Cisco Connected Government Technical Overview

Cisco Connected Government Technical Overview
October 2005

Agenda Connected Government Overview
Overview of Cisco® Connected Government—Intra-agency Roadmap Overview of Cisco Connected Government—Interagency Roadmap Applying Cisco Connected Government to Public Safety Agencies Mapping Case Studies to the Phases of Cisco Connected Government Why Cisco? Discussion

Connected Government Overview

Government Agency Challenges
Improve operational efficiencies with proactive strategic planning, policy development, resource allocation, and administrative and financial planning Increase reach and responsiveness of constituent services Reduce operational costs Enhance quality and flow of information across chain of command Establish resilient network infrastructure that supports interagency collaboration

Current Trends in Public Safety Agencies—Investments to Improve Information Flow
Investments in last-mile wireless and communication technologies Investments in new business processes Investments in critical public safety applications Computer-aided dispatch (CAD) Records management system (RMS) Multijurisdictional communication networks Mobile data terminals Biometrics Auto vehicle locator Mug shots and digitized images Crime analysis Source: “Forecast: State and Local Government, North America, 2004–2007” (Gartner; 2004)

Agency Drivers for Change
Intra-agency/Interagency Collaboration Enable interoperable communications to support constituent services, agency collaboration, and joint operations Foster sharing of physical resources and equipment (e.g., incident command vehicles, aircraft, etc.) across agencies to reduce costs Infrastructure Sharing Information Sharing Improve operational efficiency by providing equal interagency access to critical information Intra-agency/interagency collaboration—Enable interoperable communications across voice, video, and data media to support constituent services, agency collaboration, and joint operations and planning Infrastructure sharing—Foster sharing of physical resources (eg, buildings, networks, etc) across agencies to eliminate costs of redundant systems Information sharing—Improve operational efficiency by reducing information redundancy across agency boundaries Shared services—Consolidate common government services (eg, human resources, accounting, etc) to enhance operational efficiency Consolidate common government services to enhance operational efficiency Shared Services

What Is a Connected Government?
All branches of government support the controlled flow of information Services reach constituents when they need them, where they need them, and in the way they need them Services reach more constituents with less cost Government is engaged with constituents

Overview of Cisco Connected Government
Reference network and application architectures with a corresponding roadmap Uses government and private-sector best practices to enable improved information sharing across organizational boundaries Roadmap transitions governments through a multiphase approach, synchronized with process change Yields realistic near-term benefits while making progress toward long-term objectives Network Assessment tool Compares department mission with IT capability Reference network and application architectures with a corresponding roadmap Based on government and private sector best practices for implementing network technologies that enable improved information-sharing across organizational boundaries Roadmap transitions governments from their current state through a multiphase approach Yields realistic near-term benefits while making progress toward long-term objectives

Moving to a More Connected Government
Addressing the Government Challenge: Improve Service Without Increased Budgets Services that Can Be Easily Modified, Distributed, Scaled, and Maintained and that Integrate Legacy Systems Cost-Effectively Services Collaboration IPC/IPCC Security Wireless How to collaborate with public and private sector constituents, partners, and suppliers across application and organizational boundaries? Goal: Moving to a More Connected Government Information Sharing Application Services Voice & Collaboration Services Computer Services Identity Services Security Services Mobility Services Storage Services Infrastructure How to enable and control information flow across application and organization boundaries and services? Infrastructure Sharing Data Center Branch Campus Teleworker MAN / WAN Server Network Virtualization Services Places in the Network Storage Clients How to consolidate and manage the network, computer and storage needs across application and organization boundaries?

Cisco Connected Government Roadmap
Sections illustrate common application of roadmap, but there are exceptions For some agencies, sharing across groups within one agency is as complex as sharing between agencies For these agencies, all six phases can be applied within the same agency before branching out between agencies Work from inside out 1 2 Intra-agency Focus Enhances agency’s ability to serve constituents wherever they are and whenever they need assistance Phases 1 to 3 Interagency Focus Enables connectivity, communication, and collaboration between agencies Increases service effectiveness and public safety Phases 3 to 6

Overview of Cisco Connected Government— Intra-agency Roadmap

Phase 1: “Siloed” Information and Communications Systems
Redundant systems, resources, information, and processes designed for independent operation within each department Prerequisites to enter next phase Ensure quality of service (QoS) Achieve high network availability Establish robust, integrated network security Redundant systems, resources, information, and processes designed for independent operation within each department Often doubles cost and double resources for managing separate networks Limits efficient flow of information and collaboration Prerequisites to enter next phase Ensure quality of service (QoS) to reduce operational costs, manage WAN bandwidth, and deploy applications such as voice over IP Achieve high network availability to support rapid recovery and resilient communications during emergency scenarios Establish robust, integrated network security that shields against data loss, tampering, and disruptions

Phase 1: “Siloed” Information and Communications Systems—Cont’d
Limited Connectivity to the Data Center Connectivity to Data Center Is Potential Single Point of Failure Network Downtime Network at Risk No Integrated Security Limited Network Redundancy Internet DMZ Leased Lines Increased Cost and Complexity Separate Voice and Data Network Headquarters Data Center Public Switched Telephone Network (PSTN) Lack of Any-to-Any Voice, Video, or Data Real-Time Communication Limited Mobile Data Access Mobile Network Branch

Getting Out of the Silos
High Availability QoS and Convergent Communications Collaboration Applications Integrated Security High Availability It is essential that every network deployment emphasizes availability as the very first consideration in a baseline network design. Applications must also coordinate with network capabilities to support rapid and transparent recovery during application and network failure scenarios Network applications such as collaboration, contact center, and IP telephony must be tightly coupled with network high-availability capabilities to offer resilient communications through disruptions. Integrated Security Implementing a robust security suite provides the best defense against possible information loss, tampering, or productivity disruption. Quality of Service and Convergent Communications Quality of Service (QoS) has become mission-critical as organizations move to reduce cost of operation, manage expensive WAN bandwidth, or deploy applications such as Voice over IP (VoIP) to the desktop Collaboration Application Standards-based collaboration applications integrate with network capabilities listed above to maximize network responsiveness and security and that leverage standards-based networking protocols to extend the reach of collaboration capabilities (eg, field radio, portable IP devices, mobile networks, POTS and wireless/cellular networks).

High Availability: Resilient Network Design
In Case Of Emergency Device-Level Resilience Network-Level Systems-Level AutoSecure, Warm Reload, Control Plane Policing, Nonstop Forwarding/Stateful Switchover (NSF/SSO), Switch Cluster, Configuration Rollback, Fault Containment, and Generic Online Diagnostics Routing Protocol and Spanning-Tree Enhancements, Cisco EtherChannel® Technology, Multiprotocol Label Switching (MPLS) Traffic Engineering, Gateway Load Balancing Protocol (GLBP)/Hot Standby Routing Protocol, Multilink Point-to-Point Protocol, Dial-On-Demand Routing, and Resilient Packet Ring Survivable Remote Site Telephony (SRST), CO-Based Gateways, Teleworker, Advanced Worm Mitigation, Call Center Resiliency, and User Mobility Device Level Resiliency: Self-Protection is the ability of the device to protect itself, and devices connected to it, from security attacks, hacking and threats GOLD (Generic Online Diagnostics) combined with EMM (Embedded Event Manager) provides a really new approach to device monitoring and will eventually include the ability to react to problems using local scripts. EMM will be supported in Q1/FY06 Network Level Resiliency: Network-Level Resiliency (NLR) refers to the capabilities of the network to recover around a device, link or protocol failure while still maintaining the availability of the network to its constituents. System Level Resilience: System Level Resiliency (SLR) include mechanisms to lower the mean time to repair (MTTR) due to switch processor, line card and software component failures. This increases network uptime for the device itself

