Seven billion. That’s the number of mobile-connected devices that will be trying to get on networks this year. Now you’re probably not going to be hosting all 7 billion of them, so let’s try this number – 4. As in, “the average number of devices that enterprise users have” is roughly 4 devices*. Go ahead – do the math with your own employees. For Cisco, that’s around 250,000+ devices or so attempting to connect to our network. As a company, you may have more, you may have less…but the one thing you definitely have are employees who are eager to access your network with more of their own personal devices than ever before.
Great for employees, right? Absolutely. However, this, generally, gives enterprises two major dilemmas:
1) They lack any visibility into or context around who and what is getting on the network – Is it a smartphone? Is it a smartphone with the latest OS? Is it a smartphone supported by the enterprise?
2) They’ve lost the stringent control they used to have over what’s getting onto the networks. Sure – rules are defined for users, but maybe they’re not really being enforced. Or maybe “shadow IT” is just going around the rules to get someone’s new cracked Android tablet online.
This, generally, also gives network administrators heartburn…and for good reason. They’re stuck walking that fine line between security and productivity. How can they secure the enterprise and network access without making life miserable for their users…and themselves?
In our experiences here at Cisco, we’ve discovered that tackling these challenges requires a few things:
1) Find a way to accurately identify who and what is getting on the network
2) Centrally manage user access policy and use the identity to assign everyone the right network access
3) Make it easy for users to actually get onto the network – however they connect
4) Keep an eye on the network for threats and then quickly neutralize those threats.
If you can find a way to do each one of those things, you’ve taken a big first step in addressing these dilemmas.
Dynamic Control with Context
At Cisco, we’re helping organizations tackle these challenges every day with the Cisco Identity Services Engine (or “ISE”). Cisco ISE is an access policy platform that unifies and automates secure access control to network resources.
1) Accurate Identification – Cisco ISE grabs contextual data from a wide variety of sources (e.g., Active Directories, sensors, NetFlow) across the network to offer clear visibility into every connected device. It also offers advanced profiling technology as well as a curated profiling update service to ensure that all these connected devices are accurately identified and classified.
2) Centralized Access Policy – Cisco ISE gives enterprises the power to centrally define and manage the right types of access for users and devices. ISE can take written, granular business policy and make it real secure access policy, enforced across the network.
3) Easy Onboarding – New simplified onboarding experiences provide intuitive user access on branded portals, without sacrificing security, for a wide variety of enterprise deployments – from guest hotspot to “BYOD” projects.
4) Rapid Mitigation and Remediation – Cisco ISE can take all that collected contextual data and share it with integrated partner solutions. By delivering a deeper level of context, ISE makes it easier and faster to identify, mitigate, and take action to remediate non-compliant mobile devices, compromised endpoints, or other network threats.
Cisco ISE provides enterprises with greater visibility into who and what is on the network. This leads to more accurate identification, which, in turn, allows enterprises to assign the right access control to an end-user and device…easily and securely.
So, when that day comes where some of those 7 billion devices end up on YOUR network, you know you’ll be ready to tackle those challenges with Cisco ISE.
Please join us on November 5, 2014, for a live, 60-minute webcast where we’re offering a sneak peek at the newest version of Cisco ISE. Space is limited, so register today!
*Citrix, “Workplace of the Future: a global market research report”, September 2012 http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/workplace-of-the-future-a-global-market-research-report.pdf
Tags: control, Easy Onboarding, Identity Services Engine, ISE, visibility
Many network engineers recall the iOS7 update on September 18, 2013 as one of the most historic download days of their network’s history. All the more reason for us in the wireless world who anxiously anticipated the September 17 release of iOS8.
We asked a few of our customers to monitor the effect of the software release on their networks and the results for the first two days are in. Those in the education and healthcare space in particular are filled with early adopters of WiFi technology and devices, and eager to get their hands on the latest updates.
Joe Rogers, Associate Network Director at the University of South Florida shared this picture with us from 1pm September 17th, showing 1 Gbps more traffic than he would normally see at this time of day:
Another customer, Greg Sawyer, Manager of Infrastructure Services, shared this picture of the iOS8 effect on his network at the UNSW Australia.
He noted that his experience handling the release this year felt smoother than last year, despite the new peak internet download of 4.65 Gbps and 21Tb downloaded for the day! Not too surprising when considering that there were 27,000 concurrent connections on the wireless network and approximately 60% of those being Apple devices.
How should organizations be considering and handling these network spikes? I sat down with Cisco technical leaders Matt MacPherson and Chris Spain (@Spain_Chris) to get some insight on the effect of big updates like iOS8 on the wireless network. Here are some of the highlights of what we discussed:
The World We Live In
The truth is, more and more services are being moved to the cloud—a cloud that will push updates to millions & in the future billions of users and devices on our networks. Read More »
Tags: #80211ac, 11ac, 8.0, 802.11, 802.11ac, 802.11n, aireOS, Akamai, Android, App, Apple, application, bandwidth, best practice, Burst, business-critical, byod, byte, cache, Cisco, cloud, control, design, device, engineer, fix, Gbps, guide, infrastructure, internet, IOS, ios8, iphone, iphone 6, iphone6, IT admin, IT administration, itunes, mbps, mixpanel, mobile, mobility, network, operation system, OS, patch, peak, pervasive, policy, protocol, protocol pack 11, release, secure, security, services, signal, TB, technology, throughput, unsw, update, USF, visibility, WAN, wi-fi, wide area network, wifi, wireless
If you are a professional photographer or even an amateur like me, you want to have ready access to various control dials on your camera to capture the moment perfectly. Professional cameras provide high level of control to get the best outcome. But there are times when you want to put the camera and the lens in Auto mode or wish that the camera could automate some decisions that make your workflow easier.
