The Cisco® Virtual Office solution provides secure, rich network services to workers at locations outside of the traditional corporate office, including teleworkers, full- and part-time home-office workers, mobile contractors, and executives. By providing extensible network services that include data, voice, video, and applications, the Cisco Virtual Office effectively creates a comprehensive office environment for employees regardless of their location.
The concept of teleworking has existed for a long time. Traditionally, one of the main concerns associated with widespread adoption has been workforce productivity. Specifically, how can employees stay connected and productive in a remote environment? Will they have access to the tools and resources that they need to do their job? And how can they effectively build trust with their employer that they can succeed in that environment?
When you compare the social aspect of being in the office (face-to-face communications) with the convenience, flexibility, and time and cost savings of commuting, the equation becomes more difficult to quantify. As technology has matured, the network has helped eliminate many of these concerns. Today, we can use the network to best advantage for rich business communication and collaboration applications. By properly securing, maintaining, and managing this environment, employees can truly be productive anywhere outside of the traditional office.
The Cisco Virtual Office solution is a comprehensive set of products, technology, and services that provides secure, rich, and manageable network services to teleworkers and employees at remote locations (Figure 1).
Figure 1. Components of Cisco Virtual Office
• A remote-site presence: This equipment, which resides on the end user's premises, includes a Cisco 800 Series Integrated Services Router and a and a 7900 Series Cisco Unified IP Phone..
• A headend presence: This portion of the solution is responsible for remote-site aggregation; it includes a VPN router to aggregate and terminate the secure, encrypted tunnels from each remote-site location. This infrastructure also supports other VPN technologies such as Secure Sockets Layer (SSL) and Layer 2 Tunneling Protocol (L2TP) over IP Security (IPsec) VPNs, effectively serving as a single point of convergence for multiple secure access technologies. The headend also includes centralized management software for policy, configuration, identity, and IOS image management controls.
• Deployment and ongoing services: Service offerings from Cisco and approved partners support successful headend solution component deployment and integration, provide consultative guidance for automating the deployment and management of remote sites, and deliver ongoing operational support and optimization.
The Cisco Virtual Office Express solution comprises a remote-site presence in the form of an 870, 880 or an 1800 series device. This empowers you in your home or remote office by providing full IP phone, wireless, data, video, and even TelePresence services. You can enjoy the experience of a single telephone extension and one wireless network that work in both your office and your remote office. It enforces security with encryption through VPN, and features like 802.1x, authentication-proxy and support for digital certificates through Public Key infrastructure (PKI). In addition, for your home office, you can deploy the Cisco Virtual Office solution with secure "split tunneling," allowing spouses or other family members to access the Internet through a different, dedicated network segment.
From an IT perspective, the Cisco Virtual Office solution provides a headend architecture for simplified management and operations. This architecture drastically improves the IT scalability, offers more robust and flexible security, and reduces the cost while improving the manageability of remote sites. This headend architecture includes a VPN aggregation point in the form of a Cisco VPN Router (typically a Cisco 2800 or a 3800 Series Router, a 7206 or an ASR 1000 series router). This component also provides VPN convergence, terminating different VPN endpoints, devices, and technologies on a single device.
The management capabilities at the head end are accomplished through a zero-touch deployment model. With this technology, configurations of remote-site equipment are kept up-to-date and in compliance with corporate policies automatically. There is no need to preconfigure the remote-site routers. When deployed, the router is programmed to automatically "call home" to the management servers at the headend to check for any relevant updates in configuration or software. These updates are then "pushed" to the devices without any need for human intervention on the remote site, enabling organizations to properly secure their remote worker environment while effectively delivering the applications and services necessary to keep the user base productive.
Two Deployment Options
These capabilities can be achieved through two deployment methods at the headend. The first option for Cisco Virtual Office management infrastructure includes Cisco Security Manager, Cisco Secure Access Control Server (ACS), and the Cisco Configuration Engine. Together, these features incorporate the ability to define networkwide policy, use identity for authorization, and actively update configurations at remote sites through a zero-touch deployment model. This option is ideal for enterprise organizations looking to support a larger number of teleworking employees with well-defined security policy requirements.
