Guest

Cisco AnyConnect Secure Mobility Solution

The Strategic Networkworking Solutions White Paper

  • Viewing Options

  • PDF (220.7 KB)
  • Feedback

In business, it is very tempting to focus on the tactical - the next big deal, the numbers for this quarter, the current competitor’s actions. However, virtually all CEOs know that it is strategic thinking that sets the long-term direction for the company, and that tactics should be in support of a larger strategy. It is the difference between being reactive and proactive.

So it is with networking. Shrinking budgets and staff, and the constant pressure to reduce operational costs, may have some IT leaders setting their sights very low. Approximately 70 percent of IT investment is spent on “keeping the lights on” - providing basic connectivity and security - leaving precious little for strategic projects to enhance the business. While such tactical thinking is understandable, it also contains many pitfalls.

Strategic thinking, especially regarding the network, has real-world implications for business. Traditional print publications are rapidly being supplanted by online news sources. Digital photography has rendered established film techniques largely obsolete. Reasonably priced cellular service is causing landlines and payphones to disappear. In short, innovations in technology are changing markets and business models. Companies that were able to anticipate and adapt to these trends have continued to thrive, albeit with new business models. Others - those who failed to anticipate these trends and took the tactical approach of trying to protect their existing business- have fallen by the wayside.

Investing for the Future: Industry Trends

Given the need for strategic thinking, what are some of the trends in the networking industry that CIOs and IT directors should consider in their strategic network planning?

Anywhere Networking

Work used to be a place. More and more, it is evolving into an activity that can be performed anywhere. Indeed, according to the Cisco® Connected World Report (2010), two-thirds of employees believe they should be able to access both work and personal information using company devices at any time from any location. This has implications beyond simple mobility, because security, application performance, and compliance also play a significant role.

Influx of Consumer Devices

The market for tablets and smart mobile devices continues to grow. According to the Cisco Visual Networking Index, by 2015, there will be nearly one mobile-connected device for every person on earth. There is also an increasing demand for these devices to be used on the corporate network. Because these devices are typically employee-owned, they are not under IT control. This development requires a strategic response. Tactical measures like choosing to block all these devices (or alternatively, provide them unfettered access) will not suffice.

Visual Networking

Video on networks began as an oddity, and then became a source of entertainment. However, video is now entering the mainstream on corporate networks. The Cisco Visual Networking Index forecasts that by 2014, video will constitute 91 percent of global network traffic. Video has implications for everything from customer service to employee collaboration and the availability of “virtual experts” in industries like financial services and healthcare.

Virtual Desktops

There has been significant growth in the hosted virtual desktop market, especially in industries like the financial services. Gartner predicts that there will be 66 million hosted virtual desktop units connected to the network by 2013. Virtual desktops offer many benefits to IT, including reduced power requirements and centralized management. But there may be trade-offs associated with them as well. For example, IP telephony and other collaboration tools may not work as well over a virtual desktop as they do in a non-virtualized environment. Finding the right balance of traditional and virtual desktops requires strategic thinking.

Cloud Computing

Outsourcing of some or all of a company’s applications or infrastructure to a third-party provider is an accelerating trend. It is predicted that enterprise-class cloud technology will be in use in 70 percent of companies by 2012. As with all new operations models, this approach brings both benefits and challenges. Security and lack of control are the main hurdles that are impeding broader acceptance of the cloud-services model.

Cost Avoidance Versus Cost Cutting

The IT budget is not a bottomless well, and cost cutting can only go so far. IT departments have been turning to cost avoidance as an alternative to deeper cost cutting. The difference is that cost avoidance requires some initial strategic capital outlay, which is recovered through reductions in operational costs, productivity, or other savings realized through deploying the technology.

Each of these industry trends offers significant benefits to an enterprise, but also requires strategic thinking about which will have the largest business impact, as well as how and where they will be deployed, and in what timeframe. One other trait that they all share is the need for a systems/architectural approach to their design and implementation. Trying to react to any of these trends in a piecemeal fashion will likely result in higher operational costs, a less compelling user experience and lower customer and employee acceptance.

Industry Trends: Technology Implications

Because a systems/architectural approach is required to address these new industry trends, Cisco is uniquely qualified to provide the technology, solutions, and guidance to complement this strategy. Cisco’s 20-year leadership in the networking industry, combined with the breadth of its end-to-end product portfolio, its best-in-class services, and its holistic view of the network as the enabler of business solutions, makes Cisco the business partner of choice for enterprises that want to take a strategic approach to their network.

Let’s take a look at some systems solutions from Cisco and see how they can help organizations respond to the emerging industry trends just outlined.

Security and Policy

A theme that runs through many of the trends is security concerns about the new ways of working, new devices, and new cloud-based operations models. These are complex problems that can’t be resolved simply by adding more firewalls or other security devices. To provide a strategic solution to prevent next-generation security threats, an end-to-end security and policy architecture is required.

