Deployment supports borderless experience by enabling
employees to use any device
Cisco IT Case Study
April 2011
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
•  Challenge
Provide Flexibility to Work with Any Device, Anywhere
•  Solution
Cisco AnyConnect Secure Mobility Client
•  Results
Borderless Experience, Lower Operational Costs
•  Next Steps
Add Devices, Coordinate with Other Cisco IT Programs
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
Provide Flexibility to Work with Any Device, Anywhere
•  Goal: Borderless experience
•  Previously, Cisco IT created VPN access accounts for all
employees
•  Drawbacks:
• Employees had to manually reconnect and reauthenticate when
they moved out of coverage area
• Helpdesk costs associated with one-time password for VPN client
software approached US$500,000 annually
• High IT overhead to support multiple VPN clients: Nokia dual-mode
phones, Windows Mobile Operating System devices, Apple iPhones,
Android phones, Apple iPads, Cisco Cius tablets, and Windows,
Mac, and Linux desktops and laptops
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
Cisco AnyConnect Secure Mobility Client
•  Same software works on all devices that Cisco employees use for
work
•  Employees self-provision from web catalogue
•  Automatically selects optimal VPN headend and tunneling protocol
Tunnel terminated by one of six Cisco ASA 5500 Adaptive Security Appliances
•  First people invited to use AnyConnect are new employees and those
who receive new PCs
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
End-to-End Security
•  Cisco IT currently supports registered
devices only
•  AnyConnect provides authentication and
PKI-based device authorization
•  Solution checks device’s certificate
against serial number
•  Cisco ASA 5500 Adaptive Security
Appliance to check devices for
compliance with corporate security
standards
•  When employees notify Cisco IT about a
lost device, Cisco IT can immediately
terminate active VPN sessions
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Borderless Experience, Lower Operational Costs
•  Supports Cisco’s borderless network strategy by giving users a
choice of devices and locations to work
•  Always-on connection increases productivity
Employees enter one-time password only at start of workday
•  Saves time for Cisco IT throughout client software lifecycle
Employees self-provision
Headend automatically installs latest software
No more troubleshooting: employees simply download software again
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
“ Cisco AnyConnect is not a very
complicated implementation, but it has a
terrific magnitude of benefits. The
borderless experience lets us be
productive wherever we are and gives us
the freedom to use our choice of device.”
Plamen Nedeltchev, Cisco Distinguished Engineer, IT
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Add Devices, Integrate with Other Cisco IT Programs
•  Use Cisco AnyConnect Secure Mobility Solution to enforce security
policies
•  Integrate with Cisco’s premises-based Cisco IronPort S-Series
Web Security Appliance
•  Integrate with 802.1X to provide network-based identity
management
•  Coordinate with Cisco’s IPv6 adoption strategy.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
To read the entire case study or
additional Cisco IT case studies on a
variety of business solutions, visit
Cisco on Cisco: Inside Cisco IT
www.cisco.com/go/ciscoit
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10