Advanced Integrated Security
Core Distribution Access Integrated Security Protect core as high-speed interconnect to rest of the network Protect links to distribution and core from attacks that interrupt control traffic and device manageability Ensure authorized user access, protect links and switches, and defend against malicious attacks Today’s security attacks are not just an inconvenience. They bring networks to a halt, enable the theft of proprietary information, and jeopardize a company’s profitability and performance. Today’s attacks are faster and more costly than ever before. To meet the security needs of today’s campus networks, enterprises must implement a solution that provides: Networkwide security that is fully embedded into the network infrastructure Protection, prevention, and self-healing Control over who has network access and what they can do It is a suite of Cisco products and features designed to work together to protect your network from potentially devastating attacks—from inside and out, deliberate and unintentional. It is a flexible, customizable deployment that uses existing investments in platform options (such as dedicated security appliances and router- and switch-based security) and technology options (such as firewalls; threat protection; authentication, authorization, and accounting [AAA]; URL filtering; and 802.1x). The solution provides comprehensive coverage by offering security integrated into all platforms, including PCs and servers, throughout the network. Protect bandwidth and priority traffic Protect switch CPUs Enforce access control policies Secure access for authorized users and “safe systems” Secure “hot ports” and protect switch CPUs Mitigate man-in-the-middle attacks Protect links proactively

QoS Is Integral to the Converged Campus Network
Guaranteed, predictable behavior for unmatched control over network traffic Greater adaptability to future needs Protects against network security threats by guaranteeing bandwidth Access Distribution Voice Data Core Scavenger QoS in the Campus – Protect the Good and Punish the Bad QoS does more than just protect Voice and Video For "best-effort" traffic an implied "good faith" commitment that there are at least some network resources available is assumed Need to identify and potentially punish out of profile traffic (potential worms, DDOS, etc.) Scavenger class is an Internet-2 Draft Specification => CS1/CoS1 We all agree that QoS is an integral part of the network. Ideally, it should start as close to the client device or application as possible. And that each device that handles the frame/packet will behave based on the rules we have for that particular type of traffic. With high bandwidth available in the campus, QoS is predominantly supported in high performance hardware based implementations, many using ASICs, and Multiple Queues. These devices, commonly switches, must divide and classify packets at their ingress ports, if not already prioritized by the client application or device. But, in some cases these switches must reprioritize the traffic based on its ultimate destination. At the WAN edge, the network platform, such as a router must support various queuing or equating strategies for the traffic based on network interface type and the congestion on the wire. If carried by a service provider, the data is subject to additional prioritization based on service level agreements. It is in this way that QoS ensures timely delivery based on the policies we determine rather than leaving latency to the whims of bursty and erratic network traffic patterns. GW Quality of Service

Cisco Convergent Communications
A Completely Flexible, Resilient, and Secure Suite of Communications Applications that Scale and Adapt to the Needs of Any Organization Applications Endpoints Call Control Infrastructure Workplace services Voice mail and unified messaging Emergency responder Customer contact Rich-media conferencing IP phones Wireless phones Cisco IP Communicator Cisco VT Advantage Hosted call control Cisco CallManager Cisco CallManager Express Integrated services routers Intelligent network infrastructure Security QoS Availability Management Administration Importantly, Cisco has a complete end-to-end portfolio that can be leveraged to deliver OPEX and strategic ROI. From infrastructure to applications, across supply chain, customer care and workforce optimization, our total systems approach combines the strengths of the Cisco data networking infrastructure-with robust security- best of breed partners, applications and products. Customers gain the benefit of an IP telephony architecture designed from the very beginning to take advantage of tight functional integration with the underlying Cisco IP networking infrastructure. On the application front, Cisco offers IP telephony; unified messaging and voice mail; customer contact; and rich audio, Web, and videoconferencing; as well as partner XML applications to deliver news and business data directly to the phone’s display. Endpoints are user instruments – either a desk phone or a software phone application that runs on a PC. IP phones have all the functions that a telephone provides, s well as additional features, such as the ability to access Websites, or productivity-enhancing applications. Only Cisco offers a compete portfolio of true IP phones – solid, inviting, simple-to-use, functional and fully featured next-generation communications devices. Call Control is at the heart of the Cisco IP Telephony system. Whether deploying a centralized call-processing model, a decentralized model, or a combination of both, Cisco IP Telephony solutions meet individual organizational needs. In a centralized deployment, Cisco CallManager extends enterprise telephony features and capabilities to packet telephony network devices such as IP phones, media processing devices, voice over IP (VoIP) gateways, and multimedia applications throughout the network. Additional voice, video, and data services such as unified messaging, multimedia conferencing, collaborative customer interaction networks, and interactive multimedia response systems interact with the IP telephony solution through the open telephony APIs of Cisco CallManager. Infrastructure: Cisco is committed to providing intelligent information network systems, designed around products and solutions that are integrated, resilient, and adaptable, so that an organization can maximize its total value of network ownership, adapt more readily to current and future business needs, and be more responsive. One of the most compelling advantages of a solution based entirely on Cisco equipment is that customers gain the benefit of an IP telephony architecture designed from the start to take advantage of tight functional integration with the underlying Cisco IP networking infrastructure-primarily switches and routers.

Converged Communications for Distributed Branches
Cisco Integrated Services Router with Cisco CallManager Express, Cisco Unity™ Express, and Cisco IOS Firewall Branch Headquarters Public Internet, VPN, or Private WAN with Voice over IP 10–20 Employees Regional Headquarters Multiple-Location Distributed CallManager Express Many small business need to interconnect a small number of independent sites. The layout of each branch office is very similar to the standalone office described on the previous slide. Five-digit dialling a key benefit. As of February 2004, Cisco CME interoperable with Cisco CallManager. Key additional elements include: Private WAN: For private connectivity between the sites, business could use an Internet VPN. Larger companies could use a Frame Relay WAN from a service provider. VoIP calls on the WAN require QoS technology (not present for any connection that involves Internet segments). WAN connectivity: While DSL connectivity may still be the most cost-effective for small sites, larger sites may use fractional or full T1/E1 WAN connections. On-net calling: Phone calls between sites could use the PSTN (configuration of the voice services and applications in each branch office would be identical to that of the small standalone office). Business could also use on-net calls (if WAN is QoS-enabled) over the data connectivity between the sites. H.323 VoIP routers calls between sites. For a small number of interconnected sites, each site’s dial plan can be individually administered. Gatekeeper can centralize the administration of the dial plan and call routing as number of sites grows. Cisco Integrated Services Router with Cisco CallManager Express, Cisco Unity Express, and Cisco IOS Firewall PSTN Cisco Integrated Services Router with Cisco CallManager Express, Cisco Unity Express, and Cisco IOS Firewall 100–200 Employees 25–75 Employees

Cisco CallManager Cluster Cisco Integrated Services Router with SRST
SRST—How It Works IP phones exchange Keep Alive messages and Call Processing messages with Campus-Located CallManager (CCM) WAN link fails—IP phones lose contact with CCM IP phones register with local router as router of last resort Router queries phones for configuration and auto-configures itself Router provides call processing for duration of failure via PSTN Upon restoration of WAN, IP phones revert back to CCM Applications Server X Cisco CallManager Cluster Without WAN connectivity, users in the branch office get no dial tone and cannot place or receive ANY calls. Should the WAN link have a backup, one might think the backup link could be used. However, our WAN backups cannot support the call volume due to size of these links. By simply leveraging functionality within IOS, we can solve this problem. Without investment in additional equipment While registered with SRST router, phone continues to attempt keepalives to CCM. After WAN failure, the keepalive messages sent from phone will time out. At that time, the IP phone attempts registration to its default gateway – SRST router. Registration is automatic. User doesn’t have to perform any action and SRST router is always listening. Phone will display the message “CM Fallback Enabled” so the user knows that they should dial via the PSTN (Dial 9) Most configured features on IP phones continue operating while in SRS Telephony mode Data uses ISDN dial back-up When WAN comes back up, CCM replies to keepalives and phone registers with CCM. WAN A Cisco 7200 PSTN Cisco Integrated Services Router with SRST Headquarters Police Station

