Jerry Bass
Customer Solutions Architect, CISSP
Air Force / Navy Operation
gbass@cisco.com – 978.936.4012
© 2011
2013 Cisco and/or its affiliates. All rights reserved.
1
© 2013 Cisco and/or its affiliates. All rights reserved.
2
© 2013 Cisco and/or its affiliates. All rights reserved.
3
Share IT infrastructure
• High Bandwidth, flexible
optical core
• IP overlay for application
delivery
To SWA
Single security architecture
To NW Asia
• Secured gateways to external
entities
• Common TLA services
To CONUS
Platform for Enterprise Services
• Data Center Interconnect
• Federated private / public
cloud
© 2013 Cisco and/or its affiliates. All rights reserved.
To NW Asia
To CONUS
4
Campus Network
“Enterprise Information
Environment”
Access
© 2013 Cisco and/or its affiliates. All rights reserved.
Aggregation
Distribution
Core
Boundary
Services
Edge
IP-NGN
Backbone
Virtual Device
Contexts
T-CE Router
(T-CE)
T Aggregation Router
(T-AR)
T Provider Edge
Router (T-PE)
JIE-PE
S-CE Router
(S-CE)
S Aggregation Router
(S-AR)
S Provider Edge
Router (S-PE)
JIE-CE Router
(JIE-CE)
DCA MSAE
DCA MSAA
Firewall Services
Customer Edge Router
Intrusion Detection
Session Border
Controller
Provider Core
Router
CDC
Tactical
Reputation Based
Filtering
U-CE Router
(U-CE)
SONET / SDH
MSPP
U Aggregation Router
(AR)
Internet
Threat Intelligence
Service
Anomaly Detection
Line Rate NetFlow
802.1AE MACsec
ROADM
Application Visibility
& Control (AVC)
802.1X Access
Security Group Tags
Wavelength Services
URL Filtering /
Web Security
Carrier Packet
Transport
Identity Based
Access Control
5
Feature
Operational Benefit
• Secure IP & Optical Core
• Reduce OPEX, standard interconnect efficiency and scale
• DWDM / ROADM
• Dynamic provisioning of massive bandwidth; surge to mission
• 40G / 100G infrastructure
• Scalable bandwidth for present and future applications
• MPLS
• Traffic engineering, QoS and scalability for mission assurance
• COIs / Network Virtualization
• Dynamically segregate traffic; single network, multiple branch, mission,
organization
© 2013 Cisco and/or its affiliates. All rights reserved.
6
Feature
Operational Benefit
• 10G / 40G Infrastructure
• Scalable bandwidth for present and future applications
• COIs / Network Virtualization
• Dynamically segregate traffic based on mission needs
• 802.1AE / MACsec
• Line-rate Layer 2 encryption up to 100Gbps
• 802.1X
• Authentication & access tied to identity, device, posture, location
• Pervasive Cybersecurity
• Traffic inspection throughout the network. Detect, identify, respond,
recover
• Line-rate NetFlow
• Anomaly detection & SA for cyber threat defense & response
© 2013 Cisco and/or its affiliates. All rights reserved.
7
Feature
Operational Benefit
• 10G / 40G / 100G Infrastructure
• Scalable bandwidth for present and future applications
• Unified Fabric
• Single data and storage infrastructure reduces OPEX & complexity
• Unified Compute
• Stateless processing provides powerful, flexible, scalable DC
• Unified Management
• Rapid service provisioning thru comprehensive system orchestration
• Secure, Multi-tenant Data Center
• Single infrastructure for many segregated customers or missions
• Data Center Interconnect
• Extend networks between data centers for COOP / DR
• Pervasive Cybersecurity
• Traffic inspection throughout the network
© 2013 Cisco and/or its affiliates. All rights reserved.
8
AFGW n
AFGW 3
AFGW 1
AFGW 2
EXT
EXT
EXT
EXT
FW
FW
FW
FW
INT
INT
INT
INT
• Initially 3 VRFs – Base, AFGW, MGT
• Routes are shared between Base and
AFGW
• Traffic in MGT can’t be reached from
AFGW or Base
Management
Site
extranets can be set up to connect a
subset of bases, with or without external
access
Shared Routes
BASE
VRF
MGT
VRF
AFGW
VRF
COI 2
VRF
COI 1
VRF
• Similar model for JIE
COI 3
VRF
SDP A
SDP B
Base 1
SDP A
SDP B
Base 2
© 2013 Cisco and/or its affiliates. All rights reserved.
