VNPT Account Planning Key Projects Review - United Nations ...

greenpepperwhinnySecurity

Nov 3, 2013 (4 years and 6 months ago)

48 views

Technology Horizons

-

Innovation and investment focus for the next 2 years


Lee Kok
Keong


Consulting Systems Architect

Cisco Systems


kklee@cisco.com

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

2


Budget Constraints


Asset Management


Speed of Change in Technology


Qualified Personnel and Management


Aging population of COBOL staff


Conflicting Priorities on Projects


Customer Privacy Issues


Internal Security


Extending
DECNet


Business Line Expansion


Technical
Divide


External
Access to Internal Data


Technology for Labor Substitution Path


Internal Understanding of Technology


Control versus Creativity

Consumer IT driving Business IT

External Intrusion Threats

Speed of technological Transition

Customer Expectations for Access to
Data

Customer Verification/Identification

Customer Knowledge of Technology

Industry Competition

Outsourcing/
Insourcing

Stability of Some Industry Sectors

Internet Viability/Universal Connectivity

Industry
Professionalism/Skill

Market/Economy Concerns

Analysts’ Expectations

Regulation and Legal Challenges

Continuing Improvements in
Technology

Patent Standards/Infringements

Cisco Confidential

3

© 2010 Cisco and/or its affiliates. All rights reserved.


Smart devices outsold PC



Windows 8 adds ARM microprocessor support



3G
/
LTE

finally taking off


no, not video
-
call, but data



Mobile Technology


LTE
, IP
-
RAN,
WiFi

Offload



IPv6



Virtualization


Network, Storage, Compute, Desktop



Commercial Cloud is taking off (finally)



Service Providers transforming their business model



National effort in building high speed broadband







Cisco Confidential

4

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

5

© 2010 Cisco and/or its affiliates. All rights reserved.

Is my end users embracing these changes


How does it change their behavior, interactions with our services


How does it affect security/regulatory policies


How can we capitalize/take control on these changes


How does it help in addressing new requirement/Cost control


How long is the runway to get there


How do we build expertise around these changes


Fundamental Change to Application delivery

Fundamental Change to IT infrastructure


© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

6

People

Process

Quality

Management

Cost

Management

Federated

CMDB

Infrastructure

Management

Service


Delivery

SLA

Management

Tools

Management

Dashboard

Chargeback

Customer

Portal

Cloud Service Orchestration

++

++

++

++

++

++

++

++

++

++

Data Center

IP/
MPLS
/Internet

3G

/
LTE


IPv6

Network

Virtual
Apps

VDI

Virtual
Apps

Thin
Client

Virtual
Apps

Mobile
Client

OS

OS

OS

End Points

Cisco Confidential

7

© 2010 Cisco and/or its affiliates. All rights reserved.

Great Benefits…but also New Challenges

Infrastructure


Per
-
Virtual Machine services required


Network, storage virtualization


New emphasis on Security, Trust,
QoS

Organization


Breaks Current Organizational Model


Reduces Visibility into ‘Hidden’ Resources


Requires Continuous Availability/Provisioning

New Paradigm


Virtual Machine is the New “Atomic Unit”


Dynamic Movement of
VMs

/ Applications


New Options:
Clouds
, Workload Portability

Cisco Confidential

8

© 2010 Cisco and/or its affiliates. All rights reserved.

Virtualization


it’s not new


VM
/CMS


VM

stands for Virtual Machine


Used in IBM mainframe System/370, System/390


First release 1972


Control program is called a Hypervisor


provides full virtualization of
system I/O


Each mainframe runs hundreds of thousands of
VMs


1972

Cisco Confidential

9

© 2010 Cisco and/or its affiliates. All rights reserved.

Modern Day Virtualization

-

Reduces
CapEx
/
OpEx

through Consolidation

Typical
Consolidation: 10:1

Typical Cost Savings:



Reduce H/W and
OpEx

costs


Reduce energy costs


Reduce provisioning time up



Save

$
/ yr per server workload



Aggregates Servers, Storage
and Network

Foundation for
Internal and External Cloud
Infrastructure

Virtualization


Decouples software from
hardware


Encapsulates Operating
Systems and applications into
“Virtual Machines”

Cisco Confidential

10

© 2010 Cisco and/or its affiliates. All rights reserved.