The second option is called Cisco Virtual Office Express, and refers to a simplified architecture to take care of the initial installation steps. This is very beneficial for small and mid size deployment when there is no need for a comprehensive set of management tools. By leveraging the Cisco Enhanced EasyVPN, we are able to ease the management and operations from an IT perspective. Every CPE device can, in essence, have the same configuration, where only the CPE hostname is unique. In this case we can have one single template to generate configuration for all remote sites. The "Zero-Touch Deployment' model enables the set-up and ongoing management of the new teleworker or remote site with minor, or literally no involvement from the IT staff and little effort by the end user. Relevant updates in configuration or software are "pushed" to the devices by the Cisco Configuration Engine whenever the device is online.
Typical setup times are one hour for the IT administrator (a onetime effort) and less than 3 minutes by the end-user. In addition to the VPN servers, there is also the option of adding a Cisco Secure Access Control Server (ACS) which extends network access security by combining traditional authentication, authorization, and accounting (AAA) with policy control, thus enforcing a uniform network access security policy for network administrators and other network users. When the IT department has an existing AAA, there is no need to add the Cisco ACS.
Capability and/or Feature
Cisco Virtual Office Express
Security (FW/VPN/Threat Defense/Identity)
Zero Touch Configuration
Optimized support for delay sensitive traffic like voice, video
Securing Multicast Traffic
Branch to Branch Direct Connectivity
Single Head-End Device
CSM based provisioning, ACS, SDP/PKI Server, CE
Scale (Number of Sites)
Teleworker User Profile
Finally, the Cisco Virtual Office solution provides a full set of services from Cisco and approved partners. Examples include the Cisco Virtual Office Planning, Design, and Implementation Service; the Cisco Remote Management Service; and the Cisco Security Optimization Service. Together, these services provide holistic support for the
deployment, integration, management, and optimization of the Cisco Virtual Office solution.
The Cisco Virtual Office solution addresses many of the critical requirements associated with remote working for both end users and organizations. In doing so, it also provides important benefits for three distinct organizational groups:
• For end users, Cisco Virtual Office enables schedule flexibility and better work-life balance by providing the ability to work more effectively at home. With the rising price of gas, it is also a way to control costs by saving time and money on commuting while reducing the emissions effect on the environment.
• For IT groups, Cisco Virtual Office simplifies the process of extending real-time, high-performance network services such as voice, video, applications, and data to remote locations. A resulting benefit is scaled effectiveness of the IT staff and reduced costs. For example, Cisco IT effectively supports more than 15,000 Cisco Virtual Office deployments with just a handful of resources. This support is particularly important because users at these locations have heightened expectations for the delivery of virtual-office services, and these locations typically do not have any IT staff for onsite support. For an even simpler deployment model, CVO Express comprises a single integrated device which results in initial cost savings as well as investment protection in the form of the scalability and modularity of the routers as business needs expand. With only one management solution to learn, training needs are minimized and ongoing operations are simplified.
Another factor is that services are delivered without any compromise to the overall security policy. Traffic is protected through VPN technologies, and authorization to access corporate resources is managed through strict identity controls.
• For businesses and organizations, Cisco Virtual Office improves productivity for the remote workforce while saving costs associated with energy, facilities, and real estate. The solution also facilitates better business resiliency, enabling the workforce to stay secure and connected while not at the office.
Ultimately, Cisco Virtual Office is a complete solution that improves profitability for the business, and does so in a secure and manageable environment.
A Differentiated Solution
Teleworkers and technology that enables teleworking has existed for many years, but the solutions in the past have typically lacked a critical component, creating a barrier to adoption. Perhaps the solution is not robust enough to handle communication and collaboration applications. Perhaps it lacks the proper security controls to comply with corporate standards. Or perhaps it does not use unified communications or wireless technologies, making it less convenient. Cisco Virtual Office delivers a truly comprehensive solution that addresses each of these concerns, providing mutual benefits to the end user, the IT department-and ultimately-the business.