Inside Cisco IT - ISE and Device Posture: How we Secure Access at Cisco
Adam Cobbsky, Senior IT Engineer Shyam Chudasama, IT Project Manager
BRKCOC-1145 Cisco Webex Teams
Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda
• Intro: Security, ISE & Posture at Cisco
• End User Device Posture Challenges: • Unique Device Identity • ISE Posture • Appropriate Access & Remediation • Keeping Users Informed
• Change Management
• Monitoring & Scale of Impact
• Summary
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Security & Posture at Cisco Cisco Enterprise at a Glance
Employee Distribution Global Cisco Distribution
Corporate Engineering APJC Functions 16% 26% 34% 3,879 5,946 73,000 Routers LAN Switches 100+ Employees Countries 21% 133,000 57% Connected 480+ Stakeholders 17% Offices
Customer EMEAR Experience 29% Sales & 13,834 Americas Marketing Unified Computing Billion DNS System Servers requests per day
31,144 63,132 ~527k PB 49,500 6.39M TelePresence Virtual Machines Managed End Overall Usable Webex Meetings Internet Threats Units Devices Storage per Day Blocked Per Day
© 2020 Cisco and/or its affiliates. All rights reserved.Data Cisco as of Public January 2020 Cisco IT End User Device Landscape
CISCO SUPPLIED BYOD
73,828 50,022 129,775 60,753 50,729 CISCO MOBILE SUPPLIED DEVICES DEVICES 10,731 5,218
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Cisco IT Network Security Requirements
Visibility & Attribution Integration
Consistency Centralization
Access Control Real-Time Defense
Automation & Simplification
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 The Digital World Zero Trust
• Disruption to Business Models • Castle Analogy: Moat & Drawbridge no longer enough • Mobile Workforces • Allow appropriate access only when • Increasing number of security threats you can verify the who and the what • Limited resource & budgets
• The need for greater control with less effort
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Our Zero Trust Challenges
Unlikely to start with a blank canvas – requires a hybrid model
Complex environment – systems not designed to work together
How do you iterate & mitigate risk?
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 What is Device Posture?
Posture Assessment
Measure and check against Security configuration of the device Company requirements
Option 1 Device Manager Access Policy
Option 2 AnyConnect + ISE Posture
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Posture: What is a Trusted Device?
1. Device Registration
2. Anti-Malware
3. Encryption (Cisco Data)
4. Minimum OS
5. Software Patching
6. Remote Wipe (Cisco Data)
7. Password/Screen-lock Enforcement
8. Hardware/Software Inventory
9. Rooted Device Detection (Mobile Only)
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Posture Guidelines
• Secure Enablement: Don’t stop users working
• Minimise the Impact: Avoid disrupting workflows
• Remediation: Automate and/or simplify
• Expect Complexity: There’s always something hidden!
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 ISE Inside Cisco What is Identity Services Engine (ISE)?
A centralized security solution that enables context-aware access control and shares contextual data
Identity Profiling and Posture Access Policy Network Resources Threat Group Based Traditional Vulnerability Policies NetworkWho Guest Access Door What BYOD Access When Role-Based Where Access How Threat Containment ISE pxGrid Controller Compliant Context
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Cisco IT ISE Production Deployment Metrics ISE 2.4, 8 VMs, 2 DCs CWA ~14K Guest/Day Central Web Auth
Guest Net (Internet)
468 WLC; ~200K EP
ISEISE 2.6/2.1, 2.6, 24 24VMs, VMs, 8 DCs 8 DCs 26K CVO x 2; ~60K EP
70 ASA; ~90K EP
2K SW; ~200K EP 1.79 Million profiled Corporate Access “Endpoints” 75 Sites; ~125K EP WLAN, CVO, VPN, LAN Max ~450K Concurrent “Endpoints”
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Single Global ISE Deployment 24 ISE Nodes 20 PSNs; 8 DC (Node Groups)
AER ALN MTV TYO RTP HKG BGL
SNG
Primary ISE PAN/M&T
Secondary ISE PAN/M&T
ISE PSNs
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 ISE Deployment High Availability Architecture
HA NAD Configuration HA SLB Configuration ISE Product Evolution
Modularity Primary -> Secondary PSN PSN PSN PSN Automatic Failover MTV-WLAN PSN1 MTV-LAN MTV-VIPs RTP-VIPs PPAN SPAN MTV-VPN PSN2 MTV-CVO PSN Load Balancer VIP by Service User-probe Auth ALN-VIPs Is PSN Authenticating? PSN3 PMnT SMnT • Interval = 10 sec MTV ALN • Down Time = 30 sec • Retries = 3 Primary, Secondary RADIUS Servers NADs Proximity
