Вы находитесь на странице: 1из 28

Cisco SMART Designs

Small Business Network Foundation


Small Business Technical Marketing
December 2012

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Reduce Costs
Flexible ways of working boosts productivity

Focus on New Opportunities


Real-time access to mission-critical information, operational efficiencies

Improve Effectiveness of Sales


Richer connectivity, stronger relationships
2

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Improve operational efficiency


Provide access to real-time business information

Enhance employee and partner collaboration


Enhance customer responsiveness Give service agents real-time access to customer information Provide customers with intuitive self-service options

Protect sensitive information


Secure customer information Identify, prevent, and adapt to security threats

Keep costs low and returns high


Simplify and accelerate deployment of network devices and intelligent features Simplify troubleshooting and management of network

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

SBNF provides a secure and flexible network infrastructure to deploy other services:
Cisco Unified Communications
IP telephony and related voice services SBNF is designed for seamless addition of Cisco Unified Communications

Wireless LAN
Integrated in the SBNF solution
Optionally - Can be deployed later

Other business specific applications


Built on top of the SBNF network infrastructure, along with Cisco Unified Communication, and wireless LAN

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Network infrastructure that helps meet todays business challenges


Four types of offices and workers covered in the designs

Main office
Primary location, provides most of the shared data resources (files, databases, business servers, web servers, and e-mail servers) as well as centralized networking resources

Remote office
Offices other than the main office are called remote offices

Home office
A home office is located at an employees residence

Mobile worker
An employee who securely accesses the main office through the Internet by establishing a VPN connection from a laptop or other device

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Based on Cisco Small Business Series products Covers wired and wireless LAN deployment

options
Ideal for price-sensitive customers who need full

support of potentially multiple business locations


Supports up to 100 users and 5 remote offices Fast Ethernet and Gigabit Ethernet support with

PoE and non-PoE options


Security appliance to protect the network from

virus, spyware, and unwanted Internet content


Dual WAN option for redundant connectivity Simple GUI-based deployment

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Small Business Network Foundation (SBNF) Scalability Network products used Up to 100 users, 5 remote offices Small Business Series products

Secure Network Foundation (SNF) Up to 100 users, 5 remote offices Cisco Catalyst 2960, 3560/ 3560-X, 3750/3750-X switches, Cisco 800/1900/2900/3900 ISRs

Advanced Secure Network Foundation (ADVSNF) Up to 250 users, 20 remote offices Cisco Catalyst 2960, 3560/3560-X, 3750/3750-X switches, Cisco 800/1900/2900/3900 ISRs, Cisco ASA 5500 Series

Business locations served Security VPN

Main Office, Remote Office, Home Office, and Mobile Worker On WAN router Site-to-site IPsec SSL VPN No Yes No n/a Part of SBNF design On WAN router Site-to-site IPsec VPN, IPsec/GRE, Easy VPN, SSL VPN Yes Yes No n/a Integrated security or dedicated security appliance DMVPN Easy VPN, SSL VPN Yes Yes Yes Yes (optional)

LAN high availability using switch stacks Dual WAN links option for load sharing, failover Dual WAN routers for load sharing, high availability Dual security appliances for high availability Wireless LAN

Deploy WLAN solutions (on SNF/ADVSNF infrastructure)

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Cisco Small Business 500 Series Switches


Especially built for small businesses 8 to 50 port Fast Ethernet/Gigabit Ethernet switches

PoE and non-PoE options


QoS to prioritize delay-sensitive and high-bandwidth network traffic Stacking, for high availability

Basic and enhanced security


IEEE 802.1x port security, ACLs, and several other security features like port security, BPDU guard, and storm control
Cisco Small Business 500 Series Switches

Comprehensive ease-of-use capabilities


GUI-based management Static SmartPort and Auto SmartPort

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Cisco ISA 500 Series Router


Router, with integrated security appliance, Gigabit LAN switch, and

Wireless LAN Access Point


Options for dual WAN ports, up to 4 DMZ ports, and up to 5 LAN

ports (depending on model)