Integrated Rich-Media Conferencing
Voice Conferencing Scalable IP and TDM platform IP integration to backbone, platform, and desktop Web Conferencing Tightly integrated fourth-generation solution Complete meeting management and control Videoconferencing Integrated multipoint videoconferencing Broad endpoint support Voice Web Video MeetingPlace integrates voice, web, video and IM capabilities Voice: Enterprise scalable IP and TDM TDM ports, 960 IP ports in single server H.323 & SIP IP voice integration at 3 levels - backbone, platform and desktop IP backbone – Take voice traffic off public networks and move it on-net Platform and Desktop - Integrated with CallManager, Cisco IP Phones Web: MeetingPlace Web Conferencing is a forth generation application that tightly integrates voice and web conferencing capabilities - allowing for full meeting management and control Video: MeetingPlace is now tightly integrated with IP/VC and Cisco video telephony for a fully integrated voice, video and web conferencing solution. IM: Addresses need for ad-hoc meetings - Integrating with IM allows users to seamlessly go from a chat session to a conference by simply clicking a link in their IM chat window MeetingPlace integrates with a variety of IM solutions - Lotus IM AOL, Yahoo and MSN IM

Rich-Media Conferencing Experience
As Natural and Effective As Face-to-Face Meetings Who’s Sharing 2004 Results Who’s Speaking Who’s Attending How Attending Movable, Sizable Video Window Significant user benefits from integrating voice, video and web conferencing Complete meeting capabilities and control See who is in the meeting, who is talking, who is sharing, View attendance by media type - icons next to name Control other users - a user can mute themselves or mute another participant who may have a noisy connection Change attendee speaking, video, sharing capabilities Share any application Record and playback meetings Conduct whiteboard sessions and polls Enables changes in behavior and workflow improvements as users realize the value of accessing the web meeting console to view and better control their meeting … as opposed to just “calling into the bridge” Complete Voice, Video, and Web Conferencing Capabilities and Control

List of Relevant Resources
IP Communications Routing and Switching

Phase 2: Intra-agency Collaboration
Centralized Management and Call Control Internet DMZ IP WAN Data Center SRST Cisco MeetingPlace Campus IP WAN Integrated Router Security By using Cisco unified messaging to provide a single, simple method of accessing multiple sources of such non-real time communication as , voice mail, and fax the productivity of knowledge and task workers is increased. Free from having to move between various sources, log in and out, and collect printouts and paperwork, the workers can concentrate instead on adding value to the patient and business processes. With the flexibility afforded by extension mobility, a feature of Cisco CallManager based IP telephony services, workers can be assigned quickly to locations where their skills are needed most. And by simply logging into the nearest IP telephone with their ID and pass code they can be up and working in seconds, with full access to their custom communications services. Contrast this with a traditional environment where a telecom service order can take hours or days to move a service. In this new environment the same support staff delivers quality service to all users of communication services. Streamlined service with integrated training, troubleshooting, and tracking means not only a better experience for users, but a more cost effective and responsive system for the organization. DEFINITIONS: Cisco Unity Messaging: Cisco Unity integrates with desktop applications -- such as Microsoft Outlook and Lotus Notes – so that you can listen to your over the telephone, check voice messages from the Internet, and (when integrated with a supported third-party fax server) forward faxes to any local fax machine -- increasing organizational productivity while improving customer service and responsiveness. Survivable Remote Site Telephony: With SRST in Cisco access routers, small offices can now take advantage of the call processing servers, unified messaging servers, and other IP telephony equipment maintained at a central site and use the converged voice and data network to transmit the calls to distributed, intelligent, Cisco IP phones. In the event of a wide area network failure - due to a service provider problem, infrastructure issue, or act of nature - SRST automatically detects the failure in the network and, using Cisco Simple Network Automated Provisioning (SNAP), initiates a process to intelligently auto configure the router to provide call-processing backup redundancy for the Cisco IP phones in that office. The local router takes over call processing and telephony features, which stay available without a hiccup to branch employees through the duration of the failure. AutoQoS – Automatic Quality of Service – Cisco wide feature that ensures consistent QoS setting across products. This is important to ensure proper treatment of delay sensitive traffic. Without this feature, the network operator would need to make sure all the products had consistent QoS settings (in multi-vendor environments they won’t), which would incur significant time and cost to make sure this all worked properly. Media Encryption To protect data, voice, and video applications over wired and wireless media, Cisco offers IP Security (IPSec), Secure Sockets Layer (SSL), Secure Shell (SSH) and Multiprotocol Label Switching (MPLS)-based VPN technologies in addition to extensive security capabilities incorporated into Cisco wireless and IP Telephony solutions ensuring the privacy of all IP communications Identity Based Networking – Uses 802.1x extensions to permit or deny network access, or apply policies (security, etc.), based on user credentials. Allows granular control over users. For example, instead of one big open network, students can be segmented away from teachers and administrators, protecting sensitive information (grades, test answers) from being compromised. Integrated Router Security: Cisco Integrated Services Routers embed security and voice services inside the router as a single resilient system for ease of deployment, simplified management, and lower operating costs Cisco Unity Messaging Branch Branch Delivers Secure Communication and Collaboration Through a Complete Suite of Applications Integrated with the Infrastructure

Phase 2: Intra-agency Collaboration
Remaining Challenge: Still Unable to Integrate Remote and Field Workers How Phase 2 maps to the scenario: Situational information is available from headquarters to all agency-1 responders immediately (eg, suspect’s information is immediately available through voice, video, and data to fixed location). Mobile command center has full voice, video, and data access to identify suspect, but mobile responders do not.

Integrating Remote Resources
VPNs Enterprise Mobility Network Capacity Design Network Identity Virtual Private Network VPNs have all the characteristics of a private network, they make connections securely, ensuring that communications stay private. VPNs guarantee security through an industry standard called IPSec, which ensures the confidentiality, integrity and authenticity of data transmitted over the public IP network Network Identity Deploying a complete Trust and Identity Management solution lets enterprises secure network access and admission at any point in the network, and it isolates and controls infected or unpatched devices that attempt to access the network Application identity must collaborate with network identity to maintain consistent security policy between the network and application layers Enterprise Mobility Extending network access to mobile employees at work, at home, and on the road has positive impact in the following areas: employee and workgroup productivity, customer, partner and co-worker responsiveness, and business resilience. Applications must coordinate with mobile network characteristics to maintain information flow and communications throughout mobile network variability Network Capacity Design How much traffic can a connection handle in the worst case? Ascertaining that a link can handle double the traffic when a redundant link fails must be considered. Capacity planning must be included during the network design phase to facilitate the smooth integration of new technologies (such as videoconferencing).

VPNs: Advanced Secure Access for Remote Sites
Branches and Field Networks Are Protected by an Underlying Self-Defending Network Internet IP Security (IPSec) Dynamic Multipoint VPN (DMVPN) Zero-Touch Provisioning, Dynamic Mesh VPN Tunnels Generic Routing Encapsulation (GRE) and IPSec with Dynamic Routing Use the Best Routing in the Business for Maximum Control and Flexibility = DMVPN Tunnel One thing people often have trouble with is understanding which Cisco IOS VPN technology to use for a particular situation. Here are some general guidelines: Teleworking, simple hub and spoke (e.g. retail) networks, OR customer that is not comfortable supporting a dynamic routing protocol in all locations; interoperability with PIX and VPN3000 platforms: EasyVPN Multicast application support; customer comfortable supporting dynamic routing protocol at all locations; interested in doing spoke to spoke dynamic connections for data; automatic propagation of customer routes/subnets: DMVPN Remote access: IPsec SOFTWARE clients (Cisco VPN Client): EasyVPN Maximum control to engineer connections statically; customer comfortable running dynamic routing everywhere; automatic propagation of customer routes/subnets; best QoS flexibility; support for non-IP protocols: GRE/IPSec. V3PN: This is a name for a proven solution using QoS and GRE/IPsec for voice/video and high priority data. A detailed design document is available from the Enterprise Solutions Engineering Team Multi-VRF: This is used when the customer wants to divide a router into multiple independent address spaces and routing tables. For example, a service provider supporting two customers in the same building, or when one company acquires another, and they need to keep their networks separate because they have overlapping address spaces. Voice and Video Enabled VPN (V3PN) Best-in-Class QoS with IPSec VPNs for Multiservice, High-Quality, Jitter-Free Voice, Video, and High-Priority Data IPSec Easy VPN Remote-Access Hub and Spoke VPNs Using Centralized Policy Push Provider Edge Router Customer A Customer B Customer C 2800