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Minimizing Service Disruptions
AuthC (automate-tester) Service Disruption
NOT Detected Access-Reject X X EEM Synthetic AuthC (test user) Service Disruption Access-Reject Detected Access-Accept X Allow AuthC Access Restore Temp. EEM EEM BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Challenge: Understanding Access Authentication (AuthC) & Authorization (AuthZ)
Authentication - “The Process of Verifying the User” (example: User Authentication dot1x – User Endpoints on Wireless or Wired) Active Directory, SSO, Duo, AnyConnect VPN • Dot1x Globally deployed and enabled Wired & Wireless
• Active Directory Identity Store
• MAB Process for non-suplicant devices
Authorization - “The Process of Verifying what you have access to” (example: Differentiated Network Access based on Device Posture) ACLs, Trustsec, Barcode, Duo Lazy Egg, AnyConnect Posture
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Authentication (AuthC) & Authorization (AuthZ)
Failed AuthC No Internet Access/Remediation/re-direct Failedauth
IoT / MAB Internet Access / Appropriate Access
Quarantine No Internet Access/re-direct ISE Quarantine
Quarantine Remediation/re-direct ISE Quarantine Remediation
Dot1x AuthC Internet/Remediation
Posture AuthZ Corporate Access/Internet/Remediation
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Wired 802.1x Auth
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Challenge: Unique Identity Uncertain Identities • Wired MAC Address • Wireless MAC Address • Docking station MAC Address • Microsoft Workstation • Random MAC Address
X X Windows • Windows VM X • Thunderbolt MAC • Spoofed MAC Address • Apple Device X X MAC X Need to know: • Android Device X • What device? • Which DM?
Mobile • Apple Device • iPhone • iPad
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Issues for Posture – Wired MAC address
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Switch to UDID as key Unique Device Identifier (UDID) What are we solving? UDID MAC Address(s) Compliance Open seating environments with docking stations for PCs and Ethernet dongles for Apple Macs pose 01669b65...05ee93 00:1a:00:1a:11:11 a challenge because the same MAC address is 00:1a:00:1a:22:22 used by various people over the course of a week or a month. In short, the MAC address is not a good identifier. How do we solve it? ISE can now perform authorization for managed end-points regardless to their MAC address, even when MAC address is not persistent. 00:1A:00:1A:11:11 00:1A:00:1A:22:22 Prerequisites ISE 2.6, AnyConnect 4.7
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Why the UDID?
• Doesn’t rely on MAC address
• Readable by ISE
• Unique to the OS on the device
• Covers Windows & Mac UDID is tied to the OS
• Consistent ID across all Network Adapters (Static/Random/Shared)
• UDID is persistent following an application remove/re-install
• UDID is persistent through a Major OS upgrade
• UDID likely to change with Motherboard/HDD swap (Process)
• VMs TBD
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 ISE Posture AnyConnect Posture DM Integration External DataSource Conditions AnyConnect ISE Posture Module
Active/Live/Realtime checks
• File/Registry conditions • Query Service conditions • Application conditions • AV/AM conditions
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Issues for Posture – Desktop Example
Detection of Management Agent after device start-up
PWR Windows Startup
AnyConnect Posture SCCM Service not Check detected. NOT COMPLIANT !
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 ISE & DM Integration
Device Management Platform
IF Windows – SCCM query Mac address > SCCM Device Management
IF Mac – JMF query Mac Address > JAMF SCCM Device Management
IF Mobile Device – query Mac Address > Meraki Mobile Device Management
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 ISE & DM Integration
Device Management Trusted Endpoint Platform Conditions
Screen Saver P/W ? ✓ Device is Compliant Disk Encrypted SCCM ✓ AV/AM ✓ Checked in X days ✓
Screen Saver P/W ✓ JMF Disk Encrypted ✓ AV/AM ✓ Device is Non-Compliant Checked in X days
PIN Lock Not JailBroken/Rooted AV/AM ? Checked in X days ? On Prem Desktop Posture ISE External Datasource Condition
UDID Device Management Trusted Endpoint AnyConnect Platform Conditions
Screen Saver P/W ✓ ? Disk Encrypted Custom Script(s) SCCM ✓ AV/AM ✓ Checked in X days ✓
Active Directory Compliance Database
Screen Saver P/W ✓ UDID JMF Disk Encrypted ✓ Compliance Status = X AV/AM ✓ UDID Checked in X days AnyConnect ?
