Deployment supports borderless experience by enabling employees to use any device Cisco IT Case Study April 2011 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 • Challenge Provide Flexibility to Work with Any Device, Anywhere • Solution Cisco AnyConnect Secure Mobility Client • Results Borderless Experience, Lower Operational Costs • Next Steps Add Devices, Coordinate with Other Cisco IT Programs © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Provide Flexibility to Work with Any Device, Anywhere • Goal: Borderless experience • Previously, Cisco IT created VPN access accounts for all employees • Drawbacks: • Employees had to manually reconnect and reauthenticate when they moved out of coverage area • Helpdesk costs associated with one-time password for VPN client software approached US$500,000 annually • High IT overhead to support multiple VPN clients: Nokia dual-mode phones, Windows Mobile Operating System devices, Apple iPhones, Android phones, Apple iPads, Cisco Cius tablets, and Windows, Mac, and Linux desktops and laptops © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Cisco AnyConnect Secure Mobility Client • Same software works on all devices that Cisco employees use for work • Employees self-provision from web catalogue • Automatically selects optimal VPN headend and tunneling protocol Tunnel terminated by one of six Cisco ASA 5500 Adaptive Security Appliances • First people invited to use AnyConnect are new employees and those who receive new PCs © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 End-to-End Security • Cisco IT currently supports registered devices only • AnyConnect provides authentication and PKI-based device authorization • Solution checks device’s certificate against serial number • Cisco ASA 5500 Adaptive Security Appliance to check devices for compliance with corporate security standards • When employees notify Cisco IT about a lost device, Cisco IT can immediately terminate active VPN sessions © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Borderless Experience, Lower Operational Costs • Supports Cisco’s borderless network strategy by giving users a choice of devices and locations to work • Always-on connection increases productivity Employees enter one-time password only at start of workday • Saves time for Cisco IT throughout client software lifecycle Employees self-provision Headend automatically installs latest software No more troubleshooting: employees simply download software again © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 “ Cisco AnyConnect is not a very complicated implementation, but it has a terrific magnitude of benefits. The borderless experience lets us be productive wherever we are and gives us the freedom to use our choice of device.” Plamen Nedeltchev, Cisco Distinguished Engineer, IT © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Add Devices, Integrate with Other Cisco IT Programs • Use Cisco AnyConnect Secure Mobility Solution to enforce security policies • Integrate with Cisco’s premises-based Cisco IronPort S-Series Web Security Appliance • Integrate with 802.1X to provide network-based identity management • Coordinate with Cisco’s IPv6 adoption strategy. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 To read the entire case study or additional Cisco IT case studies on a variety of business solutions, visit Cisco on Cisco: Inside Cisco IT www.cisco.com/go/ciscoit © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10