• Additional VRFs for missions or
SDP A
SDP B
Base 3
SDP A
SDP B
Add new customers at the MILDEP
level
Within MILDEP, add COI networks for
short or long term missions
Base n
9
• Provide full visibility at all levels; intra-
base and intra-agency
• Full and consistent suite at every Camp
/ Base / Post / Station
• Multi-tiered design; C/B/P/S tier and
Agency tier
• System can be centrally managed but
policy control can be distributed to each
agency
• Reduced hardware and reduce O&M
costs; increase scalability
• Survivable; both local and regional
redundancy
© 2013 Cisco and/or its affiliates. All rights reserved.
10
Computing
• Defensibility/Redundancy/Resiliency
• Federation/Shared Infrastructure
• Enterprise Services
• Identity Access Management
• IC/Mission Partners
Mission Applications
Data
Deployed Environment
Coalition Forces
APEX
Close
Combat TM
Navy ERP
Defense
Travel
Computing
AT21
Enterprise
Mail
DCO
iEHR
AFATDS
“Enterprise Information
Environment”
Airmen
Fundamentals
Applications
Data
“Enterprise Information Environment”
Home
Work
Mobil (TDY/Deploy)
Future Devices
Access at the Point of Need
© 2013 Cisco and/or its affiliates. All rights reserved.
11
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved.
12
Campus Network
“Enterprise Information
Environment”
Access
© 2013 Cisco and/or its affiliates. All rights reserved.
Aggregation
Distribution
Core
Boundary
Services
Edge
IP-NGN
Backbone
Virtual Device
Contexts
T-CE Router
(T-CE)
T Aggregation Router
(T-AR)
T Provider Edge
Router (T-PE)
JIE-PE
S-CE Router
(S-CE)
S Aggregation Router
(S-AR)
S Provider Edge
Router (S-PE)
JIE-CE Router
(JIE-CE)
DCA MSAE
DCA MSAA
Firewall Services
Customer Edge Router
Intrusion Detection
Session Border
Controller
Provider Core
Router
CDC
Tactical
Reputation Based
Filtering
U-CE Router
(U-CE)
SONET / SDH
MSPP
U Aggregation Router
(AR)
Internet
Threat Intelligence
Service
Anomaly Detection
Line Rate NetFlow
802.1AE MACsec
ROADM
Application Visibility
& Control (AVC)
802.1X Access
Security Group Tags
Wavelength Services
URL Filtering /
Web Security
Carrier Packet
Transport
Identity Based
Access Control
13
Application
Software
Virtual
Machines
Compute
Storage / SAN
Endpoints
Unified
Access
Distribution
Core
LSC Call Control
Publisher / Subscribers
Unity Connection
Voicemail
Boundary
Services
Edge
Virtual Device
Contexts
Site-to-Site Dynamic
VPN
Firewall Services
Survivable Remote
Site Telephony
Intrusion Detection
Customer Edge Router
IP-NGN
Backbone
Internet
Session Border
Controller
Emergency Responder
E911 Services
Installation Processing
Node (IPN)
CDC
Unified Presence
Services
Tactical
Virtual Firewall
Edge and VM
© 2013 Cisco and/or its affiliates. All rights reserved.
Personal / Immersive
Telepresence
Unified Access
Wired / Wireless
Virtual Switching
System
Virtual Device
Contexts
Application Visibility
& Control (AVC)
IP Phones /
Soft Clients
Identity Based
Access Control
Backplane Stacking
(StackWise)
Community of Interest
Networks
URL Filtering /
Web Security
Mobility Endpoints
802.1X Access
Security Group Tags
Line-Rate NetFlow
Identity Based
Access Control
Universal
Power over Ethernet
802.1AE MACsec
Threat Intelligence
Service
14
Application
Software
Virtual
Machines
VSwitch
Storage
and SAN
Compute
Access
Fabric-Hosted Storage
Virtualization
Aggregation
and Services
Core
Edge
Virtual Device Contexts
Virtual Device Contexts
Secure Domain
Routing
Firewall Services
Customer Edge Router
Intrusion Detection
Session Border
Controller
IP-NGN
Backbone
Internet
Storage Media
Encryption
CDC
Service Profiles
Virtual Machine
Optimization
Port Profiles & VN-Link
Virtual Firewall
Edge and VM
© 2013 Cisco and/or its affiliates. All rights reserved.
Port Profiles & VN-Link
Tactical
Fiber Channel
Forwarding
Line-Rate NetFlow
Threat Intelligence
Service
Fabric Extension
Application Control
(SLB+)
Web Reputation
Service Control
URL Filtering
Virtual Contexts for FW
& SLB
Cyber Threat Defense
Identity / Access
Management
Email Security
15