The branch office of a large enterprise is a critical extension of the headquarters. The Cisco Enterprise Branch Architecture solution enables enterprises to offer high value network services, such as security, new communication services, and improved application performance to every office regardless of its size or proximity to headquarters. To facilitate the successful rollout and efficient ongoing operation of the Enterprise Branch Architecture, Cisco provides a comprehensive set of management solutions. These network management solutions enable the rapid deployment of network infrastructure and services, increase IT productivity, and reduce total cost of ownership. The four components used in the management of the Enterprise Branch Architecture include:
Branch Security
With the introduction of new services and the extension of the corporate network into the branch, new risks and security concerns need to be addressed. The Cisco security management strategy leverages integrated Cisco security infrastructure components to extend the management control from the Campus to the Enterprise Branch Architecture. By using a centralized management system, customers are able to defend their branch networks against external security threats, protect systems and information through internal trust and identity policies, and provide secure business communications. The result is security assurance and protection of company profits and assets.
- The CiscoWorks VPN/Security Management Solution provides an integrated means to manage security operations within the Enterprise Branch Architecture. The solution combines the ability to manage firewalls, VPNs, network IDS and host IDS, as well as continuously monitor security and performance information. Key highlights of this solution include:
- The ability to control security configuration from a centralized management console. Security policies can be defined and then automatically deployed to a large number of Cisco security products, including firewalls, VPN routers, and IDS sensors and agents. The result is significant timesavings and increased productivity, and greater consistency in your Enterprise Branch Architecture security policies.
- Intrusion detection and protection capabilities are enhanced with flexible management functionality. Security operations staff has the ability to monitor critical security information from a variety of sources, including IDS appliances, network modules, desktop systems and servers. The management system provides intelligent correlation and mitigation strategies, thus enabling them to create or modify IDS profiles to protect against these security threats.
- Keeping security devices at the branch offices consistent with corporate policies can be a challenge. Multiple network administrators make it difficult to keep track of periodic configuration changes, software updates, and patches. This problem is simplified by using intelligent agents in the remote security devices in conjunction with Cisco security management features. This auto-update technology provides an easy way to push initial configuration information, configuration updates, operating system updates, and periodic configuration verification to any remote Cisco security elements. This ensures that the end-to-end infrastructure maintains a consistent security profile.
- Network management operations functions can be easily extended to the security network infrastructure by leveraging this management solution. From a central point of administration, customers are able to manage their security inventory, configuration and software version, and change audit control and tracking. This provides easy access to information that is critical to network resiliency and security compliance.
Branch IP Communications
Convergence of a company’s voice and video traffic over its existing data network is a key component of the Enterprise Branch Architecture. Cisco provides an IP communications management suite to effectively manage the converged branch network to it’s headquarters, thereby increasing productivity and lowering the total cost of ownership of the entire communications network.
CiscoWorks IP Telephony Environment Monitor (ITEM) is a suite of applications that proactively evaluates and reports on the operational health of your converged IP network and Cisco IP Telephony environment. CiscoWorks ITEM provides functionality throughout the full lifecycle of management activities from planning through operations. Key features include:
- Planning tools that automatically send data packets through the network, simulating voice calls. This important functionality is used to measure latency and delay values for voice calls on the data network, a key component of planning the migration to a converged network.
- Distributed intelligence within the network and the ITEM management suite, which allows IT administrators to proactively monitor quality of voice by simulating voice calls across the entire business. These simulated calls are used to determine proper telephony voice quality and can alert the IT staff to potential problems often before users experience them through the use of the actual phones.
- Data collection and comprehensive report generation that range from showing where phones have physically moved to performance reports useful for capacity planning. Data is stored in a published format and available to use with 3rd-party reporting tools, allowing customers that use powerful reporting applications to consolidate their voice reports together with the other reports they already use today.
- Protection of important information. Cisco realizes that many different teams are involved in providing a service as critical to the business such as "voice." Not all these teams should have the same privileges through the tools. A Microsoft Windows application is available to provide help-desk personnel with operational status and implementation details about individual IP telephones without having to go to the CallManager or other CiscoWorks tools.