To this end, Cisco offers the Cisco SecureX Architecture. It delivers pervasive visibility and control with full context-awareness to provide security across the network, from headquarters to branch offices, and for in-house employees and remote workers on wired or wireless devices.

An important aspect of SecureX is context-aware policy with distributed enforcement delivered through the Cisco Identity Services Engine (ISE). As the industry’s only networkwide policy engine appliance, ISE creates, distributes, and monitors policies based on a contextual language. Cisco ISE acts as the “single source of truth” for contextually rich identity attributes, including connection status, user and device identity, location, time, and endpoint health. Enforcement may include actions such as blocking access to data or devices or initiating data encryption.

To augment the capabilities of SecureX, Cisco provides a universal access client: Cisco AnyConnect Secure Mobility Client 3.0. As more and more employees use their own mobile devices - whether tablets or iPads or smartphones - to connect to the corporate network, it is clear that IT needs a system to manage and secure this access. While IT may not control the end device, the Cisco AnyConnect client allows IT to provide a common method for network access. Cisco AnyConnect runs on most widely used operating systems and mobile devices, enabling wired or wireless 802.1x and remote SSL or IPsec VPNs. This means that IT only has to support a single common client, thus lowering operational costs. In addition, Cisco AnyConnect provides IEEE 802.1ae (MACsec) for data confidentiality, data integrity, and data origin authentication on wired networks, safeguarding communications between trusted components of the network.

The Cisco AnyConnect Secure Mobility Client solution connects to the Cisco ASA 5500 Series Adaptive Security Appliances in the corporate data center, and offers compatibility and interoperability with other Cisco security solutions. Enterprises have a choice to deploy a premises-based Cisco IronPort® S-Series Web Security Appliance or use the Cisco ScanSafe Cloud Web Security services. Both solutions help keep malware off the corporate networks and help control and secure employees’ web usage. The extensibility of the Cisco AnyConnect Secure Mobility Client supports both cloud and premises-based web security offerings, providing flexibility to ensure a safe and productive Internet environment. Context-aware security policy, including enforcing acceptable use and protection from malware, is available for all users.

The combination of the Cisco SecureX Architecture and the Cisco AnyConnect Secure Mobility Client provide a systematic and strategic response to the security challenges of anywhere networking, new mobile devices, and cloud-based services.

Interactive Multimedia Awareness

Uptake on video and interactive multimedia (“rich media”) is on the rise within enterprises as well. In an April 2011 Morgan Stanley survey, CIOs ranked video as the number one target for increased spending within their organizations.

While end users enjoy the many interactivity benefits of visual communications, IT departments are rightfully cautious about the effect that higher-bandwidth video will have on the network as a whole. The Cisco approach to medianet architecture directly responds to those concerns. Medianet provides a networkwide strategy for deploying, optimizing, monitoring, and troubleshooting video on the network.

Cisco Networking Capabilities for Medianet start at the access layer, when a voice, video, or other rich media device is plugged into the port on a Cisco Catalyst® switch. Using Cisco Auto Smartports technology, the device is automatically identified, and appropriate quality-of-service parameters are applied to the port based upon a template. The Cisco Media Services Interface is an open API which can be deployed on media clients, like Cisco WebEx®, to provide deeper interaction with Cisco switches and routers, allowing the clients to further optimize the media sessions. To further speed deployment and monitoring, Cisco medianet provides both Cisco IP service-level agreement (SLA) video operations, which can simulate video sessions to pretest your network’s capacity for video, as well as Cisco Mediatrace, which provides path and performance monitoring for live video sessions, allowing quick identification of bottlenecks. The Cisco Media Experience Engine provides transcoding and transrating of video to adapt transmission to different types of devices and connections. Again, this is extremely important as new types of devices and new locations and connection-types become more prevalent in the enterprise.

To further speed deployment and troubleshooting, Cisco offers the Medianet Work Center in the Cisco Prime LAN Management Solution, which allows the network operator to select the type of medianet to provision, to automatically prepare the network for deployment, and to help ensure that the appropriate location attributes are configured for tracking and monitoring purposes. This reduces configuration errors and the time required to set up an end-to-end video infrastructure. In addition, Cisco Prime Collaboration Manager provides a dedicated tool for troubleshooting, managing, and helping to ensure video quality-of-experience in point-to-point and multipoint video sessions.

Video and rich media are not a challenge that can be solved through a box-by-box solution. A few video streams may function properly, but as video expands across the network, it may not scale; or it may scale, but the quality of experience suffers; or it may work locally, but not on mobile devices. These are the types of problems that must be solved by a unique, end-to-end architecture, like that provided by Cisco.

Virtual Desktops

The market for virtual desktop interface (VDI) solutions continues to grow. VDI has a firm foothold in the financial services industry and is making advances in healthcare and manufacturing. In fact, VDI makes sense for many industries, because thin client computers consume less energy than traditional desktops and can be centrally managed from the data center, which helps with regulatory compliance.