User-Based Policies Applied
Identity-Based Network Access Determines Who Gets Access and What They Can Do Equivalent to placing a security guard at each switch port Only authorized users can get network access Unauthorized users can be placed into “guest” VLANs Prevents unauthorized access points (APs) HQ or Branch User Identity-Based Network Access User-Based Policies Applied (Bandwidth, QoS, etc.) IBNS determines who gets access to what. It provides security at every switched port. Authorized users (user’s with proper credentials) get access to the network. Unauthorized users may get no access or may potentially be treated as guests by guest VLAN assignment. IBNS can also prevent unauthorized AP’s Unauthorized Users and Devices Authorized Users and Devices

Extending Security to Remote Users: Security Across the Infrastructure
Access Control, Packet Inspection Firewall Services Application Intelligence, Content Inspection, Virus Mitigation Intrusion Prevention System (IPS) and Networking Audio and Video Services Identity, Virtualization, QoS Segmentation, Traffic Visibility Network Intelligence Application Inspection, Use Enforcement, Web Control Application Security Malware and Content Defense, Anomaly Detection Anti-X Defenses Traffic and Admission Control, Proactive Response Containment and Control Cisco Catalyst CSA Cisco Router Cisco DDoS This slide shows the technology components of ATD…the building blocks that get “converged” into new services with new applications. Building blocks are: Firewall – provides the bread and butter access control and traffic inspection IPS and Network AV service – provides greater application intelligence, the ability to look at packet payloads for attacks and viruses. Network intelligence: all network services that have applicability in the security world, such as network segmentation through VLANs, identity for user knowledge, QoS for controlling use of bandwidth, routing for topological awareness, switch root and NetFlow for global traffic visibility, etc. Virtualized fabric is virtualization of services so that they can be cost-effectively deployed. Combine the above and you get a new class of services that can be integrated throughout the network fabric. These new services are: Application Security: Granular application inspection in FWs, IPS, etc. The ability enforce appropriate application use policies…i.e. “don’t allow users to use IM”. Control of web traffic, including application that abuse port 80 (IM, peer-to-peer), as well as control of web services, such as XML apps. Anti-X Defenses: Broad attack mitigation capabilities such as malware protection, anti-virus, message security (anti-spam, anti-phishing), anti-DDoS, anti-worm, etc. While these technologies are interesting in and of themselves, Anti-X Defenses is not just about breadth of mitigation, but distributing those mitigation points throughout key security enforcement points in the network to stop attacks as far from their intended destination and the core of the network as possible. Stopping an attack before it reaches the network core or host greatly diminishes the damage it can cause and its chances of spreading further. Network Containment & Control: Network intelligence and the virtualization of security technologies provide the ability to layer sophisticated auditing, control, and correlation capabilities to control and protect any networked element. Enables proactive response to threats by aggregating and correlating security information, as well as protecting network services such as voice over IP (VoIP) and the device infrastructure (such as from installation of rogue devices). All these technology components together serve to deliver the SDN. Customer wins: Interpol, USDA, Volkswagen USA VPN Cisco ® Router CiscoPIX Cisco Catalyst ® Identity-Based Networking VPN Access Quarantine VLAN Cisco IPS CSA NAC CSA

Enterprisewide Mobility: Wireless LAN Security Across HQ
Privacy Protection Control Management Cisco Structured Wireless-Aware Network (SWAN) Cisco Wireless Security Suite Cisco Wireless Security Suite Cisco SWAN Enterprise-Class Encryption WPA—Temporal Key Integrity Protocol WPA2—AES Secure Connectivity for Wireless LANs (WLANs) WLAN Threat Defense for WLANs WLAN Threat Defense Solution Rogue AP Detection and Suppression Protection from Network Attacks Rogue AP Malicious Hacker Trust and Identity Solutions for WLANs Robust Per-User Authentication 802.1X and Extensible Authentication Protocol Types Identity-Based Networking Management for WLANs Centralized Configuration, Monitoring, and Analysis Single Management Console Automation of Repetitive Time-Consuming Tasks The Cisco Self-Defending Network includes protection for WLANs. There are three critical components of any successful security system: Privacy and confidentiality– via secure connectivity. Protection and availability– via threat defense systems. Control and integrity – via trust and identity systems. Cisco is the only vendor that provides all three critical components – and allows for the integration of these technologies deep into the fabric of the network. For Cisco Wireless LANS…. Secure Connectivity is provided via the Cisco Wireless Security Suite — This solution protects data as it is transmitted and received across the network to help insure that the data remains private. It uses strong dynamic encryption keys that automatically change on a configurable basis to protect the privacy of transmitted data. WPA — Temporal Key Integrity Protocol (TKIP) encryption enhancements such as message integrity check (MIC), per-packet keys via initialization vector hashing, and broadcast key rotation WPA2 — Advanced Encryption Standard (AES), the “gold standard” for data encryption Threat Defense is provided via Cisco SWAN — This framework tracks and mitigates unauthorized access and network attacks including rogue access points, unassociated client devices and ad-hoc networks. It includes a WLAN Intrusion Detection System (IDS). With this solution, IT managers continually scan the RF environment, detect rogue access points and shut down the switch ports to which they are connected. Other unauthorized events and attacks are automatically tracked and mitigated. Trust and Identity is provided via the Cisco Wireless Security Suite — Robust WLAN access control that helps to ensure that legitimate clients associate only with trusted access points rather than rogue or unauthorized access points. This is provided via per-user, per-session, mutual authentication using IEEE 802.1X, a variety of extensible authentication protocol (EAP) types and an AAA/RADIUS server. WLAN Management with Cisco SWAN - WLANs can be centrally configured, monitored, and analyzed via Cisco SWAN. Everyday WLAN operations are simplified to ensure smooth deployment, enhance security, and maximize network availability, while reducing deployment and operating expenses. Repetitive time-consuming tasks are easily automated. All from a single management console.

Enterprisewide Mobility: Connecting the Mobile Vehicle and Worker
Mobile vehicles connected to the headquarters via IP to enable applications (e.g., filing, fingerprints, geographic information systems, photos, database queries, video) Street officers connected to the headquarters via wireless with PDAs Headquarters Branch Applications Police Intranet IP Is the Connecting Glue of Wireless and Wire Line Database Police Station Police Station 1. Identify Potential Situation 2. Identify Location and Early Evidence 3. Identify Resources Message: Suspected Card Poster at Dean St. and Soho Sq. Proceed To Area with Caution. Nearest Responding Officer ID: #234 Dept: Street Maintenance Location: Dean St. Distance: 28 yards 4. Deploy Resources 5. Collate Evidence

Mobile Access Router, WLAN, and General Packet Radio Service Fallback
General Packet Radio Service (GPRS) Fallback WLAN Hotspots Internet Cisco Mobile Access Router Local WLAN GPRS Wireless

Source of Relevant Resources
Security Mobility

Phase 3: Integrated Remote Resources
Internet Wireless LAN Solution Engine DMZ VPN Cisco Secure Access Control Server WAN Wireless LAN Services Module Media Encryption Remote Workers WAN Data Center Identity based networking Cisco APs Cisco Compatible Clients Cisco APs Headquarters Cisco APs VPN Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus. Cisco Compatible Clients Cisco Compatible Clients Branch Partners/Suppliers Enables Worker Mobility and Secure, Real-Time Access to All Agency Resources Regardless of Location

Phase 3: Integrated Remote Resources
Remaining Challenge: Lack of Communication Between Agencies Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus.

Enabling Interagency Collaboration
Resilient WAN and Metropolitan-Area Network (MAN) Network Scalability WAN/Metropolitan-Area Network (MAN) WAN and MAN architectures employ a number technologies designed to interoperate together, while suiting a variety of IT budgets and growth expectations. Whether your organization deploys and manages its own WAN, or obtains managed WAN services from a service provider, these resilient network architectures help enterprises protect, optimize, and grow their businesses. Network scalability A network must be able to scale from where it is today to where it might be in the future. The design, IP address management, features, and WAN link speeds must all be able to provide this connectivity and additions without massive redesign of the network.