Gigabit Ethernet WAN port Supports xDSL, cable, ISDN, DSL over ISDN, etc. An integrated business-class firewall Cisco Unified Threat Management (UTM) Cloud based advanced security services filtering based on Web reputation, and/or Network reputation, Spam filtering, Web URL filtering Signature based advanced security services Anti-virus, Application Control, and Intrusion Prevention Multiple VPN options Site to Site IPSec VPN, Remote IPSec VPN, SSL VPN, Easy VPN Integrated WLAN, with Captive Portal

Cisco ISA 500 Series Router

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

Integrated switch in the WAN router


Suitable for small deployments when router has enough ports to connect all user devices

Single external switch


Suitable for deployments when a single switch has enough ports to connect all user/network devices

Multiple switches
Traffic from multiple access switches is aggregated by an aggregation switch Higher LAN scalability and performance Reduces cabling if users are located in different areas of the office Enables the router to focus on secure routing functions

Stacked switch (aggregation and/or access)


Increases high availability in LAN Minimizes network administration of multiple (stacked) switches
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Rapid Spanning Tree Protocol


Fast recovery from LAN loops caused by link failures or connection mistakes

Separate VLANs for different traffic types, helps

traffic isolation and security


Data
Voice DMZ Other deployment-specific VLANs can be added

Layer 2 switching by all switches Automatic detection of Cisco IP phones

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

Stacked aggregation switch (optional)


Stacked switches act like a single switch, which reduces management effort

Stacked aggregation switch connected to, access switches, and servers


Improved LAN high availability: No LAN traffic disruption if a stacked switch fails or if an Ethernet link of the EtherChannel fails

Stacked access switch (optional)

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Change to Security / Unified Threat Management (UTM)

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Simplicity: Single WAN Link


Use the dedicated 10/100/1000 WAN interface

Dual WAN Links


Use the dedicated 10/100/1000 WAN interface as the primary link Use an additional 10/100/1000 configurable port as a loadsharing backup WAN link

Up to 4 DMZ links
Configure up to 4 Configurable 10/100/1000 ports as DMZ ports

Remote Office Connectivity


Traffic is forwarded through in a secure tunnel

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

ISA500 Security Appliance integrates WAN

Firewall protection
Prevents unauthorized access to network connected devices Helps maximize network uptime by mitigating DoS attacks

security
Network Infrastructure Protection
Prevents unauthorized access to network devices

LAN Security
Helps protect from inside the network Port Security limits the number of end user devices that can be connected to a switch port BPDU Guard prevents a malicious user from attaching a real or simulated switches to the LAN Storm Control limits the effect of broadcast, multicast, or unknown unicast traffic storms in the LAN 802.1x Authenticated Access only authenticated users are connected to the LAN (Optional) IP Source Guard, and Dynamic Arp Inspection to ensure that only valid users are sending traffic to the LAN (Optional)

Demilitarized Zone (DMZ)


Isolates publically accessible servers in the network for security purposes

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

16

Cisco Unified Threat Management (UTM)


Cloud-based security services that scan traffic to/from the small business network Based on a global data base constantly being updated by analyzing worldwide network traffic Effective protection from known and new threats Simplifies security administration

UTM Reputation Based Security


Spam Filter- drops or tags e-mails as spam, based on their reputation score Network Reputation - blocks incoming traffic from IP addresses that are known to initiate attacks throughout the Internet. Web Reputation Filtering - prevents client devices from accessing dangerous websites containing viruses, spyware, malware, or phishing links. Web URL Filtering- allows you to block HTTP access to malicious websites based on URL categories.

UTM - Signature Based Security


Signatures can be auto-downloaded Anti-Virus - prevents network threats over a multitude of protocols, including HTTP, FTP, POP3, SMTP, CIFS, NETBIOS, and IMAP. Application Control - monitors and controls the use of applications on your network- Instant messaging, P2P, File Transfer, games, etc. Intrusion Prevention (IPS) - monitors network traffic for malicious or unwanted behaviors and can react, in real-time, to block or prevent those activities.

