In my previous Blogs I have talked about Megatrends including BYOD, the Next-Generation Workspace, Video and the Internet of Things. One unfortunate reality all of these trends have in common is that they are going to put additional stress on your current Network and Security Infrastructure and Operational Process.

TrustSec uniquely offers the welcome opportunity to improve and extend Security Policy Control and the same time make it easier to Operate and Maintain. This post concludes the mini-series on TrustSec. Previous Blogs have looked at TrustSec in the DC and applied to VDI.  Here I have asked Dave Berry Cisco TSA to take a step back and look at the bigger picture from Network Access to the DC. Read More »

Tags: Cisco, Megatrends, network access, policy control, routers, SGT, TrustSec, vpn

In this blog, let us take a look at how Catalyst access switches enable and enforce context aware access to IT resources.

Many types of devices, including laptops, smartphones, and tablets, are used by end users to connect to the network wired, wirelessly, and remotely through VPN. With bring your own device (BYOD) access, the devices can be personal or corporate owned. Every enterprise has policies that dictate who can access what applications and databases, when and how. Traditionally, IT manages the policy either by introducing appliances at points in the campus where users connect or by manually configuring all the access switches. Appliances incur additional capital and operational expenses, whereas manual configuration of the switches requires maintenance of every switch. Moreover, the network can carry traffic using Ethernet, IPv4, IPv6, or other technologies, so the configuration must keep up with changes in technology, which leads to higher operational complexity and costs.

Read More »

Tags: 3560-X, 3750-X, 4500E, Cat 6500, catalyst, context-aware, secure access, Security Group tags, SGT

We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year.  As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.

Check out: Fundamentals of High End Firewalls, Fundamentals of Intrusion Prevention and (TechWiseTV 115) Firewall Reinvention with the ASA-CX

Tags: ASA, ASA 1000V, cloud, firewall, IPS, security, SGT, TrustSec, virtual

This post is the first in a new series we’ll be featuring called Your Questions: Answered. In this series, we track down the answers to partners’ toughest technical questions. You can submit your questions here, post on the Cisco Channels Facebook page, or drop us a note on Twitter.

When Cisco recently introduced the Identity Services Engine (ISE), you likely started fielding questions, with many customers concerned about whether Cisco Network Admission Control (NAC) and Cisco Access Control System (ACS) will cease to be supported or become end-of-life. (Kind of like how I felt when the iPhone 4 came out and I was stuck with the iPhone 3G).

To help you address customer questions, I went out looking for answers on what’s up with ISE, NAC, and ACS. First up, a little about ISE: It has similar functionality to NAC and ACS, combining the functionality of those two existing products onto a new platform. Your customers can gather information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network, create and enforce consistent policy from the head office to the branch office, and combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management with this single product. And that’s just the beginning--I’ll share details on how to find out more about ISE later in this blog.

Back to the issue at hand — I chatted with Brian Sak, Cisco’s Consulting Systems Engineer and expert on Borderless Networks Security products. He filled me in on the most frequently asked questions that he’s been getting from partners around ISE.

Are NAC and ACS being replaced by ISE?
No, both NAC and ACS have ongoing roadmaps, developments, and new releases planned. If ISE does not meet your customer’s current needs, your customers can still use NAC or ACS. Cisco will not stop innovations on NAC and ACS anytime in the near future.

Should I encourage my NAC and ACS customers to migrate to ISE now?
The answer varies based on your customers and their requirements. Check out this handy chart in the Partner Community Discussion Forum (log in required) to help you determine if ISE is the right fit, right now for your customers.

Read More »

Tags: Access Control System, ACS, Cisco, FAQ, Guest Server, Identity Services Engine, ISE, NAC, Network Admission Control, partners, Posture, Profiler, SGT