Cisco Blogs


Cisco Blog > Data Center and Cloud

Securing Access to the Network and Beyond

Often when I think about what mobile means, I picture sales people out in the field, inspectors on bridges, repair men high atop utility poles. But in reality, we are all mobile a lot closer to home. I’m mobile when I check email from my backyard. I’m even mobile when I’m in the office, accessing the network from my device from a meeting room or even from my desk. Mobile truly means working from anywhere.

As employees have become increasingly mobile, their needs have changed both while they are in the office and when they are remote. And network access control has had to mature to meet user needs. SAP has been a long time partner of Cisco when it comes to managing mobile devices and networks.

Cisco easily solves the problem of determining who is allowed onto a corporate network and, once there, what they can access. Getting the correct network rights and having the ability to change attributes over time is an important area for any network administrator to control. It is a natural extension to add Mobile Device Management (MDM) to the mix for full control over mobile deployments. That’s why SAP Afaria and Cisco ISE make a fantastic pair.

Companies who have both Afaria and Cisco Identity Services Engine (ISE) can configure ISE to only allow network access to devices that are managed by Afaria and are compliant. ISE can then route non-compliant devices to the Afaria Self Service Portal where users can enroll their device and get access to the corporate network. For an administrator, the combination of Afaria and Cisco ISE provides a single view into the compliance status of network identity across all regions with detailed visibility into all kinds of devices management information. The ability to add contextual awareness to your access control is interesting to ponder. For example, perhaps an employee is OK to access the company network when in the United States, but not when traveling abroad. You can have the added contact to allow or disallow access with very specific requirements. Administrators love the ability to gain immediate insight into non-compliant devices trying to connect to the network – and shut them down!

SAP’s expertise in mobile device management is only one aspect of a comprehensive system. The company’s expertise in real time data management and analytics also come in to play. Imagine the capabilities you would have with real time analysis of compliance across all of your global networks and devices. You’d have the ability to capture high volume of data from all sources and translate that into valuable reporting and dashboard capabilities via a great user experience. For example, you could gain insight into overall device adoption rates, network usage, BYOD compliance, track devices attempting to connect without the proper enrollment, etc. One example that is particularly interesting is tracking data roaming – being able to know at any point in time what devices are roaming without a data plan.

Tags: , , , ,

Cisco ISE and SAP Afaria: Be productive on and off the Network

Reduce the barriers to mobile productivity while making sure the corporate network is secure. Impossible? Seems like it. But that’s what the business continues to demand.

SAP Afaria support for Cisco Identity Services Engine (ISE) is a key component of policies based on conditionality that attempts to negotiate the gap between employees who want to use their own mobile devices and good security practice. Employees want to and should control their personal devices. But they also want to use those devices for email and to access services on the corporate network. So while it is true that the employee can install any software on their device, they should know that only compliant devices can get email and access to the corporate Wi-Fi network. In some circles, this is known as “carrot” (do not install apps that put corporate information at risk) and “stick” (if you do, email is blocked on that device and no access to the Wi-Fi). The value to IT is that the enterprise network has an additional level of security -- only mobile devices that are under management and deemed compliant are granted access, period.

In addition, now that you have ISE and SAP Afaria working together, you can answer questions like what percent of Afaria managed devices connect to the Wi-Fi network on an average day? And how does that vary between Boston, Brussels and Bangalore?
IT Managers and Administrators are looking for a single, holistic view into the compliance status of network identity across all regions with detailed visibility into all kinds of devices management information. They are looking for immediate insights into non-compliance devices trying to connect to network with drill down capabilities for root cause analysis of each kind of non-compliance devices.

SAP HANA running on Cisco UCS solves this by giving enterprises the ability to capture high volumes of data from all required external/internal sources – Afaria, ISE, HR systems, Microsoft System Center, etc. HANA brings together the ecosystem of technologies that provide different business controls, including app management, mobile identity and access management and mobile analytics. Customers can then generate real time analysis of Compliance trend/Posture Compliance across regions and types of devices with rich reporting & dashboard capabilities with great user experience.

To learn more go to www.cisco.com/go/sap

Tags: , , ,