The Enterprise WAN and MAN: The Glue that Binds
Headquarters 1 Data Center Headquarters 1 Headquarters 2 High Availability Security Scalability QoS Management Enterprise Intranet The WAN is the glue that binds the global enterprise, linking the campus, mobile workforce, data centers, branch offices, teleworkers and remote agents. Today’s wan must be secure, highly available, and scalable with inherent QoS and Manageability Internet Mobile Workers Branch

The Organization’s WAN and MAN: Flexibility and Deployment Choices
Choose from a variety of scalable technologies to connect your whole organization Manage as much or as little of your WAN as you require Migrate to new WAN technologies by using your existing Cisco investment Five architecture alternatives: Encrypted Layer 2 connectivity (frame relay, ATM, etc.) IP VPN (Service Provider [SP]–managed MPLS) IPSec VPN (Internet) Multi-VPN routing and forwarding (VRF) segmentation (per VRF tunneling) Self-deployed MPLS VPN segmentation Cisco Business Ready WAN and MAN architectures allow businesses to connect their global enterprise while reducing operational expenses, becoming more resilient, and enabling today’s and tomorrow’s network services. These architectures offer a number of secure alternatives to traditional private WAN connectivity and help increase network scalability and reduce monthly carrier fees. Cisco Business Ready WAN and MAN architectures employ a number of WAN and MAN technologies designed to interoperate together, while suiting a variety of IT budgets and growth expectations. Whether your company deploys and manages its own WAN, or obtains managed WAN services from a service provider, these resilient network architectures help enterprises protect, optimize, and grow their businesses

Operations Support System
Cisco MPLS VPN Simplifies, Integrates, and Automates VPN and QoS Management Network-Intelligent Element Manager for MPLS and Metro Ethernet Networks Customer Operations Support System Layer 3 VPN Layer 2 VPN Cisco IP Solution Center GUI Planning Provisioning IP Solution Center for MPLS VPN and QoS Northbound Interface Trouble- Shooting MPLS Traffic Engineering QoS Cisco IP Solution Center (ISC) is a family of intelligent element management applications that help reduce overall administration and management costs by providing automated resource management and rapid profile-based provisioning capabilities. ISC enables fast deployment and time to market of Multiprotocol Label Switching (MPLS) and Metro Ethernet technologies. The Cisco ISC MPLS VPN Management (ISC:MPLS) application helps Service Providers offering MPLS VPN Services by providing the provisioning, planning, and troubleshooting features essential to manage the entire-life cycle of MPLS VPN Services. MPLS management features include policy-based VPN, Management VPN, Quality of Service provisioning, and MPLS VPN routing audit. These features help to guarantee accurate service deployment and to reduce the cost of deploying new and revenue-producing MPLS VPN services. In addition, ISC features a Northbound Application Programmatic Interface that allow integration with OSS systems as to achieve flow-though operations. Competitive Differentiation: Tracking of Layer 3 and Layer 2 resources - Automation of resource management reduces cost of previously manual and time-consuming tasks and helps ensure accuracy. Rapid profile-based provisioning - Helps control operational costs by providing rapid deployment of services. Recognize incorrect service configuration -Reduces the time it takes to troubleshoot network outages due to incorrect service configuration Investment protection from Cisco IOS Software and line card changes -Reduces time to market of new services and lowers the cost of upgrading customer OSS systems due to upgrades in platforms, software versions, and line cards Carrier-grade infrastructure for large deployments - Provides a four-tiered system consisting of client, interface, control, and distribution tiers. Reduces Overall Administration and Management Costs by Providing Automated Resource Management, Rapid Profile-Based Provisioning, and Audit and Monitoring Capabilities MPLS Core

Next-Generation WAN and MAN Design Guidelines

Overview of Cisco Connected Government— Interagency Roadmap

Phase 4: Interagency Collaboration
ISP, Broadband, etc. WAN IPSec VPN IP VPN (MPLS, V3PN, etc.) Remove Workers Data Center SP-Managed MPLS VPN Self- Deployed MPLS Headquarters 1 VPN Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus. Encrypted Layer 2 Connectivity Branch Headquarters 2 Implements Agencies’ Access Policies and Enables Interagency Communication and Collaboration

Phase 4: Interagency Collaboration
Remaining Challenge: No Data Center Continuity or Consolidation Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus.

Enabling Interagency Infrastructure Sharing
Data-Center Consolidation Network Automation Data-center consolidation Centralizes and standardizes data-center components to lower costs and improve efficiency and uptime Network automation Provides the capability to move beyond the packet level to read application-to-application messages within the network and make intelligent decisions to support the messages based on business policies

Evolution of the Data Center
Virtualization Storage Network Compute Enterprise Applications Management of Resources Independent of Underlying Physical Infrastructure to Increase Utilization, Efficiency, and Flexibility Data Network Server Fabric Network Centralization and Standardization to Lower Costs, Improve Efficiency, and Uptime Consolidation LAN WAN MAN SAN Storage Network Intelligent Information Network HPC Cluster GRID Automation Storage Network Compute Dynamic Provisioning and Autonomic Information Lifecycle Management to Enable Business Agility Business Policies On Demand Service-Oriented Customers’ data center infrastructures are evolving rapidly in order to meet three main goals: Reduced OpEx; Rapid response to changing business priorities and application requirements; and Business Continuance implementations to meet regulatory requirements and industry best practices. Cisco is uniquely positioned to provide customers with an Intelligent Information Network (IIN) infrastructure that can meet all these requirements. We see the data center evolution taking place in 3 phases. First is a consolidation of the front-end data networking and back-end storage networking infrastructures. Cisco is in a unique position (vis-à-vis our competitors) to be able to provide this end-to-end integrated intelligent information network. On the front end, we have the Catalyst 6500 with its integrated intelligent services modules for security (firewalls and intrusion detection), load balancing, etc., our core routing products and optical line for long distance connectivity and on the back end, we have the MDS intelligent SAN switch family for consolidated SAN networks. The glue that ties this all together is a common set of intelligent services across the front-end data network and the back-end storage network. These services include security, QoS, availability and manageability. By integrating intelligent services across the entire data and storage networking infrastructure, our customers are benefiting from administrative efficiency which is the most important factor in lowering their total cost of ownership. Greater productivity, resulting from an integrated, intelligent information network, results in significant TCO reductions. The next phase is the Virtualization of the data center. The virtualization phase enables enterprises to reduce cost of ownership, improve resilience, and increase the agility of both the network infrastructure and the data center overall. Cisco has begun this process with technologies such as VLAN, VSAN, and MPLS. Cisco is also beginning to virtualize integrated intelligent services. For example, virtualization on the firewall service module for the Catalyst 6500 can support one hundred separate instances of firewalls on a single physical infrastructure. It enables cost-effective firewall services between any two applications or application tiers. This capability leads to better infrastructure utilization while reducing capex. We are also in a unique position to integrate intelligent services that traditionally have been provided on the storage and server systems themselves. These intelligent services include storage virtualization, data replication and application oriented services like application brokers in the future. Cisco supports computing virtualization with support for utility models such as EMC VMware, clustering, and GRID technologies from several computing vendors. With virtualization, the underlying network infrastructure can achieve much better utilization and better/faster/cheaper alignment of network resources with business goals, applications and changing business processes. The final phase is automation. This emphasizes technology to improve operational efficiencies by enabling easier provisioning, faster troubleshooting and recovery and self defense of the network and the resources hosted on the network. By taking a systems approach to the network, the network will be able to achieve higher levels of automation. An example of this is the Network Admission Control initiative, that was recently announced for ensuring that hosts with out-of-date patches and antivirus can be shunted to a separate non-production network. Another very important aspect of automation is the ability to provide a standards-based interface to data center management frameworks and policy tools. This includes capabilities such as SMI-S based on CIM/XML protocols, easing the integration of the network into the complete infrastructure framework. Clearly this requires the network to provide an abstraction layer that simplifies the job of provisioning, monitoring and troubleshooting.