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Flexibility via Grace Period
What are we solving? Employee goes on 2 week holiday. When the Updates are needed on employee returns, they may not be on-line for your computer before you very long due to things such as customer can join the network appointments. An employee may not have their system updated to the current patch level for much longer than just the time on holiday given cycle times measured in days for systems such as JAMF & SCCM How do we solve it? Increased grace period flexibility provides two customizable end-user warning notification time periods & a customizable message Prerequisites ISE 2.6, AnyConnect 4.7
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 More on Securing Cloud Access Off Prem - Cloud Access with Barcode (O365) • BRKCOC-2384 • Thurs, 30 Jan 11:15am
Device Management Trusted Endpoint Platform Conditions
Screen Saver P/W ✓ Disk Encrypted Custom Script(s) SCCM ✓ AV/AM ✓ Checked in X days ✓
Active Directory Compliance Database
Screen Saver P/W ✓ UDID JMF Disk Encrypted ✓ Compliance Status = X AV/AM ✓ Checked in X days
PIN Lock Not JailBroken/Rooted AV/AM Checked in X days
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Mobile Posture with MDM Integration ISE & MDM Integration
Device Management Trusted Endpoint Platform Conditions ?
IF Custom Attribute Managed By = Meraki PIN Lock ✓ Not JailBroken/Rooted ✓ Check Posture Status AV/AM ✓ Checked in X days ✓ Full Network Access ?
MAC Address ISE Custom Attribute Managed by Meraki Add Custom Attribute – Managed by Meraki eStore ?
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Challenge: Appropriate Access & Remediation Our Biggest Challenge(s)
Access “Access to the internal resources to allow remediation” (Allow Access to SCCM, AD, JAMF) "Deny Access to internal resources Confidential and above" (Deny Access to HR, Finance)
Messaging “Notification to the User that they have limited network access - provide information to allow remediation and elevation of network access”
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Authentication (AuthC) & Authorization (AuthZ)
Failed AuthC No Internet Access/Remediation/re-direct Failedauth
IoT / MAB Internet Access / Appropriate Access
Quarantine No Internet Access/re-direct ISE Quarantine
Quarantine Remediation Remediation
Dot1x AuthC Internet/Remediation
Posture AuthZ Corporate Access/Internet/Remediation
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Internet Plus vs Quarantine
Messaging Access
Internet Plus Internet Remediation + “Access to the internal resources to allow Messaging Remediation Services remediation” (SCCM, AD, JAMF etc)
Quarantine Re-direct to No Access "Quarantine" Notification to User Quarantine URL "How do I Remediate?"
Quarantine Plus Quarantine Remediation Services "Quarantine" Notification to User Messaging Access to Remediation
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 TrustSec & ACLs Today
ACLs have size limitations Max 4000 ASCII characters (Switch) Max 64 lines (WLC) More apparent when we consider remediation
• ACL Lines to allow Access to Remediation (450+ Lines – IP address/Range per port) • Active Directory, SCCM, JAMF, Satelite, Bitlocker
• ACL Lines to allow Shared Windows Hosts to access Active Directory
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 TrustSec & ACLs Next ACL - Simple
• ACL Lines to allow client application background tasks to check in on Port 80 & 443 (e.g. SCCM, JAMF)
• Easer ongoing maintenance and management
TrustSec - Access
• Provides granular level access to Active Directory.
• Provides per port access to all background Remediation Services
• Provides consistent Access across Wired, Wireless, CVO, VPN.
• Provides appropriate access for Quarantine Remediation
• Future Automation & Compatibility with SDA/Cisco DNA-C
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Summary
• Trustsec provides flexibility across today’s Legacy and tomorrow’s SDA/Cisco DNA-C networks
• Trustsec allows ACL complexity to be Our different access levels
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Still Confused?!
• It’s ok, We’re still learning too!
• Meet the Engineer (MTE)
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Challenge: Keeping Users Informed The Importance of User Experience
WHAT’S THE CHALLENGE? WHY DO WE CARE?