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

Network congestion in the WAN devices/links

QoS classifies traffic of various applications and

(also in LAN) results in packet drop, delay, and jitter


Affects voice and video applications Business quality voice requires: End-to-end delay of 150 msec (G.114) Jitter < 30 msec recommended by Cisco

treats them differently depending on application needs


Priority treatment to delay sensitive traffic (voice) Ensures minimum bandwidth guarantee to other

classes of traffic
SBNF enables QoS on each network device

(WAN and LAN)

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

Remote office and Home Office


Each remote office is connected to main office by IPsec site-to-site VPN VPN maintains data integrity and confidentiality AES with 256 bit or higher (3DES if AES is not feasible) Hash: SHA-1 Authentication: pre-shared keys DH group 2 Encapsulation: ESP

Home Office
Remote IPSec VPN, SSL VPN (AnyConnect)

Mobile Worker
SSL VPN (AnyConnect) on laptop Traffic is encrypted and routed through the Internet Main office router acts as the VPN gateway

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

Wireless LAN, as part of SBNF, can be built seamlessly over SBNF wired infrastructure
Uses small business specific wireless products Covers main office, remote office, home office Supports data and voice Wireless router with integrated access point (AP)
Ideal for small deployments when the routers area of wireless coverage is sufficient

Multiple APs are used for larger area of wireless coverage


External APs can work with the AP integrated with a wireless router

Provides QoS and security relevant for wireless networks

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

20

ISA5xxW

ISR1941W

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

Most cost-effective and simplest WLAN deployment

for a small office


Can work independently or with external APs

Guest access support, with captive portal


Redirects unauthenticated users to a portal for authentication

Roaming supported among external APs (if RF

coverage is adequate)
Security
First line of defense is encryption: WPA2 with AES Appropriate level of authentication per business requirements

QoS: Wi-Fi Multimedia (WMM)


Prioritizes traffic in to four traffic classes
Provides each traffic class with its traffic priority or required minimum bandwidth guaranties

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Suitable for small deployments Cost effective, no WLAN controller Multiple APs placed in coverage area Router may have an integrated AP as well All standalone AP deployments use single data

VLAN (and single voice VLAN)


Supports wireless QoS and security
Layer 2 roaming is supported if RF coverage

is adequate

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Layer 2 roaming: a wireless LAN device

physically moves so that its radio associates with a different AP with a stronger signal
Layer 2 roaming requires each AP to have

identical configuration (SSID, VLAN, security)


Wireless LAN client VLAN / IP address remains

valid across the APs while roaming


Wireless cells should overlap Wireless IP client re-authenticates every time it connects to a different AP (when it roams) Roaming delay is not a big problem for data applications Business quality voice need delays of less than 150 ms end-to-end

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

Allows several standalone APs to be clustered

for management purpose


Configuring any AP in a cluster replicates the

configuration to other APs


Helps mitigate effort to manage multiple APs Available only on standalone AP 541N All APs participating in a cluster are configured

to have the same parameters:


Wireless network identifier (SSIDs) Security features User names and passwords

Traffic priorities (for QoS)


Radio settings Wireless interface settings

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

25

Lower total cost of ownership


Enhanced business performance
Profit-line benefits from operational efficiency and minimal downtime More responsive and personalized customer relationships Increased system performance and security

Faster business evolution


Longer lifecycle for technology investments

Spend more time managing business and less time managing technology
Employees are more productive and happy

Smart business roadmap


Right choice for today and right choice for tomorrow
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Pre-sales assets
Solution bill of materials and product selection guide Solution profile Overview presentation

Post-sales deployment assets


Design guide Device role configuration guides Implementation guide Application notes

www.cisco.com/go/smartdesigns/sbnf
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

Thank you.

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28