The Cisco Commitment to the Data Center
Applications Riverhead Intelligent Information Application Message Services Message Translation and Transformation, Application Authentication and Authorization, and Business Event Visibility MANAGEMENT Application Integration FineGround Shared Pools of Compute Resources Shared Pools of Storage Resources Service Optimization Management Topspin Storage Fabric Applications Replication Server-less Backup Point in Time Copy Continuous Data Protection Volume Management Adaptive Threat Defense Virtual Firewall Services Virtual Intrusion Prevention Denial-of-Service Guard Network Antivirus Host Protection Application Optimization Virtual Server Balancing Web, Video, and File Caching Wide Area Optimization SSL Offload TCP Offload Services Integration API Policy-based Management Andiamo Intra-data Center Extra-data Center Storage Network Fiber Channel iSCSI FICON Server Farm Gig and 10GB Ethernet Blade Switch Server Fabric Infiniband 10GB Ethernet DC Interconnect DWDM, SONET and SDH WAN, FCIP DC Access Internet MPLS, IPSEC, SSL VPN, DNS Optimization API Network Integration Actona Multi-Device Virtual Context Management

Storage and Data Center Design Guidelines

Phase 5: Interagency Infrastructure Sharing
VPN Server Consolidation Headquarters Remote Worker Web Servers Dense Wavelength-Division Multiplexing (DWDM) Network WAN IP WAN Adaptive Threat Defensive Data Center Web Servers Comprehensive Continuity Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus. Application Optimization Storage Consolidation Branch Data Center Enabling a Virtualized, Consolidated, and Automated Data Center

Phase 5: Interagency Infrastructure Sharing
Remaining Challenge: Sharing Infrastructure and Applications Employees can no longer afford any downtime during the workday. Whether they are at their desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus.

Enabling Information and Services Sharing
Network Virtualization Creates a private, secure, and independent network over a shared physical infrastructure that is transparent to the end user, increasing utilization, efficiency, and flexibility of the network and the applications Network virtualization Creates a private, secure, and independent network over a shared physical infrastructure that is transparent to the end user, increasing utilization, efficiency, and flexibility of the network and of the applications

Network Virtualization Drivers
Closed user groups Private Secure Independent policies (e.g., guests, Network Admission Control [NAC] quarantine) Virtualized services Centralized policies and services Shared infrastructure Internet Employee Servers Remediation Servers Employee Contractor Guest

Network Virtualization Requirements
Create segments for guest access and NAC quarantine IT department as a “Network Service Provider” Provide a private network per group Use a shared infrastructure Scalability and simplicity Minimize operational overhead Centralize network security policies and access to shared services Closed user groups extensible over the WAN IT departments: From cost centers to revenue centers? Potential to enhance enterprise business processes You may want to include: Data Center segmentation Mobility (not wireless roaming) preserving profiles/policies

Current Campus Design Recommendation
Modular, hierarchical, and scalable yet not virtualized Access L2 Distribution Layer 3 Core Internet L2

A Virtual Network per Group
Virtualized devices Virtualized services Virtualized data paths

Virtualized Network Devices
Switch Virtualization—VLANs Router Virtualization—VRFs 802.1q, GRE, line-state packet, physical interface, etc. 802.1q or others VRF VRF Global Logical or physical interface (Layer 3) Logical or physical interface (Layer 3)

…With Centralized Services and Policies
Services not duplicated per group Economical Efficient and manageable Policies centrally deployed Shared for all groups: Internet / Shared Resource 10.2/16 Internet Gateway Campus Core Video Server Partners Policy Node: 6500 loaded with service modules all shared across VPNs, while maintaining independent policies for each VPN. E.g. Virtual Firewall Firewall and NAT Contractors Contractor 10.2/16 Hosted Content Resources DHCP Guests and NAC quarantine IPSec Gateway Partner 10.2/16 Contractor 10.3/16

Phase 6: Interagency Information-Sharing and Shared Services
Objective Final step of the Interagency Roadmap, with network helping connected government agencies extract full value in sharing human resources, information, and services (e.g., payroll, IT, and budgeting)

Phase 6: Interagency Information-Sharing and Shared Services—Cont’d
Justice Constituents Web Servers Police VPN Server Consolidation Police HQ 1 Police Officer IP WAN WAN Data Center DWDM Network Web Servers Employees can no longer afford any downtime during the workday. Whether they are at thezensr desks, in a conference room, or in the company cafeteria, today’s users require ready access to the full range of integrated network services—including IP telephony and videoconferencing, as well as , calendar, and database applications. For this type of mobile access, a WLAN is the answer. A WLAN improves employee access to enterprise network resources, making them more responsive to the needs of the business and their customers. According to a recent NOP World-Technology study, real productivity benefits can be attributed to enterprise campus WLANs. Based on a survey of more than 300 organizations with more than 1000 employees, when the organization used a WLAN: End users stayed connected to their corporate network roughly 3.64 more hours per day. The daily timesavings averaged 80 minutes per employee. Overall productivity improved 27 percent. Cisco WLANs run either on top of the existing wired enterprise network or as freestanding networks, and they offer interbuilding mobility for campus-based computer users. They permit secure, encrypted communications throughout a campus setting, allowing instant access to all data and communication services from any location accessible by wireless (RF) signals within the campus. Police Station Data Center Sharing Applications and Infrastructure Across Agency Boundaries

The Cisco Approach for Connected Government
Connected Government Is Based on Three Key Tenets of an Intelligent Information Network Connected Government Integrating network with applications and network components Adapting to changing needs of government programs Providing resilience to maintain continuity and performance Cisco’s vision for achieving connected government is based on three key tenets of an intelligent information network Integrating the network with applications, middleware, and other network components so that the network works as a seamless element of the systems integrator solutions Providing the critical resilience that integrators require to maintain the continuity and performance of government applications and programs Adapting to the changing needs of government program requirements and mitigating program risks

Applying Cisco Connected Government to Public Safety Agencies

Public Safety Agency Challenges
Improve responsiveness and situational awareness Improve public safety Reduce administrative overhead Improve security of data systems Increase government agility by connecting all agencies Improve ability and capacity to deliver services through increased efficiency and effectiveness Protect investment Future-proof network

Cisco Connected Government Benefits Public Safety Agencies
Cisco helps public safety agencies Expand visibility, reach, and capabilities Cisco Connected Government Enhances operational efficiencies Improves response to emergency situations Provides greater control in safeguarding communities Increases safety and productivity in emergency and non-emergency situations Creates greater agility for information-sharing initiatives within and across organizations Cisco helps public safety agencies Expand visibility, reach, and capabilities The Cisco Connected Government Provides greater control in safeguarding communities Increases safety and productivity in emergency and non-emergency situations All access to communications and information Greater awareness of a situation across the ranks Greater ability to accelerate decisions and automate procedures Creates greater agility for information-sharing initiatives within and across organizations Enhances operational efficiencies Faster and more accurate decision-making More rapid support for organizational changes Single infrastructure to manage Single transport infrastructure for converged voice, video, and data Reduced administrative overhead for police officers Improves response to emergency situations

Putting Cisco Connected Government to Work
Suspect in a stolen vehicle abducts a child Mobile command post established on scene Pictures of the vehicle, suspect, and victim are shared with all local law- enforcement agencies Virtual command post uses videoconferencing and collaboration between emergency call taker, incident commander, and surrounding agencies to rapidly share information Detectives obtain a photograph of the stolen vehicle from the owner; they also are able to identify the suspect and obtain a picture of the victim Community alert system electronically distributes the information throughout the city and county Witnesses notify 999, providing a description of the vehicle Suspect is located and the child is safely returned home