• Adds time & complexity to • Lots of grey areas the solution • Open, Campus-like Culture • IT are enablers! • Self-Service IT • No longer just block or allow • User Transparency • Minimise Support & Cases • How do we tell users?
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Compliant User
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Non-Compliant
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Previously Compliant User (Grace Period)
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Other Notifications
• A pop up message is all well and good…but what happens after that?...
• Scenario: User with non-compliant device, forgets about it…
Your device is not authorized for full corporate access.
Please click on the button below to fix this, or use your browser back button to return.ad
Fix Now
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Device Posture: User Experience Principles
• User device needs to be able to get baseline connectivity (internet plus) once user authenticates.
• For baseline connectivity a user device will only be required to have native device software. i.e. no software or agent pre-requisites such as AnyConnect, Flexera etc.
• Access restrictions should be notified to the user at the point where an untrusted device attempts to access protected resources
• Restriction notifications should be visible directly on the device in use through native channels (browsers, on device notifications etc). These should not be reliant on apps or comms channels on other devices.
• Access to remediation should be immediate directly from the device and step by step guided.
• Remediation should be offered on the same connectivity medium. i.e. not connecting to other SSIDs or plugging in to different ports.
• Remediation should be a self service, step by step guided process.
• Once completed, remediation will enable access to protected resources as soon as possible and in any case in no more than 2 minutes
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Mobile What about Mobile?
Mobile Access Policy Mobile Device Management • Internet access by default • Access to additional identities • Apps over browsers • Enforce Trusted Requirements • Per App VPN & VPN Clients • Management as proxy for trust
Identifiers MDM Integration • AnyConnect UDID unavailable • Direct integration with ISE & MDM • Mac address can be randomized • Some scaling issues BUT does work • Other IDs protected • Relies on profiling & additional tagging
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Change Management & Roll out Change Management
• COMMUNICATE EARLY: Not too early to avoid pointless comms
• INVOLVE THE RIGHT TEAMS: Align Security, Network, Devices, Support & Identity
• ESTABLISH SCOPE OF IMPACT: Make as many unknowns known to minimise disruption and ease the transition
• LEADERSHIP BUY-IN: If they don’t believe in it, no one will.
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Monitoring
• ID Issues early • Deploy AnyConnect & Posture Module • DM Scripts to collect & store UDID • Understand who & what WHY? HOW? • XML file: Trigger a posture check • Adjust course • ISE Policy: Full Network Access • Prepare for go live • User Documentation
• Reduce the scale of impact • Correlate Data Sources • Fleet coverage & automate fixes • Define Filters DATA ACTION • Additional Change Campaigns • Confirm affected devices • Exceptions
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Roll Out
Data Analysis More devices = Continue to monitor Increase scale but new problems maintain control
Adjust & Tweak Start As you learn, make changes to Finish improve the solution where Start slow & figure out your phases necessary Global Deployment & Enforcement
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Summary Summary
• Expect complexity unique to your organization
• Requires a cross-functional program, with all groups represented
• Set out with a set of principles that fit both your technical environment and your user culture
• Being able to uniquely identify a device is key
• Understand the different access levels so you know what you need to cover and how
• Build in remediation to minimise user disruption and make sure they know when they need to take action
• Start early & monitor
• Change Management: Culture & User behaviour
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Cisco on Cisco Technical Breakout Sessions Hall 8 Session Code Session Title Speaker Date, Time & Room Adam Cobbsky BRKCOC-1145 Inside Cisco IT: ISE and the Cloud: How we Secure Access at Cisco 28 Jan, 11:00 AM Shyam Chudasama Session Room C129 Inside Cisco IT: Migration of On-prem (CUCM) video endpoints to the cloud Ervin Carrillo BRKCOC-2997 28 Jan, 02:30 PM CC8, (Webex) platform Jeff Barulich Room 8.19/8.20
