the network. intuitive. - im …im-cloudandsecuritysummit.com/wp-content/uploads/2017/08/1450... ·...
TRANSCRIPT
Rajinder Singh
Product Sales Specialist - ASEAN
August 2017
THE NETWORK.
INTUITIVE. Powered by intent,
informed by context.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Intent-based Network Infrastructure
DNA Center
Analytics Policy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive. Constantly learning, adapting and protecting.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Built on Cisco DNA Built on Cisco DNA
New
Announcement
s
See and Act on All Threats Encrypted Traffic Analytics (Sept 2017)
Reduce OpEx with Simplified Management
Cisco DNA Center (Jul 2017)
Predict Issues Before They Happen
Assurance with Network Data Platform (Nov 2017)
Infrastructure Agility
Catalyst 9000 Portfolio with Programmable ASICs
9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)
Networking at the Speed of Software
Software-Defined Access (For existing and next-gen infrastructure)
(Aug 2017)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Aligned to Digital Network Architecture (DNA)
DNA Center Built-in expertise to manage and deploy end-to-end
network services from a single pane of glass
Software Defined Access Dynamically adapt to changing needs with policy-based
management of the network fabric
Assurance Network and machine learning for consistent worker and
customer experiences
DNA Software: Cisco ONE Software perpetual and new subscription licensing
DNA Software Capabilities
Cloud Service Management
Infrastructure
Automation Analytics
Identity Services
Engine APIC-EM
Network Analytics
Platform
Enterprise
Network
Compute
System
ISR 4000
ASR 1000
Catalyst
9300/9400
WLAN Controller
5520/8540
Aironet
1800/2800/3800
DNA-Ready Physical and Virtual Infrastructure
Catalyst 9000 Series Switches First infrastructure devices purposely designed for DNA
Encrypted Traffic Analytics Uncover hidden threats with new visibility into encrypted traffic
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Technology transformations driving the market
• Public Software as a
Service (SaaS)
• Grant proper access
• Protect network data
• Bring your own device
• Devices in the workspace
Security Mobility Cloud applications
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Technology transformations driving the market
• Multicloud
• Hybrid
• Bring your own app
• Networking and security
• Advanced threats
• Auto-detect
non-user devices
• Devices everywhere
Cyber security IoT Cloud infrastructure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Traditional networks cannot keep up
Common user policy for the branch, campus, WAN, and cloud
Inconsistent user experience
Complex to configure
Difficult to segment
More users and endpoints
More VLANs and subnets Multiple steps to give
users credentials
Difficult to maintain policy
Separate user policies
for wired and wireless networks
Unable to find users
when troubleshooting
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Software-Defined Access Industry’s first policy-based automation from the edge to the cloud
Common user policy for the branch, campus, WAN, and cloud
Intelligent network fabric
Simple, automated workflows
End-to-End Segmentation
Secure users, devices,
and applications with
identity-based policy,
regardless of location
Design, provision,
and manage your wired
and wireless networks
Enable a consistent user
experience anywhere
with insights and analytics into
user and application behavior
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Software-Defined Access Open and programmable
• Build and develop with open APIs from Cisco that allow you to
extend and operate your enterprise at scale
DevNet Cisco developer program
• Easily develop apps for integration, automation,
and device-level programming with an open
and programmable network operating system
Cisco IOS® XE
• Accelerate digital transformation with technology
solutions tailored to your business needs
Third Party Application Hosting
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cisco Digital Network Architecture Enterprise portfolio
Cisco DNA Center
Cisco DNA™ Center:
Simple workflows
Design Provision
Policy Assurance
Software-Defined Access
APIC-EM Network data platform Identity Services Engine
Wireless access points
Wireless LAN controllers
Switches Routers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Simplifying how you manage the network
Cisco DNA™ Center: Design, provision,
automate policy, and assure services from one place
• Logical workflow to
design, provision,
set policy
• Respond to
changes faster
• Monitor end-to-end
network performance
• Predict and act on
problems before
they happen
• Pinpoint problems faster
• Reduce downtime with an
end-to-end view instead of
hop by hop
• Manage hardware and
software lifecycles
• Keep up to date, meet
compliance requirements,
and plan for refresh
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
• Complex segmentation
of IoT and user traffic
• Chase down IP
addresses for
troubleshooting
• Expensive high-voltage
deployments
Adopt Internet of Things (IoT) at scale End-to-end segmentation
Automatic provisioning and policy Automatic security and segmentation
