Cisco Blogs


Cisco Blog > Perspectives

#CiscoChampion Radio S2|Ep 23. Cisco Hosted Identity Services

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about Cisco Hosted Identity Services with Cisco Lead Architect Eric Eddy.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Eric Eddy, Lead Architect for Cisco Hosted Identity Services

Cisco Champion Guest Host
Josh Warcop, @Warcop, Senior Consultant

Moderator
Brian Remmel (@bremmel) Read More »

Tags: , , , ,

“Security Everywhere” – Enterprise Branch Security for Direct Internet Access and IWAN

Two weeks ago, a leading global medical device manufacturer came to Cisco for advice. In an effort to streamline IT operations and reduce operating costs, the customer had recently migrated from their internal Microsoft Exchange 2010 environment to Office365, Microsoft’s hosted online service.

The migration was initially done for the headquarter users and the feedback was more positive than they expected. However, when they migrated their branch and remote office users, the WAN bandwidth usage almost immediately spiked and user experience suffered as a result.

This customer is certainly not the only company looking to embrace Cloud applications for greater agility, reduced costs and complexity, and increased productivity. Or has had to deal with BYOD issues and the increasing impact of video has on their bandwidth. However, what our customer and those other companies have found is that the current method of backhauling the traffic to the data center is no longer a viable way to handle the increased consumption when faced with a flat or even a declining IT budget. Therefore, many of today’s distributed enterprises are looking to use direct Internet access pathways in an effort to improve the user experience while reducing IT costs.

However, enabling direct Internet access (DIA) at branch offices also forfeits the inherent threat protection that traffic routed through the data center provides. The enterprise-level risks that branch offices face with BYOD issues, compliance requirements, and advanced persistent threats require enterprise-level security. According to Gartner’s “Bring Branch Office Network Security Up to the Enterprise Standard”, “By 2016, 30% of advanced targeted threats — up from less than 5% today — will specifically target branch offices as an entry point.”

Cisco FirePOWER Threat Defense for ISR addresses these issues by extending their industry-leading FirePOWER threat protection beyond its traditional network edge and data center deployments out to individual Cisco ISR routers. Read More »

Tags: , , , , , , ,

Enhancing HDX: Improved Mitigation of Wi-Fi Interference through Wi-Fi-Triggered Event-Driven Radio Resource Management (ED-RRM)

Cisco Systems is announcing a new set of features that enhance its HDX (High Density Experience) suite. This blog is the fourth in a series that explains the new features that comprise the enhancements to HDX.

The first three blogs in the Enhancing HDX series are here and here and here.

The rapid and massive adoption of Wi-Fi into handheld devices has created new challenges for managing a wireless network.

As a consequence, the traditional view of a rogue Access Point has to change. The advent of mobile APs and Wi-Fi Direct (client to client networking without requiring infrastructure) means that rogue devices don’t need to be “connected” to the infrastructure in order to create a potential for nuisance.

Effectively these capabilities mean that “Bring Your Own Device” (BYOD) may also mean “Bring Your Own AP” or “Bring Your Own Network” and therefore “Bring Your Own Interferer”. Thus the threat from a rogue becomes less about security and more about consuming excessive air time (a so-called “spectrum hog”) thus degrading performance in the WLAN. This can be especially troublesome in high density pubic venues but can also be problematic in enterprises.

So in addition to Cisco CleanAir (which mitigates and reports on non Wi-Fi interference) and RRM (which primarily prevents self induced neighboring AP interference via DCA and TPC for the entire WLAN) Cisco is effectively merging aspects of both of these solutions in order to provide improved mitigation of Wi-Fi that is not affiliated with the production WLAN.

Enhancing HDX 1

Accounting for rogue Wi-Fi interference is accomplished by configuring a trigger threshold for ED-RRM. This is effectively a severity indicator so that the affected access point that has ED-RRM is additionally triggered by Wi-Fi interference.

Enhancing HDX2

Since rogue severity is now added to the ED-RRM metrics, this provides the capability of a faster channel change than the typical DCA cycle. In other words, if a rogue is interfering with airspace, then instead of waiting until the next DCA cycle to elapse, change the channel as quickly as possible. This is the same behavior as for mitigating non-Wi-Fi interferers with Cisco CleanAir technology.

Since Wi-Fi interference is becoming more prevalent, rogue APs that are serving traffic to clients (e.g., mobile APs) or client devices creating networks in real time means that air quality will be affected. Wi-Fi needs to be prevented from becoming a problem by reacting to the presence of client devices that are legitimately acting as independent, unaffiliated networks.

 

Please feel free to comment, share and connect with us on Facebook, Google+ and @Cisco_Mobility!