BRKCOC-2257 Inside Cisco IT: Enterprise Wireless Design and Assurance with Cisco IT Michael Combs 28 Jan, 05:00 PM Session Room A101 Dean Sanders BRKCOC-4263 Inside Cisco IT: Deploying SD-WAN and SDA at Scale 29 Jan, 08:30 AM Jamie McGregor Session Room C128 Bharath Malapaka BRKCOC-2995 Inside Cisco IT: Evolution of Cisco IT infrastructure with Cisco HyperFlex 29 Jan, 11:00 AM Joe DeSanto Session Room A106 Touseef Ahmed Gulgundi 29 Jan, 02:45 PM BRKCOC-2994 Inside Cisco IT: Cisco Multicloud Backbone - securely inter-connecting clouds Roel Bernaerts Session Room D134 Inside Cisco IT: DevOps to NoOps through AIOps - Realize through MindMeld & Rammesh Rajagopal BRKCOC-2101 29 Jan, 04:45 PM Webex Teams Jimil Patel Session Room D133 Colin Choo BRKCOC-2707 Inside Cisco IT: Cisco Contact Center's Channel Transformation Journey 29 Jan, 04:45 PM Mary Mazon Session Room D134 Inside Cisco IT: How to move to the cloud without making the news (for the Dave Jones BRKCOC-2384 30 Jan, 11:15 AM CC8, wrong reasons) Jason Freeth Room 8.21/8.22 Alben Cheung BRKCOC-1476 Inside Cisco IT: Identity-as-a-Service: beyond the hype 30 Jan, 02:45 PM Franky Saxena Session Room D136 Inside Cisco IT: Cognitive Collaboration - How Cisco IT is enabling the future of Mwiza Munyandamutsa BRKCOC-2236 31 Jan, 09:00 AM CC8, meetings today Arti Patel Room 8.21/8.22 Inside Cisco IT: Network Monitoring and Service Assurance in Cisco IT Data Curt Poage BRKCOC-2433 31 Jan, 11:30 AM Centers #CLUS John© 2019 Banner Cisco and/or its affiliates. All rights reserved.Session Cisco Room Public B115 Cisco on Cisco IT Booth Demos - Cisco Showcase @ World of Solutions Demo Name Demo Description SMEs
Come see how at Cisco IT we use our collaboration solutions in everyday workflows which Fernando Quintanilla Cognitive Collaboration allows us to seamlessly engage and add value globally at any given time. Come see and learn Erica Hughes The X-Factor of Cisco IT Workstreams how we manage the environment with Control Hub; Leverage Webex Meetings transcription, Yassin Raman Webex Teams Integrations with O365, Service, Concur and other Bots & Integrations. Vicky Dineshchandra
Learn how we're using the NextGen Firewall platform, Firepower Management Center (FMC), and Elena Bouza Cisco it’s Security Fabric managing our ACLs at our edge, in our core, in our DCs, everywhere. Learn how to protect Santosh Killekar Firepower, NGFW Duo Unified Access access to applications based on user’s Identity and trustworthiness and posture of the devices Tom Fincher with Duo MFA. Andrea Baldan
Cisco IT is embracing the cloud with speedy migration using ACI, a programmable network Nick Janes Embracing Cloud Native infrastructure (network, storage, compute), and focusing on operational excellence and network Brian Hogan Multicloud, ACI, Assurance assurance with CNAE. Learn how Cisco IT is using automation and modern day tools Curt Poage and platforms to deploy and run Data Center Network Fabrics. John Banner
Marianna Pittokopiti Showcase Cisco IT’s next-general full software-driven and controller-based network developed Jason Low Software-Defined Network as part of our acceleration towards intent-driven digital networks. We’ll show how the network Michael Combs DNA, DNAC, SDA, SDWAN, vManage, technology works and walk through high-level how we build and manage these using agile and Dean Sanders ISE, SDx software practices. Jamie Mcgregor
Learn how Cisco IT uses software-based methodologies and automation to digital manage and Balint Szmolka Automating Cisco IT's Network consume our network. We'll share our Secure Cloud Interconnect, allowing for fast and secure Alyssa Sandore DNAC, NSO, Cloud Interconnect & connections to AWS. You'll see how we leverage NSO for compliance checking and automation Touseef Ahmed Gulgundi Peering across our network functions. Tom Fincher
Come learn how Cisco IT is deploying, managing and using our own technologies inside Cisco. IT Corner We will have 30 minute workshops where you can get hands on explanations/lessons from IT Cisco IT SMEs Workshop and 1:1 area subject matter experts. This area can also be used for 1:1 peer to peer interactions with IT experts. #CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Complete your online session • Please complete your session survey survey after each session. Your feedback is very important. • Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt. • All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com.
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Continue your education
Demos in the Walk-In Labs Cisco Showcase
Meet the Engineer Related sessions 1:1 meetings
BRKCOC-1145 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Thank you