How Cisco IT Delivers Teleworker Services
What does it actually take to enable the 89 percent of Cisco employees who do at least some of their work remotely? For Cisco IT, this challenge means supporting products and services on both sides of the connection: in the teleworker’s home (and on their mobile devices) and in the Cisco corporate network.
Cisco Teleworkers Solutions in Employee Homes
We currently support three solutions to meet the teleworking needs of our mobile and remote employees:
- Cisco AnyConnect Secure Mobility Client: Installed on the employee’s laptop or mobile device, this software client provides a secure VPN connection to the Cisco network. It is available to any Cisco employee and we currently support 30,000 users.
- Cisco OfficeExtend: This solution includes a wireless access point that secures connectivity for the employee’s laptop and Cisco Unified IP Phone 9971 over a home network while reducing congestion, wireless interference, and security risks from other devices. We use this solution primarily for contact center agents, contractors, and employees who don’t require the HD-quality video of Cisco TelePresence for their work.
- Cisco Virtual Office: This solution uses a Cisco 881 Integrated Services Router in the home to connect an employee’s laptop and Cisco Unified IP Phone 9971 to the Cisco network over an encrypted VPN. It also delivers HD video for the Cisco Jabber Video for TelePresence client or a separate Cisco EX 90 personal video endpoint. Cisco Virtual Office is used by employees who telework extensively and we currently support over 26,000 users.
The diagram below shows how these solutions connect to the Cisco network via the employee’s residential broadband Internet access service.
Cisco Network Infrastructure for Telework Service Delivery
On the Cisco network, telework access is aggregated from the VPN connections at 14 headend Internet Points of Presence (IPOPs) around the world. Within the headend, traffic from Cisco AnyConnect software VPN clients is aggregated by Cisco ASA 5585 Adaptive Service Appliances while Cisco Virtual Office hardware VPN traffic is aggregated by Cisco 1004 Aggregation Services Routers. These aggregation devices are often configured on a separate subnet within the headend. It’s not that important to the architecture to have separate subnets, we just like to keep the headends on different subnets for purposes of capturing/reporting traffic statistics. Keeping them on different subnets makes it easier for us to differentiate between hardware (CVO) and software (AnyConnect) VPN connections.
Additionally, some headends have two VPN tunnels configured as primary and failover for Cisco Virtual Office data connectivity. All headends also have a separate VPN tunnel for managing the Cisco 881 routers and automatically downloading their software updates.
The diagram below shows our standard headend configuration for supporting all of our deployed teleworker solutions.
One advantage of the Cisco 881 router is that it includes HD video QoS, making optimal use of the typical 6 Mbps upstream/downstream Internet connection in our employee’s homes. With QoS in the router, we do not need to make any special configuration changes or settings in the Cisco network to support HD video delivery to teleworkers, even on the Cisco TelePresence endpoints.
To minimize support cases, the Cisco Virtual Office solution is designed for zero-touch deployment and automatic updates, which make installation and maintenance much simpler for employees. Fewer support cases also reduce the ongoing service cost for Cisco and have allowed us to maintain monthly internal budget charges for users at the same level since 2008Since the introduction of our zero-touch design, we have seen about 25% reduction in our CVO cases.
I enjoy managing this service because I believe it is valuable for both employees and for Cisco. And with nearly all Cisco employees using one or more of these telework solutions, it’s clear our users see the value as well.