Cisco has two unique innovations that should further promote the adoption of VDI. The first is the Cisco Virtual Experience Infrastructure, or VXI. VXI solves a common problem in VDI implementations: while virtual desktops are very good at simple tasks, more complex functions like IP telephony or streaming video are either impossible or virtually unusable because of the poor quality of experience. VXI changes that. VXI Rich Media Services monitors the data stream for voice and video, and then separates out these streams so they can be routed directly between source and destination. This more-direct routing improves performance and experience, and also allows these rich media streams to be optimized within the network by Cisco Wide Area Application Services (WAAS).

An additional benefit of deploying thin clients on a Cisco network is the availability of Universal Power over Ethernet (UPOE). UPOE is a prestandard enhancement to PoE, which allows up to 60 watts of power to be supplied over an Ethernet port. This enables UPoE to power thin clients and displays. For IT departments, this reduces cabling and brings power management under centralized control. Because power to the UPoE devices is provided by the network infrastructure, it can be backed up via UPS. This, in turn, provides power redundancy to each client. Further, because of Cisco’s unique EnergyWise technology, power can be reduced during off-hours, reducing energy budgets and supporting corporate green initiatives.

Cloud Services

As organizations move toward cloud-based services as a means of reducing operations costs, the traditional IT challenges of security, performance, and availability are refocused on this new business model. The Cisco architecture for cloud-based service delivery - whether private or public clouds - has solutions for each of these areas. The system is centered on the Cisco Unified Computing System, which brings together the network fabric, computing resources, and virtualization and management software to simplify setup, improve business metrics, and support just-in-time provisioning for service deployment. Services include Cisco Application Control Engine (ACE) for server load balancing to help ensure the availability of servers, and virtual WAN optimization with Cisco virtual WAAS (vWAAS) to enhance performance, especially to remote offices.

The dominant concern about cloud-services deployments - security - is addressed by the Cisco Virtual Secure Gateway (VSG). Cisco VSG can apply security to the virtualized infrastructure, not just to the network. Cisco VSG goes beyond IP addresses, port numbers, and VLANs. The gateway recognizes a virtual machine and can apply security policies to the virtual ports that it uses. What’s more, the gateway follows that virtual machine from one data center to another in the cloud and maintains security policies. Cisco VSG uses an extensible rule engine to interpret virtual machine context and apply rules based on this context.

The Cisco Nexus® 1000V Series Switch associates the physical network with the virtualized servers and services. And herein is proven the value proposition of a strategic, systems-based approach. While it is possible to build a cloud-based service from multiple infrastructure vendors, the integration costs would be high. By using the Cisco Nexus 1000V Series as the component that unifies the servers provided by Unified Computing System with the services required in the cloud, you can simplify the architecture and deploy a pretested and preintegrated system, as opposed to a set of unrelated components.

Cost Avoidance

If 70 percent of the cost of networks is “keeping the lights on,” this defines a lower limit for cost cutting. Instead, a strategic approach is to consider what monetary benefits the network can provide in other parts of the business, as well as reducing the percentage of budget required simply to keep the network running.

Much of what has already been discussed is relevant here. Using rich media on the network can reduce the requirements for face-to-face interaction, thus saving on travel and lodging expenses. Taking advantage of cloud services can reduce both capital and operations expenses. The ability to work anywhere on any device makes for more productive employees. But let’s consider a few more examples.

Cisco EnergyWise is an innovative feature built into Cisco Catalyst switches. Cisco EnergyWise technology allows the intelligence of the network to manage power usage for PoE-enabled devices. Cisco EnergyWise Orchestrator extends this capability to laptops and desktop systems, providing further cost benefits. Adopting this technology converts incremental investment in the network into savings in other parts of the business.

Deployment and integration expenditures are a significant portion of the 70 percent of the network budget that organizations typically spend to maintain the network. The Cisco Smart Business Architecture provides a set of pretested and preintegrated solutions that can be adapted to most networks. Having a well-tested and documented system blueprint helps network IT to avoid acquisition, configuration, and deployment expenses.

Other significant portions of network operations costs are initial configuration and troubleshooting. Cisco Prime LAN Management Solution has a workflow-based approach to Cisco medianet, known as a “work center”. Other work centers include security and identity solutions, Cisco EnergyWise, Cisco Smartports, and Cisco SmartInstall for Zero Touch Deployment on Cisco Catalyst switches. By providing a workflow-based approach to readiness assessment, configuration, monitoring, and reporting, work centers recoup IT maintenance time, which can be reallocated to more strategic tasks like network planning or new solution deployment.

The Bottom Line on the Bottom Line

Consider how central and critical the capabilities that the network provides are to business goals. In all other areas of the company, business leaders look to strategic thinking and innovation to pull the company ahead of their competitors. Why should the network be any different?

The allure of the tactical is always present in any business. A “good-enough-for-now” network may solve some of the problems of today, but does it set up businesses to solve the problems of tomorrow? When the network fails to adapt to the challenges of the future, the business follows the same path. Taking a strategic approach to the network is not just a good idea. It makes business sense.