Tags: , , , , , , , ,

Government’s Journey to IPv6

Last month, I had the opportunity to attend and present at the 2015 North American IPv6 Summit. Several hundred IPv6 experts and networking professionals attended from across the country to discuss the IPv6 adoption, hear about the latest IPv6 research and learn what others are doing to prepare for the transition to IPv6.

To refresh, IPv6 is the next-generation Internet Protocol (IP), the communications protocol that provides identification for computers on networks and allows computers to talk to each other. The existing Internet Protocol, IPv4, has a finite number of IP addresses, limiting the number of devices that can be given a new address. In fact, the free pool held by the Internet Assigned Numbers Authority (IANA) was depleted in 2011 and the American Registry of Internet Numbers (ARIN) has less than 3.5 million IP addresses left, a supply so small it could be completely exhausted by June of this year. IPv6’s large number of new IP addresses make it a foundational building block for the future of the Internet, especially as increasingly more devices become connected as part of the Internet of Things (IoT).

U.S. Government Should Lead

It’s not just that government agencies should be migrating to IPv6 themselves, it’s that they should be leading that charge given our history. Public Internet was born through the U.S. government, and as Internet leaders, we need to continue to be at the forefront of the Internet’s evolution. Currently, Belgium is leading the world in IPv6 capability with 49 percent adoption. By comparison, the United States is at 35 percent.

The U.S. government has issued several mandates and deadlines to facilitate the IPv6 migration among agencies. The most recent one in 2014 called for all government agencies provide IPv6 connectivity to their user community. However, despite the mandate deadlines, many government agencies are struggling to make the switch. Out of over 1,200 federal agency websites, less than 500 are IPv6 enabled. It’s time for the U.S. government to start leading this necessary transition.

Why Migrate Today?

Beyond simply providing more IP addresses, there are business benefits to transitioning for both private and public sector organizations. IPv6 will enable organizations to take advantage of numerous opportunities presented by IoT and the Internet of Everything (IoE) – the networked connection of people, devices, data and processes. For instance, future Bring Your Own Device (BYOD) policies need to be IPv6 enabled as new devices will automatically be IPv6 connected. Further, IPv6 will allow agencies to achieve value from future connections to help optimize business functions, support mobile workforces, improve security and enhance citizen services.

There will be an estimated 50 billion connected devices by 2020, which means migration is not an option – it’s a necessity given how few IPv4 addresses remain. If your organization is not IPv6 enabled, you won’t be able to connect natively with these new devices. In order improve network operations and processes in the future, private and public sector organizations will need to transition to IPv6.

So, why are some organizations and agencies putting off migrating? Simple – because change is scary. Organizations have been managing the legacy protocol for over 30 years, and there is uncertainty that comes with transitioning to something different. Also, many don’t fully understand the big picture benefits. By getting hung up on potential deployment challenges, IT managers and network engineers overlook the fact that their organizations won’t be able to leverage the power of IoE tomorrow unless they start transitioning to IPv6 today.

Create Your IPv6 Transition Plan

So what can government do to start leading the switch to IPv6? Below are five key steps to migrating to IPv6:

  1. Identify the business value and impact.
  2. Create a project team of IT professionals, technical business owners and an assigned project manager to manage progress and address any outstanding issues.
  3. Engage in assessment of equipment and assets for infrastructure readiness.
  4. Develop architectural solutions.
  5. Test, monitor and deploy IPv6.

As an industry leader in IP technology and pioneer of IPv6 technology since its beginning in 1996, Cisco is well positioned to assist government in this process from beginning to end. We have experts that can help your organization walk through each step above; from evaluating IPv6 readiness to offering deployment services, our IPv6 can expertise has helped organizations save time, money and resources. In addition, we have the widest range of platforms and features for IPv6 compared to any other vendor, which enables us to provide customized solutions sets to meet the needs of customers.

Ultimately, IPv6 is the global plan of record for a sustainable, scalable Internet, and public sector organizations need to migrate to continue improving operations and meet citizens’ needs. Click here to learn more about the IPv6 transition and how Cisco can help.

 

Tags: , , , ,

The shift in Education towards Mobile Learning

Technology is important to children in terms of how they learn and how they live. A challenge for many school districts is the ability to offer a mobile learning by putting digital resources in a student’s hands with constrained funding for education.

mobile learning

Katy Independent School District located in Katy TX needed a wireless infrastructure that would support this vision. With over 62,000 students, Katy ISD needed to move from a wireless network that was built for coverage to a network that is built for density. By providing 802.11ac-based Wi-Fi access points in classrooms and outdoor locations and centralized management, the school district is supporting more than 40,000 concurrent Wi-Fi users and empowering faculty, students and staff. Read More »

Tags: , , , , , , ,