrens från privata utförare• Att få ner produktionskostnaderna för standardiserat IT-stöd• IT i Skolan och för Vård och Omsorg• Öka andelen förändring och innovation inom IT• Proaktivt arbeta med säkerhet för att lyckas med digitalisering av
kärnverksamheten
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Digitalisering • Internationalisering• Sociala medier• IoT/IoE*• Big Data/Open Data• Bring Your Own X*• Video • Gamification• Säkerhet*
• Personifiering*• Urbanisering• Outsourcing• Autentisering*• Cloud/Molntjänster• Förändrade gränser mellan arbetsliv
och privatliv
• Säker anslutning• Apple utrustning i skolan• Smart ansluten kommun
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Utmaningen!
MGR
MGR
ISE
Data Store (e.g Active Directory / LDAP)
AccesswiredwirelessVPN
DataCenterNexusASA
CoreVart?Vem
Vad?
ISE
- Authentication, Authorization- Posture- Guestportal- Profiling- Certificate enrollment- Client troubleshooting
Services
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A
Policy Information
Policy AdministrationPolicy Decision
Policy EnforcementCisco 2900/3560/3700/4500/6500 and Nexus 5000 & 7000
switches, Wireless and Routing InfrastructureCisco ASA, ISR, ASR 1000
Identity Access Policy SystemIdentity Services Engine (ISE)
NAC AgentNo-Cost Persistent and Temporal Clients for Posture, and
Remediation
Web AgentAnyConnect or
OS-Embedded Supplicant
802.1x Supplicant
Identity-Based Access Is a Feature of the NetworkSpanning Wired, Wireless, and VPN
TrustSec Powered
TrustSec Powered
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUEST ACCESSIt’s easy to provide guests limited time and resource access
SECURE ACCESS ON WIRED, WIRELESS & VPN
Control with one policy across wired, wireless & remote infrastructure
BYODUsers get safely on the internet fast and easy
TRUSTSEC NETWORK POLICY
Rules written in business terms controls access
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Image: Gartner Magic Quadrant for Network Access Control 2013, Lawrence Orans, John Pescatore – 12 December 2013
THE NAC Innovation LeaderPioneered NAC TechnologyDeveloped NAC Standards
First to Launch in 2004
THE NAC Innovation LeaderPioneered NAC TechnologyDeveloped NAC Standards
First to Launch in 2004
Cisco Positioned as Market and Technology Leader
Positioned as a LEADER in Gartner Magic Quadrant for Network Access Control
- Gartner December 2013, 2012, 2011
Positioned as a LEADER in Gartner Magic Quadrant for Network Access Control
- Gartner December 2013, 2012, 2011
“Cisco TrustSec and Cisco ISE are consistent with our view of identity-centric end-to-end security that is both needed and lacking in the enterprise today.”
- Forrester 2011
“Cisco TrustSec and Cisco ISE are consistent with our view of identity-centric end-to-end security that is both needed and lacking in the enterprise today.”
- Forrester 2011
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Authenticate User Fingerprint the Device Apply District Configuration Education Apps Automatic Policies
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Initial Connection Using PEAP
ISEWLC
1
Device Provisioning Wizard
2
Future Connections Using EAP-TLS
3 ISEWLC
Change of Authorization
CA-Server
CA-Server
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
1717
Apple Bonjour ytterligare en utmaning för IT avdelningen
Klassrum: Trådat anslutna AppleTV’s och trådlösa klienter
Typfall 1: Från samma vlan, lärare kan dela från iPad to AppleTV men inteelever. Endast lokala AppleTV’s skall vara synliga för klienter.Typfall 2:Lärare kan tillåta studenter att dela skärm från iPad till AppleTV.
IT managerade bonjour enheter
Bibliotek: Trådat anslutna AppleTV’s och trådlösa klienter
Typfall 3: Elever skall tillåtas skriva ut på närbelägna skrivare somautomatiskt visas via AirPrint. Gäster skall inte erbjudas sammautskrifttjänst.
Privata bonjour enheterStudent rum: Privata AppleTV’s/ Skrivare (trådade/trådlösa) och trådlösa klienter
Typfall 4: Endast studenter som äger AppleTV’n skall kunna anslutadensamma.Typfall 5: Administration av privata Bonjour tjänster: Student 1 ger Student 2 access till Student 1’s Bonjour tjänster
Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
So what are we really trying to solve?
• 224.0.0.251 (IPv6 FF02::FB) is multicast…
• And cannot be routed (belongs to the ‘non-routable’ part of multicast, as per RFC 5771 defining multicast addresses)
• No cross-subnet discovery
CAPWAP Tunnel
Apple TVVLAN X
AP WLC L3 Switch
VLAN Y
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Phase I – Code 7.4
Step 1 – Listen for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
Bonjour Advertisement
VLAN 20
VLAN 99 iPad
AirP
rint O
ffere
d
Bonjour Advertisement
• In 7.4 Bonjour Services with mDNS gateway on the controller don’t require multicast services to be enabled.