Cisco Connected Government: Public Safety Networking
Mobile operations at crime scene streams video and photo of suspect Suspect and witness interviews received and correlated with crime databases—match with stolen vehicle and suspect Detailed situation video, voice, and data distributed to local and regional responders, and alerts distributed to the public Data Center Mobile Command Center Local/Reg Police Stations To meet Healthcare imperatives, it’s essential to look beyond the individual applications that are emerging and think about the network integration behind them. Only with an intelligent, integrated architecture provides the best foundation for business innovation. No matter what stage you are at in the development of your Healthcare strategy – from adding a mission critical networked application, to implementing systems to deliver real-time patient data to triage – Cisco Systems can work with you to plan and implement a cost-effective integrated, Medical Grade Network to support both your short and long-term business goals. Police Headquarters

Cisco Connected Government: Public Safety Networking
Automatic network configuration that supports new and mobile offices Consistent security and segmentation that secures records, applies access policies, and meets regulatory requirements Collaboration Infrastructure Sharing Information Sharing Data Center Mobile Command Center Local/Reg Police Stations WAN The technologies and capabilities that yield these benefits are: WAN, which optimizes and secures traffic flow of applications The ability to maintain wireless connectivity during roaming, supporting delay-sensitive applications (eg, RMS, CAD) Integrating wireless network into enterprise LAN management and control Preventing intrusion of secure wireless network (eg, rogue APs, war driving, and sniffing) WAN optimizes and secures traffic flow of applications Police Headquarters Maintain wireless connectivity during roaming, supporting delay-sensitive applications (e.g., RMS, CAD) Integrate wireless network into enterprise LAN management and control Prevent intrusion of secure wireless network (eg, rogue APs, war driving, and sniffing)

Mapping Case Studies to the Phases of Cisco Connected Government

Summary of Connected Government Case Studies
Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Kent Police X Humberside Police Polish Border Guard Upper Merion Police Department State of Schleswig-Holstein Dutch Victim Tracking System izn in Lower Saxony, Germany Austrian Federal Data Center

Kent Police—Phase 2 The Challenge The Solution The Benefits
Increase quality and speed of communications with community Modernize archaic, inefficient telephony system Meet pressures to deliver against Best Value performance targets The Solution Cisco IP WAN linking 50 locations around Kent Cisco IP telephony solution across the data network The Benefits Return on investment expected within four years Cost savings increased by more than 30 percent Improved communications with community Easier, efficient telephony use among staff

Cisco Solutions are Priced for Success
“As well as savings of more than 30 percent a year, the Cisco solution also gives us a more cost-effective and simpler way for us to expand our communications infrastructure to additional sites….Before, we would have been looking at an investment of around £30,000 to provide the necessary technology. With the Cisco IPT solution, it now costs us only a few thousand pounds.” Andy Barker Acting Head of Information Services Directorate Kent Police

Humberside Police—Phase 2
The Challenge Deliver live video footage to specialist control center to provide complete picture of incidents Distribute video signal to several geographically-dispersed specialists The Solution Cisco IP/TV 3400 Series broadcast server to multicast live video images over Humberside Police’s intranet The Benefits Cost-effectively raised quality and quantity of information for improved incident evaluation and decision-making Already exceeded number of target users—with users being very satisfied Met scalability and flexibility requirements without bandwidth implications

Polish Border Guard—Phase 2
The Challenge Enable secure database access to Shengen Information System Enable reliable telephone access across the organization Ensure voice and data access on top of telephone-cabling infrastructure The Solution Single, converged network infrastructure run as a managed service by Telekomunikacja Polska S.A. Cisco IP telephony solution across 300 sites with Cisco’s SRST Long-Range Ethernet to create high data rates across old cabling infrastructure The Benefits Significant savings on telephone expenses and administrative costs Reallocation of 800 people in support staff to core competency

Upper Merion Police Department— Phase 3
The Challenge Replace antiquated records-management system with state-of-the-art system Deploy wireless network that enables officers to access new system directly from patrol cars The Solution Cisco Aironet wireless bridges and access points Video surveillance from Coban Technologies, a Cisco partner The Benefits Enabled field access to Internet, new RMS, mobile and field reporting system, and state’s online accident reporting system Streamlined administration Maximized situational awareness, visibility, and officer safety

“With the Cisco IP-based LMR interoperability solution, a dispatcher can patch two different departments together with a couple of keystrokes….It’s an incredible breakthrough.” Another technological advantage the system provided was one that Nolan had anticipated since he began his career in law enforcement. "We've always been frustrated by the lack of interoperability between different police and fire department radio systems," he explains. "We can't talk to our own fire department or neighboring county officers because we're on different radio frequencies. When Montgomery County switched to 800-MHz radio systems to solve that problem, Delaware County and Chester County purchased different brands of equipment, so we still couldn't talk to each other." At a Cisco conference, Nolan and Widenhofer were introduced to the new Cisco land-mobile radio (LMR) interoperability technology. "With the Cisco IP-based LMR interoperability solution, a dispatcher can patch two different departments together with a couple of keystrokes. We can talk directly to Chester County without going through two dispatchers. It's an incredible breakthrough," says Nolan agency base stations. Lieutenant Thomas Nolan of Upper Merion Police Department

State of Schleswig-Holstein—Phase 4
The Challenge Implement seven independent data networks with data ranges of up to 128k Deploy one outsourced (Deutsche Telekom) voice network operated as leased-line interconnection to connect 300 private branch exchanges (PBXs) Create more bandwidth to support Service Advertising Protocol implementation and police-tracing applications The Solution Outsourced voice-over-IP-trunking MPLS network on existing 2-Mbps access-leased lines of PBXs Cisco Core (7500, 7200), each access consisting of three routers, one managed MPLS-CE, one managed voice gateway, and one departmental data gateway with encryption The Benefits 30 times more bandwidth Centralized management of security and all data and voice operations Transfer of operational staff into core business

Dutch Victim Tracking System—Phase 4
The Challenge Reduce unnecessary suffering of relatives Improve process of victim identification Improve reach and productivity of first-responders, city councils, and dispatch centers Improve resource-allocation (e.g., ambulances, hospitals, etc.) based on plans Improve process management based on real-time information available for all relevant organizations The Solution Cisco Intelligent Information Network with intelligent network services, including encryption, availability, and roaming WLAN Cisco 3200 Series mobile access router The Benefits Multiple applications and devices work together to enable greater first-responder productivity Standards-based, future-proof network lowers operational costs and improves administration efficiency Vehicles act as mobile hotspots to facilitate decision-making during emergencies Public and private networks combine to optimize availability and bandwidth

izn in Lower Saxony, Germany—Phase 5
The Challenge Increase data-storage facilities Decrease operating costs and standardize operations by consolidating multiple standalone storage networks with a single vendor Use IP-based technologies within the storage-area network (SAN) environment to offer more cost-effective services to government customers The Solution Cisco Business-Ready Data Center deployed across two separate data centers for resilience; each center has dualled Cisco MDS 9509 Multilayer Director SAN switches using virtual SAN technology for customer data separation Data center is accessible via WAN MPLS backbone known as iznNet, which connects 2200 locations across Lower Saxony The Benefits Reduced overhead costs through virtualization of SAN facilities and single platform management Optimized availability of network, resulting in improved service effectiveness IP-based protocols allow lower-cost service options, enabling introduction of price-differentiated services to match different classes of data

“The Cisco Business-Ready Data Center model provides a high level of robustness which other suppliers still have to achieve.” Herr Erik Krex, Operations and Planning for izn Data Center

Austrian Federal Data Center—Phase 5
The Challenge Implement ELAK, an electronic filing system, to ensure a secure, resilient network for Austrian ministries and federal administration The Solution Cisco Catalyst 6500 Series switches provide resilience and security while supporting network core Cisco Catalyst 3550 Series switch and Cisco 7200 Series core router connected to all ministries Cisco VPN 3000 Series concentrators Cisco PIX 525 security appliances Dualled Cisco 7200 Series routers linked to data center The Benefits Secure, high-performance network expedites access to data and enables cooperative electronic workflows—improving efficiency by 10 to 15 percent 99.7-percent network availability helps move agency toward paperless government system The Challenge Implement ELAK, an electronic filing system, to ensure a secure, resilient network for Austrian ministries and federal administration The Solution In data center Cisco® Catalyst® 6500 Series switches provide resilience and security while supporting network core Cisco Catalyst 3550 Series switch and Cisco 7200 Series core router connected to all ministries Cisco VPN 3000 Series concentrators Cisco PIX® 525 security appliances In each of the 12 ministries Dualled Cisco 7200 Series routers linked to data center by bandwidth circuits between 4 Mbps and 155 Mbps with firewalls The Benefits Secure, high-performance network has expedited access to data and enabled cooperative electronic workflows between separate ministries and administrative organizations—improving efficiency by 10 to 15 percent 99.7 percent network availability helps move agency toward paperless government system ELAK is an electronic filing system pivotal in e-government transformation

Cisco Prowess Means Project Progress
“Cisco has performed very well, particularly in areas of critical importance to the project, such as the design and implementation of the metropolitan-area network, the data center, and redundancy, as well as firewalls and content switching.” Herr Kurt Fleck Project Leader of ELAK Austrian Federal Data Center

Why Cisco?