- Increased productivity by providing your IT staff with the tools they need to manage a converged network. Everyone in the business experiences better productivity, from the IT staff and the employees they support to the vendors and customers that are spoken to daily.
Branch LAN
Cisco Enterprise Branch Architecture LAN services are responsible for local connectivity within the Enterprise Branch Architecture. They connect branch users to one another while linking with the branch connectivity layer, providing remote connectivity back to the central or corporate office using broadband DSL and cable technologies or traditional WAN connections. Powered by Cisco IOS technology and a Cisco branch office router, these services provide powerful features to enable secure communications between locations.
CiscoWorks LAN Management Solution (LMS) provides a proven suite of management tools needed to simplify the deployment, administration, monitoring and troubleshooting of a diverse Cisco campus and branch infrastructure. By leveraging common centralized systems and network inventory knowledge, CiscoWorks LMS delivers a unique set of capabilities that reduce network deployment times and administration overhead. Key features include:
- A robust set of Layer 2 tools for device and connectivity discovery, detailed topology visualization, Layer-2 service configuration, and end-station tracking that facilitate the configuration, management and understanding of the physical and logical network infrastructures. Learn More
- A GUI-based view of the network devices with displays for dynamic, real-time status, monitoring, and configuration information, simplifying device diagnostics and troubleshooting. Learn More
- Real-time fault detection, analysis and reporting using detailed device knowledge and fault rules based on Cisco "Best Practices". Learn More
- Simplified time-consuming administrative tasks, and seamless, centralized network administration through device change management, network configuration and software image management, and network availability and trouble analysis. Learn More
Branch Wireless LAN
Expanding the productivity zone of corporate workers with wireless LAN technology is fast becoming a competitive corporate strategy for companies with large campuses and diverse branch locations. The Cisco Structured Wireless-Aware Network (SWAN) framework enables the Enterprise Branch Architecture to optimize network accessibility and workforce productivity. A SWAN-designed network achieves this while delivering the same level of network security, scalability, reliability, ease-of-deployment, and manageability that organizations have come to expect from wired LANs.
CiscoWorks Wireless LAN Solution Engine (WLSE) provides advanced wireless management capabilities to facilitate wireless LAN roll-out, tighten network security, and maximize radio performance resulting in improved IT operational productivity. WLSE manages the entire Cisco Aironet® WLAN infrastructure, including configuration, fault monitoring, performance analysis, and security configuration. Key features include:
- Automated access point provisioning and configuration management, reducing the costs and time needed for WLAN deployment and maintenance. Newly deployed access points can be automatically discovered and flexibly configured depending on its location/subnet, device type, or software version.
- An integrated wireless LAN Intrusion Detection System (IDS) with rogue AP detection, automatic switch port shutdown, WLAN intrusion monitoring, and security configuration policy monitoring to secure the wireless airspace.
- Enhanced radio management capabilities for optimized radio performance and high availability. Includes radio frequency (RF) scanning, monitoring and alerting, interference detection, WLAN self-healing, and automated site surveys.
Branch Connectivity
Cisco Enterprise Branch Architecture connectivity services provide secure connectivity to branch locations over an always-on VPN connection or traditional private WANs such as Frame Relay and ATM. Network managers require tools to monitor and control networks-tools to isolate performance problems, locate bottlenecks, diagnose latency and jitter, and perform trend analysis of network response time. Even better are tools that remove the guesswork from response time problem diagnosis, thereby helping network managers to be proactive in providing the appropriate level of network availability to their users. With the information gained from these tools, network mangers create policies and apply them to the network, thereby providing control to optimize performance of the network. These services provide flexible, scalable, and easy-to-use recommendations for site-to-site and remote-access connectivity.
- Centralized definition and deployment of VPNs resulting in significant timesavings and increased productivity as well as greater consistency of your security policies
- Rules-based policy guidance plus Cisco- and user-defined QoS templates for streamlining QoS management
- Real-time and historical traffic monitoring for setting and validating QoS
- Enforce network-wide services-for example, low latency or fast response-for VoIP, video, SAP, Oracle, PeopleSoft, and other business-critical traffic
- Proactive network response-time measurement
- Troubleshooting tools for network response-time and availability
- Real-time and historical reporting of network performance