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Step 2 – Bonjour Services cached on Controller
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
AirP
rint O
ffere
d
Bonjour Cache:AirPlay – VLAN 20AirPrint – VLAN 23
With deployment of mDNS gateway Bonjour Services don’t flood subnet with mDNS advertisements
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Step 3 – Listen for Client Service Queries for Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:AirPlay – VLAN 20AirPrint – VLAN 23
Bonjour Query
WLC will snoop all Bonjour discovery packets and will not forward the same on AIR or Infra network
Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Step 4 – Unicast Respond to Client Queries for Bonjour Services
CAPWAP Tunnel
AirPrint
Apple TV
VLAN 23
VLAN 20
VLAN 99 iPad
Bonjour Cache:AirPlay – VLAN 20AirPrint – VLAN 23
Bonjour Response From Controller
Only Clients that require Bonjour services will receive those services in unicast
Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Policy Components
Organize by using policies • In 8.0 you can create Service Groups: Users (roles and identity), Devices, Service
• And then you decide how these Service Groups interact by using Bonjour Polices and Profiles with ISE on mDNS enabled Controller
Location Device Type
Student
Teacher
Admin
John
User-Role Identity
Bonjour Instant
Services
WLC
Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart Connected City Network with WiFi
City Infrastructure Management Solutions
Cisco Confidential 26© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Alla stadens avdelningar/enheter gör egna oberoende investeringar som resulterar i: Ingen gemensam infrastruktur och delning av resurser
Ingen delning av data/intelligens/information, såsom videoströmmar, data från sensorer etc.
Slöseri och dubblering av investeringar och resurser
Svårigheter med managering av infrastruktur
Detta fragmenterade tillvägagångssätt är oflexibelt, ineffektiv och är inte ekonomiskt!
Traditionellt sett har städer adresserat dessa problem i silos…
7Parkering 6Trafik-övervakning
5Video övervakning
4Belysning 3 Miljöövervakning 2 Sophanterin
g 1 Public WiFi
Cisco Confidential 27© 2013-2014 Cisco and/or its affiliates. All rights reserved.
EN grundläggande infrastruktur för att erbjuda olikatyper av tjänster för Staden/Kommunen
INFRASTRUKTUR TJÄNSTER
(Transport, Fastigheter, Public Safety, Miljö)
SMART+CONNECTED CITY NETWORK + WiFi
TJÄNSTER TILL FÖRETAG/HYRESGÄST
ER(Local Commerce)
KOMMUN INTERNATJÄNTER
(Stadsinformation, Planering, Intranät)
MEDBORGAR TJÄNSTER
(Access, Delaktighet)
KOMMUNENS STADSNÄT
Cisco Confidential 28© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart City, ur ett CISCO perspektiv:
1Smart Parkering 2Trafik-
övervakning
3Video övervakning
4Smart Belysning 5 Miljö
övervakning 6 Smart Sophantering
Intelligenta Nätverk: Smart Connected City Network: City Wi-Fi
DataCenter för hantering av all data: Big Data/Öppen Data/Stängd Data
Stadens grundläggande infrastruktur: Stadsnätet
Infrastruktur för driftövervakning: Operations Center
Applikations lager/Tillhandahållande av tjänst/App, Sensorer/”Things”
Systemintegratör, Internet operatör, Cisco Partner
7 Public WiFi
Cisco Confidential 29© 2013-2014 Cisco and/or its affiliates. All rights reserved.
S+C City Wi-Fi
Cisco• Tillhandahålla infrastruktur och
arkitektur• Driva på samarbeten för olika
ekosystem och affärsmodeller
Affärsmodell: Intressenter
Staden/Kommunen
• Äga nätverket och tjänste-leveransen förinfrastrukturen
• Tillhandahålla “öppen data” som tjänster kan byggas på
Medborgare/Turister/Företa
g
• Accessa nätet• Leverera olika typer
av tjänster baserat på“öppen data”
Tjänste-leverantör
• Bygga och drifta tjänsten• Underhålla, utveckla och
supportera
App Builder Community
• Utveckla stadens/kommunensapplikationer och I viss måntjänster
Sensorer/Things
• Tillverkare av olika sensorer ellerstyrdon, IP-baserade
Cisco Confidential 30© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 31© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Applications & Dashboards
DC Switching fabricWireless
Controller
Router
Root AP Mesh AP Root AP
Data Center Layer
City Layer
Street Access Layer
Compute/Storage Servers
Core
Access/Aggregation
Virtualization Management
Location AnalyticsInternet/Other Networks
APIs
Industrial Ethernet Access Switch
Root AP Mesh AP Root APGWGW
Cisco Confidential 32© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Public Wi-Fi ISP Management
Use Case 1:
ISP Monitoring/control
of applications
Data Center Layer
Applications & Dashboards
Applications & Dashboards
Internet/ISP
City Layer
Street Layer
Public WiFi
Cisco Confidential 33© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management & Reporting
Cisco Security Intelligence Operations (SIO)
Vad är “Fritt Internet”?- Cisco Web Security
WWW
URL Filtering
Application Visibility and Control (AVC)
Data Loss Prevention (DLP)
Layer 4 Traffic Monitoring (On-premises)
Real-time Malware Scanning
• Scans all traffic• Detects malware bypassing
port 80• Prevents botnet traffic
• Analyzes traffic in real time