Setting Cisco Apart from the Rest
Unmatched technical expertise Unrivaled partnerships Industry-leading, interoperable, standards-based solutions Enabler of responsive environment that outpaces changing demands Cisco Capital finance programs There are several factors that differentiate Cisco from other IP communications providers. We offer you: Unmatched technical expertise 20-year track record as networking leader Only provider to deliver comprehensive, integrated, and secure IP networks for public sector World-class technical services and support Extensive experience in network design, planning, deployment, operations, management, and support Unrivaled partnerships Industry collaboration ensures an innovative, adaptable infrastructure that allow agencies to extract the most value from their network investment Industry-leading, standards-based solutions Cisco is recognized for industry-leading, open, standards-based network solutions based on unmatched interoperability that protects and extends customer investments Enabler of responsive environment that can exceed community demands Innovative and scalable solutions create a highly responsive environment that outpaces changing demands Cisco Capital Offers a variety of affordable financing options Additionally, Cisco was recently named the leader in PS networking by Frost and Sullivan

Cisco Connected Government— a Networking Approach Built to Last
Cisco Provides a Highly Adaptable Network Architecture that Allows Public Administrators to Meet Current and Future Needs Highly Customized Design Based on Proven Best Practices Modular Network Deployment Based on Integrated Components Cisco provides a highly adaptable network architecture that allows public administrators to meet current and future needs Highly customized Network is based on proven best practices in network design, operations, and management, which enable administrators to customize the best architecture to leverage their existing infrastructure investment Modular network deployment Cisco provides administrators with the greatest level of flexibility in designing a modular network environment based on the most comprehensive set of tightly integrated hardware, software, and network services that enables them to tailor solutions to meet their unique requirements Highly optimized performance The network is powered by Cisco IOS® Software, which provides unmatched availability, QoS, scalability, and embedded security and manageability Continuously expanding functionality Cisco IOS Software consists of a continuously expanding suite of intelligent, application-enabling network services, including voice and video, security, Web application-optimization, mobility, and other connectivity services that deliver the necessary functionality to support innovative applications Future-proofed roadmap All networking components, including the hardware, software, and services, have feature-rich roadmaps designed to support constantly changing business requirements Optimal Performance Continuously Expanding Functionality Future-proofed Roadmap

How Cisco Helps Your Agency Become a Connected Government
Cisco solutions demonstrate how to apply previous success in a connected government through: Assessment tools to create Connected Government network roadmap Reference architectures that represent Cisco best practices developed from real-world deployments Cisco and partner services that coordinate government processes to coincide with technical capabilities Align incentives, policy, performance management, rewards, and funding to encourage services sharing

First Assess, Then Progress—The Connected Government Network Assessment Tool
Translates into Tells You Possible resiliency issues in the network may be compromising important capabilities: Public notice for emergencies Internal workflow management Budget management Geographic information systems (GIS) Dispatch systems Field worker communication Internal communications To help you get started on the roadmap, Cisco offers the Connected Government Network Assessment tool. This fast, easy, and complimentary evaluation details how network modifications can impact administrative and mission-specific goals, while also providing comparisons against benchmarks and peers. Once you become aware of the tangible business advantages of making a technical investment, the roadmap can help you yield near-term benefits as you advance toward long-term goals.

City of Bremen—How Assessments Help
The Challenge Adopt governance initiatives that help provide service-level agreements across multigovernmental departments Deliver multimedia services to public body’s surrounding communities Reduce IT operating costs The Solution Cisco and Brekom assessment—IPT Readiness Foundation Review Multiservice IP Campus Backbone (WAN and LAN) The Benefits Significant savings on service platforms through standardized LAN and recentralizing of consolidated LAN structure 20-percent savings in network operations 38-percent savings in IT headcount Increased focus on government affairs The Challenge Adopt governance initiatives that help provide service-level agreements across multigovernmental departments Deliver multimedia services to public body’s surrounding communities Reduce IT operating costs The Solution Cisco® and Brekom assessment—IPT Readiness Foundation Review Multiservice IP Campus Backbone (WAN/LAN) The Benefits Significant savings on service platforms through standardized LAN and recentralizing of consolidated LAN structure 20-percent savings in network operations 38-percent savings in IT headcount Increased focus on government affairs

Cisco Provides Clear Path to Goals
“Cisco presented us with a very clear and solid solution….The very strong relationship we had with Cisco was key, in particular with obtaining WAN/LAN. Cisco clearly stood out above the other 10 providers for the new campus solution. We could never have envisaged all these core benefits which have alleviated the strain on IT resources, so we can now become more focused on developing additional services for the City of Bremen.” Dr. Norbert Schulz CEO Brekom If you know you would like your agency to evolve, but are unsure of how to get started, simply contact a Cisco representative or reseller. Dr. Norbert Schulz, CEO of Brekom, commented on Cisco’s foresight and planning, saying, “Cisco presented us with a very clear and solid solution….The very strong relationship we had with Cisco was key, in particular with obtaining WAN/LAN. Cisco clearly stood out above the other 10 providers for the new campus solution. We could never have envisaged all these core benefits which have alleviated the strain on IT resources, so we can now become more focused on developing additional services for the City of Bremen.”

Government Leasing Single monthly payment Single financing contract
Ease of administration Bundled products and services Below commercial-market rates Cost-effective, comprehensive solution Cisco offers leasing programs designed specifically for government agencies. We offer: Single monthly payment Single financing contract Ease of administration Bundled products and services Below commercial-market rates Cost-effective, comprehensive solution

Government Leasing Products
Lease to Ownership Plan Installment purchase plan—uses capital funds Purchase title passes upon final payment Lease With Option to Own Operating lease with option to own—lease payments with fixed purchase option buyout, or fair market value Uses operations and maintenance funds annually End-of-term options—return, renew, buyout, upgrade Technology-refresh upgrade before or at end of term Additionally, Cisco has the following government leasing programs and plans: Lease to Ownership Plan “LTOP” Installment Purchase Plan—uses capital funds Purchase title passes upon final payment Lease With Option to Own “LWOO” Operating lease with option to own—lease payments with fixed purchase option buyout, or fair market value Uses O&M funds annually End-of-term options—return, renew, buyout, upgrade Technology refresh upgrade before or at end of term

The Road Forward Compare department mission and strategy with IT capabilities Baseline current IT capabilities Define IT capabilities and mission objectives gap Develop phased IT roadmap that includes network and application capabilities to close the gap Coordinate process and policy change with IT investment plan to match technical, political, and organizational capability What are the next steps on the road to a connected government? Compare department mission and strategy with IT capabilities Baseline current IT capabilities Define IT capabilities and mission objectives gap Develop phased IT roadmap that includes network and application capabilities to close the gap Coordinate process and policy change with IT investment plan to match technical, political and organizational capability

Discussion

Cisco Connected Government Technical Overview

Similar presentations

Presentation on theme: "Cisco Connected Government Technical Overview"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Cisco Connected Government Technical Overview

Similar presentations

Presentation on theme: "Cisco Connected Government Technical Overview"— Presentation transcript:

Similar presentations

About project

Feedback