Scaling DC Bandwidth with
FabricPath

Example: 2,048 X
10GE

Non
-
blocking Server Design


16X

improvement in bandwidth performance


From 74 managed devices to 12 devices


2X
+ increase in network availability


Simplified IT operations

Traditional Spanning Tree Based Network

FabricPath

Based Network

2, 048 Servers

8 Access Switches

64 Access Switches

2, 048 Servers

Blocked Links

4
Pods

Network Fabric

Cisco Confidential

11

© 2010 Cisco and/or its affiliates. All rights reserved.

1.
vMotion

moves
VMs

across
physical ports

the network
policy must follow
vMotion

2. Must view or apply
network/security policy to
locally switched traffic

3. Need to maintain segregation
of duties while ensuring non
-
disruptive operations

Port

Group

Server Admin

Network
Admin

Security

Admin

Server
Admin

Cisco Confidential

12

© 2010 Cisco and/or its affiliates. All rights reserved.

Virtual
Network

Management
Center

(VNMC)

Virtual Security Gateway

-
Compare this to traditional 3
-
Tier enterprise design


VM

context aware rules


Context aware


Security


Establish zones of trust


Zone based


Controls


Policies follow
vMotion


Dynamic, Agile


Efficient, Fast, Scale
-
out SW


Best
-
in
-
class


Architecture


Security

team manages security


Non
-
Disruptive


Operations


Central

mgmt, scalable deployment,


multi
-
tenancy


Policy Based


Administration

Virtual
Security

Gateway

(
VSG
)


XML API, security profiles


Designed for


Automation

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

IP/
MPLS
/Internet

3G

/
LTE


IPv6

Virtual
Apps

VDI

Virtual
Apps

Thin
Client

Virtual
Apps

Mobile
Client

OS

OS

OS

People

Process

Quality

Management

Cost

Management

Federated

CMDB

Infrastructure

Management

Service


Delivery

SLA

Management

Tools

Management

Dashboard

Chargeback

Customer

Portal

Cloud Service Orchestration

++

++

++

++

++

++

++

++

++

++

Data Center

Network

End Points

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

O

V


Overlay

-

A solution that is
independent of the infrastructure
technology

and services, flexible over various inter
-
connect
facilities



Transport

-

Transporting services

for
layer 2 and layer 3

Ethernet and IP traffic



Virtualization

-

Provides
virtual stateless multi
-
access
connections
,
which can be further partitioned
into VPNs, VRFs,
VLANs


T

OTV delivers a virtual L2 transport over any L3 Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

Data Center
A

Data Center
B


OTV

Ethernet Extension

Any Transport

LD
VMotion


A significant advancement for virtualized environments by simplifying and
accelerating long
-
distance workload migrations

Cisco Confidential

16

© 2010 Cisco and/or its affiliates. All rights reserved.


Today: IP Address = Identity + Location bundled together


LISP decouples Identity (Host IP) from Location (Gateway IP)


ID to Location mappings are kept in an ‘out
-
of
-
band’ Directory


Traffic is routed in the core based solely on location

Traffic is IP in IP encapsulated



LISP Benefits

I
nternet & Intranet Scalability

Reduction of Routing Table IP state

Flexible Routing Policy

Prefix Portability

Seamless Mobility

VPN

semantics (multi
-
tenancy)

IPv4
/
IPv6

co
-
existence


Directory

Resolution & Registration

Data Path

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

Asia Pacific area has run out of
IPv4

address

-

New connections have to be put on
IPv6


It’s not about the technology

-

it’s about Business Continuity

-

it’s about compliance


What is your
IPv6

transition plan ?

How does it affect your IT infrastructure ?

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

IPv4

Addresses

Population

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19


Government agencies should expect their users, partners, and remote
employees to have a
mix of connectivity

Public IPv4
-
only

Public IPv4 and IPv6

Shared IPv4
-
only

Shared IPv4 and IPv6

IPv6 only

Every agencies must be ready for this mix

(it cannot select the Service Providers of its end users)


The days of one public IPv4 for each Internet user are over
.





© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

20


IPv6

Internet

IPv4

Internet

Subscriber

Network

IPv6 Access
Network

ISP

dual stackCore

IPv4 over IPv6

Automatic Tunnel:

DS
-
Lite

PE

PE

CPE

NAT44 or PRR

NAT44

IPv4 Access

Network

IPv4 core

Subscriber
Network

PE

CPE

Translator: NAT444

P

NAT44

NAT44

IPv6 Access
Network

ISP

dual stack Core

Subscriber
Network

PE

CPE

Translator: AFT

PE

NAT64

ISP

Dual stack Core

IPv4 Access

Network

Subscriber
Network

PE

CPE

Automatic Tunnel:

6RD or L2TP

6rd RG

6rd BR

P

6RD or L2TP

Dual stack
Access/Core

Subscriber
Network

PE

CPE

Dual Stack: IPv6 Native


(Dual Stack)

The idea of crossing a bridge is


to get to the other end


© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

Ref : http://sixy.ch/

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

IP/
MPLS
/Internet

3G

/
LTE


IPv6

Virtual
Apps

VDI

Virtual
Apps

Thin
Client

Virtual
Apps

Mobile
Client

OS

OS

OS

People

Process

Quality

Management

Cost

Management

Federated

CMDB

Infrastructure

Management

Service


Delivery

SLA

Management

Tools

Management

Dashboard

Chargeback

Customer

Portal

Cloud Service Orchestration

++

++

++

++

++

++

++

++

++

++

Data Center

Network

End Points

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Network
Eng
:


How do I troubleshoot
Access problem?


How do I separate

device issues from network
and policy issues?


How do I ensure user
experience?

Applications Team:


How do I ensure consistent App experience on

all
devices?


How do we troubleshoot App vs. Network vs. Device
problems?


How do we ensure Application interoperability?


Security Ops
:


How do I protect my network
and data assets from
unauthorized access, malware,
attacks, DLP, device
loss/theft, etc.?


Which users are using what
devices? How
do I implement
multiple security policies

per user, device, etc.?

Compliance Ops:


How do I ensure
corp

compliance (SOX, HIPAA,
etc.)?

Network
Ops
:


What devices are on my
networks?


Which users are using
what devices?

What apps are being
accessed?


What are the real
-
time app
perf

metrics?


Endpoint Team:

How and what do I support?

How do I handle asset
management
?



© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

Smartphones and Tablets

at Cisco, July 2011

40%

32%

Platform

July

2010

July 2011

iPhone

5,895

17,337

22%

40%

iPad

677

5,933

2%

14%

BlackBerry

14,910

13,917

55%

32%

Android

209

3,822

1%

9%

Others

5,433

2,049

20%

5%

Total

27,124

43,058

Cisco’s total mobile device count
grew 59% in 12 months
.

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

25

25







Tablet based devices

8,017 iPads

10.9% Growth

27.9%

of users today have > 1
device

(24.2% in Aug)

85,460

Windows
PC’s

16,000

Apple Mac’s

7,175

Linux Desktops

2000 (Pilot)

Desktop Virtualization

Desktop Landscape




12,617

BlackBerry Devices

-
3.2% Growth


6,534

Android Devices

22% Growth


20,078

iPhones

5.3% Growth


2,632

Other Devices

4.7% Growth


Mobile Smartphone Devices


© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26

Taking
BYOD

heads on

Broad Mobile Support


Fixed and semi
-
fixed platforms


Mobile platforms

Persistent Connectivity


Always
-
on connectivity


Optimal gateway selection


Automatic hotspot negotiation


Seamless connection hand
-
offs

Next
-
Gen Unified Security


User/device identity


Posture validation


Integrated web security for

always
-
on security (hybrid)


Clientless and desktop virtualization

Corporate
Office

Mobile
User

Home
Office

Secure,
Consistent
Access

Voice, Video, Apps, Data

Wired

Cellular/

Wi
-
Fi

Wi
-
Fi

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

27

Connect to

Connection

Broker

1

Thin
Client

Zero Client

Smartdevices

Identify
target
VM

2

Start
target
VM

4

Query for
user policy

3

Display Protocol

Authentication

Connection Broker

Active Directory

Virtual
Infrastructure

Management

5

Return

VM

to
endpoint

Virtual Infrastructure

Connect
VM

to
endpoint

6

7

Successful
connection

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28

Consolidation, Virtualization, Automation

1960

1980

2000

2010

Business Agility

Mainframes

SNA
/
DecNet
/
IPX

Client/

Server

COMPUTE

EVOLUTION

NETWORK

EVOLUTION

Storage
Consolidation

WEB 2.0

IPv6

BYOD

Data Center
Consolidation

Data Center
Virtualization

TCP/IP

Internet

1. Consolidation

2. Integration

3. Virtualization

4. Automation

Data Center

Networking

Thank you.