Purpose-built switches for digital building
• Intuitive identity-based
segmentation with
device profiling
• Built-in visibility and
granular policy control
• Optimized for
low-voltage
building deployments
Before SD-Access After SD-Access
Connected
lighting
IP
surveillance
Users and
devices
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Before SD-Access After SD-Access
Users
Devices
Apps
Drag policy
to apply
Group 1 Group 2
Employee Virtual Network
Group 3 Group 4
IoT Virtual Network
Group 5 Group 6
Guest Virtual Network
• VLAN and IP
address based
• Create IP-based
Access Control Lists
(ACLs) for
access policy
• Deal with policy
violations and
errors manually
• No IP address
dependency for
segmentation
• Define one
consistent policy
• Policy follows user
from edge to cloud
Faster onboarding of users and devices Policy automation
Group-based policy Policy from edge
to cloud Completely automated
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Before SD-Access After SD-Access
Roam
is layer 2
Seamless
roam
Policy stays
with user
Seamless wired and wireless access A single network fabric
• Repeated policy work
for wired and wireless
• Roaming issues across
Layer 3 domains
• Chase down
IP addresses for
troubleshooting
• Consistent
management across
wired and wireless
• Optimal traffic flows
with seamless roaming
• Seamless roaming
in fabric and
nonfabric domains
Campuswide roaming Wired and wireless
consistency Simplified provisioning
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
SD-Access support A single fabric for your digital-ready network
Wireless Routing Switching
Cisco Catalyst®
9400 Series
Cisco Catalyst
9300 Series
Cisco Catalyst 9500 Series
Cisco Catalyst
4500E Series
Cisco Catalyst
6000 Series
Cisco Nexus®
7700 Series
ASR 1000-X
ASR 1000-HX
4430 ISR
4450 ISR
Wave 1 APs
(1700, 2700,
3700 Series)
Wave 2 APs
(1800, 2800,
3800 Series)
3504 Wireless Controller
8540 Wireless Controller
5520 Wireless Controller
Cisco Catalyst 3850
and 3650 Series CSR 1000V
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cloud ready IoT ready
Future-ready with Cisco Unified Access™
Data Plane (UADP) 2.0 and open and
programmable Cisco IOS® XE
The new Catalyst 9000 Family – Built for SD-Access
• Find and contain
threats fast with
real-time monitoring
• Detect threats in
encrypted traffic
• Simplify BYOD onboarding
• Manage and secure
wired and wireless from
one device
• Instantly onboard
IoT devices
• Automatically
segment IoT traffic for
better security
• Build applications
through programmability
• Improve application
performance – user
to cloud
Integrated security Mobility ready
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Capabili
ties
Catalyst Switching Portfolio Positioning
Voice Data
The Network.
Intuitive. Security IOT Mobility
Access Switching FIXED SWITCH
9300
Up to 480G Stacking
MODULAR SWITCH
9400
9Tbps System b/w
Performance: mGig, 1/10G uplink, 40G uplinks
PoE Leadership: UPOE, Fast/Perpetual PoE
High Availability: NSF/SSO, ISSU (C9400), Patching
Security: ETTA, MacSec 256, IPSec, Trustworthy Systems
IoT Convergence: Perpetual PoE, IEEE 1588/AVB, SD Bonjour
Cloud: Netconf/Yang models, Streaming Telemetry, App Hosting
ACCESS SWITCHING
Fixed PS & FAN
2960-X
FRU PS & FAN
2960-XR
On-device Management, PnP, APIC EM, Prime Infra
• Stacking
• Routed Access
• DNS-AS,
• NaaS, Full Netflow
1/10/40G interfaces with Comprehensive Features at Scale
High Availability: NSF/SSO, VSS
XL-SCALE / MODULAR
6800
Backbone Switching Video
TRADITIONAL
NETWORKING
Scale
FIXED SWITCH
9500
Mobility: eWLC
Software Defined Access (SD-Access)
ACCESS SWITCHING
FIXED SWITCH
3650
Up to 160G Stacking
mGig, 1/10G
10G uplinks
NSF/SSO
Resiliency
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Challenge Large global network deployment, challenges to
manage network infrastructure with the many complex
requirements of a modern business:
• $4.7M cost of policy changes
• Up to 18 months per software upgrade cycle
• Over $5M to reduce risk and meet compliance requirements
• $2.4M to manually deploy network
Business Outcomes • 67% reduction in cost of carrying out tasks such as network
upgrade, inventory management, provisioning, and policy
• 48% cost savings by reducing the impact of security breaches
and maintaining compliance
• Issue resolution cost reduced by 80% with a simplified
dashboard, integration with other Cisco® tools, and automation
of monitoring and troubleshooting – providing visibility across
the network
Customer Study
Petroleum customer SD-Access delivers real business outcomes
14% $8.4M $7.6M
$14M
$5.4M
Current With Cisco SD-Access
CapEx OpEx
14%
61%
80%*
Improve issue
resolution cost
48%*
Reduce cost of
security breach
67%*
Reduce network
provisioning cost Reduce network
provisioning cost
* Source: Internal total cost of ownership (TCO) analysis with large enterprise customer
** CapEx reduction based on converging IoT networks
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Why Software-Defined Access?
Network access in minutes for any user or device to any application without compromise
Industry’s first policy- based automation from
edge to cloud
Foundation for
Cisco DNA™
Broad
platform support
Give time back to IT