Likewise, Cisco Wireless LAN products provides the level of quality, functionality and control that is unmatched and hands-down the best enterprise wireless networking portfolio in the industry. But there are scenarios where it is preferable to expedite wireless configuration with best practices automatically enabled and easy access to data to simplify monitoring and troubleshooting workflow. For example, a small business owner manages his own network or in a K-12 a librarian acting like a part-time IT administrator. This not only provides operational efficiencies for the IT organization but also improves end-user and partner experience.
Cisco WLAN Express Setup is an attempt in this direction. It is now available on 2500 Series Controller (CT2504) starting with software release 220.127.116.11.
It includes three components
- Easy-to-use setup wizard: This eliminates the need for console cable and command line setup. Instead, 3-step web-wizard is used to quickly boot strap a Controller and configure employee and Guest WLAN out of the box.
Read More »
Tags: 11ac, 802.11ac, access point, aireOS, analytics, App, application, AVC, best-in-class, Bonjour, cellular, chromecast, Cisco, cmx, configuration, connection, control, controller, data, device, Express, LAN, mag on ap, mobile, mobility, network, networking, optimized roaming, policies, protocol, release, rx-sop, setup, software, Speed, technology, traffic, users, visibility, VLAN, vni, wi-fi, wifi, wired, wireless, wlan, WLC
Cisco Wireless Release 8.0 is now available: Product Bulletin
The Cisco VNI Global Mobile Data Traffic Forecast, 2013 – 2018 revealed some stunning trends with growth projections that are sure to have a dramatic impact on wireless networks worldwide.
In 2013, globally, there were nearly 22 million wearable devices generating 1.7 petabytes of monthly traffic. There were about 7 billion mobile-ready devices and connections with mobile network connection speeds that have more than doubled, to 1.4Mbps up from 526 Kbps in 2012.
By 2018, there will be more than 10 billion mobile-ready devices and connections. The average mobile connection speed will nearly double, from 1.4 Mbps in 2013 to 2.5 Mbps and over 4.9 billion devices will be IPv6-capable. There will be more traffic offloaded from cellular networks (on to Wi-Fi) than remain on cellular networks.
Read More »
Tags: 11ac, 802.11ac, access point, aireOS, analytics, App, application, AVC, Bonjour, cellular, chromecast, Cisco, cmx, connection, control, controller, data, device, fastlocate, HDX, IPv6, LAN, lbs, location, mag on ap, mbps, mobile, mobility, multicast, network, networking, optimized roaming, Packet, patterns, pmipv6, policies, Presence, protocol, q-in-q, q-in-q tagging, release, rx-sop, software, Speed, technology, traffic, users, visibility, VLAN, vni, wi-fi, wifi, wired, wireless, wlan, WLC
Unless you’ve been living under a rock for the last two weeks, you know that the FIFA World Cup is in full swing. Stakes are higher than ever as we move into the semi-finals with more and more people tuning in to cheer on their favorite futbol teams. In fact, FIFA just released a media release yesterday about how this year’s 2014 FIFA World Cup™ has set new records for streaming data traffic around the world. My colleague Ido blogged about IWAN helping with the bandwidth overload caused by the FIFA World Cup last week, so let’s dive deeper and talk about video and high density.
There is no denying it: your employees and customers are streaming video. While the volume of that streaming dramatically peaks around game times during the World Cup, it should be no surprise that today, mobile applications, largely video, are increasing mobile traffic across networks. That’s straight forward: apps + video = bandwidth drain. Combine that with the fact that people are touting multiple devices–think a laptop and a smartphone, maybe a tablet, too. This means high density–lots of clients and devices on a single network. These circumstances trigger three potential yellow cards to cross an IT person’s mind – let’s see how we can avoid them.
YELLOW CARD #1: Rich Media Optimization
As an end-user, the common expectation is that I should get the same crisp, clear, rich media or video experience across all platforms—I don’t care if it’s my phone, my tablet or my laptop: make it high definition. This is harder said than done.
It is not easy to provide the same rich media experience across wired and wireless devices. Traffic from wireless devices has to travel all the way back to the controller in a data center and then back to an access switch before reaching its destination. It’s called the hairpin effect. The result is that video over Wi-Fi could look grainy. That won’t do for the current generation of high definition junkies. Read More »
Tags: App, application, AVC, brasil, brazil, device, fifa, high density, IT, media, mobile, online, streaming, video, visibility, wi-fi, wifi, wireless, wlan, world cup