• Prevents zero-hour attacks
• Contains 50M known sites• Categorizes unknown URLs
in real time
• Controls mobile, collaborative and web 2.0 applications
• Enforces behaviors within web 2.0 applications
• Blocks sensitive information• Integrates easily by ICAP
with 3rd party vendors
Offers actionable insight across threats, data and applications
AllowWWW Limited Access
WWW BlockWWW
Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min
PROTECTION CONTROL
Cisco Confidential 34© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco CMX en mobil tjänsteplattform
CONNECT
CUSTOMER PRESENCE
DETECT
Seamless, secureWi-Fi on-boardingMobile device detected Local services
CUSTOMER EXPERIENCE
LOCATION ANALYTICS
CUSTOMER ACCESS
ENGAGE
Cisco Confidential 35© 2013-2014 Cisco and/or its affiliates. All rights reserved.Root AP
Mesh AP Root AP
Root AP
Mesh AP Root AP
Access SwitchAccess SwitchAccess Switch
Streetlayer, Smart City WiFi
Bridge AP Bridge AP Root APRoot AP
Standalone AP
Standalone AP
Standalone APStandalone AP
Standalone AP
Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 37© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart+Connected City Parking: How It Works
Street
City Foundational
Network
POWER
Sensor Gateway
STREETCABINET
Ruggedized Switch
Parking Sensor
Parking Sensor
Parking SensorNo Parking Zone
Solution Components1 Sensors on parking spots2 New generation of parking meters 3 Video camera with analytics
Data Flow1 Sensors detect parking events2 Correlation of sensor and meter events
to generate meter violations3 Cameras detect no-parking and
loading zone violation eventsVideo Camera
Cisco Confidential 38© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 39© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart+Connected City Traffic: How It Works
City Foundational
NetworkTraffic Incident
Detection
Data CenterData Analytics
Anomaly Detection
POWER
STREETCABINET
Ruggedized Switch
POWER
POLE SWITCH
VEHICLE SENSOR VEHICLE SENSOR
Solution Components In-pavement vehicle sensor Video camera, license plate reader Network Data analytics and visualization
software
Data Flow1 Different sensors detect
live traffic conditions and send data over network for analysis
2 Analytics identify sudden changes in traffic conditions signaling likely traffic incidents
3 Traffic flow patterns are monitored to identify congestion, update traffic situational awareness picture and alert operator
Cisco Confidential 40© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 41© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart+Connected City Safety & Security: How It Works
City Network
ReportsData CenterData AnalyticsAnomaly Detection
POWER
STREETCABINET
Ruggedized Switch
Solution Components Video camera, license
plate reader, face recognition camera Network Data center Data analytics and visualization software
Situational Awareness
Incident Detection
Data Flow1 Different sensors monitor live
city conditions1
2
Collected data is sent over the secure network to the data center
2
3
Analytics detect potential incidents and validation methods are applied to reduce false alarms
3
4
Situational awareness picture is updated and disseminated, validated incidents are reported to operator and security pattern reports are generated
4
Cisco Confidential 42© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 43© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Outdoor Lighting Segment
Smart+Connected City Lighting: How it works
Supply and Control Cabinet
Power
Central Management SystemCloud/On-Premise, depending on city requirements
City Infrastructure Management Data LayerCity Infrastructure Management Data Layer
Smart+Connected City Wi-Fi
Cisco Confidential 44© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 45© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Providing unified management for city infrastructure
Cisco Smart+Connected City Operations Center
Provide an integrated, single pane of glass to view multiple data sources for unified management of the city infrastructure, e.g., the complete picture
Improve collaboration for individual and multiple departments
Enhance video wall management with flexible view and layout creation for greater efficiency and operator productivity
Reduce total cost of ownership by optimizing bandwidth required for video
Enabling cities to manage traffic, utilities, safety and environmental conditions from a single command and control center
City Infrastructure
Managem
ent Solutions
» Smart+Connected City Operations Center
» Smart+Connected City Lightning
» Smart+Connected City Safety & Security
» Smart+Connected City Traffic
» Smart+Connected City Parking
» Public WiFi
Smart+Connected City Network & WiFi
Cisco Confidential 47© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Säker anslutning
Apple utrustning i skolor
Smart ansluten kommun
Vår trendspaning:
http://thenetwork.cisco.comhttp://internetofeverything.cisco.com/https://www.cisco.com/web/strategy/smart_connected_communities/city-wifi.htmlhttps://www.youtube.com/watch?v=Cm7V3uOCkLo#t=21
Thank you.