Partner Webinar. AnyConnect 4.0. Rene Straube Cisco Germany. December 2014

Similar documents
Cisco AnyConnect. Ordering Guide. June For further information, questions, and comments, please contact

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Access and Policy License Double Click

Cisco Identity Services Engine

Borderless Networks. Tom Schepers, Director Systems Engineering

Cisco Network Admission Control (NAC) Solution

Cisco ISE Licenses. You cannot upgrade the Evaluation license to an Plus and/or Apex license without first installing the Base license.

Cisco ISE Licenses. Your license has expired. If endpoint consumption exceeds your licensing agreement.

Cisco Exam Questions & Answers

Extensive Secure Borderless Network Cisco and/or its affiliates. All rights reserved. 1

The Context Aware Network A Holistic Approach to BYOD

CISCO EXAM QUESTIONS & ANSWERS

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant

Cisco AnyConnect Secure Mobility & VDI Demo Guide

Cisco Secure Access Control

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com

Always-on Endpoint Remote Access and Protection with Cisco AnyConnect

Cisco.Realtests v by.TAMMY.29q. Exam Code: Exam Name: CXFF - Cisco Express Foundation for Field Engineers

Cisco Self Defending Network

Cisco Identity Services Engine (ISE) Mentored Install - Pilot

Cisco ONE Software BRKRST Dan Lohmeyer Senior Director, Software Strategy and Operations

Enterprise Guest Access

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Cisco Virtualization Experience Media Engine Overview

Contents. Introduction. Prerequisites. Requirements. Components Used

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Cisco AnyConnect Secure Mobility Client

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Cloud Mobility: Meraki Wireless & EMM

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Cisco Asa Version 8.0 Vpn Anyconnect Configuration Guide

Cisco Security Enterprise License Agreement

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Networks with Cisco NAC Appliance primarily benefit from:

Cisco HCS License Model

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

About FIPS, NGE, and AnyConnect

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

CISCO EXAM QUESTIONS & ANSWERS

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Cisco EXAM SBF for Account Managers - g33ky -

Cisco ASA Software Release 8.2

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

BYOD Business year of decision!

Question: 1 An engineer is using the policy trace tool to troubleshoot a WSA. Which behavior is used?

Secure Mobility. Klaus Lenssen Senior Business Development Manager Security

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Cisco Exam Questions & Answers

CISCO EXAM QUESTIONS & ANSWERS

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

Phil Schwan Technical

Cisco NAC Network Module for Integrated Services Routers

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Cisco Vpn Client User Guide For Windows Chapter 2

Licensing Expert Series. Licensing The Private Cloud

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS

Beyond BYOD Mobility, Cloud and the Internet of Everything

MaaS360 Secure Productivity Suite

CISCO EXAM QUESTIONS & ANSWERS

Exam Questions

Cisco ONE Enterprise Cloud Suite

Verizon Software Defined Perimeter (SDP).

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Check Point softwareblades Secure. Flexible. Simple

Managing Feature Licenses

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Implementing Cisco Edge Network Security Solutions ( )

Simplifying the Branch Network

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Cisco Catalyst 9200 Series Switches

The Cisco BYOD Smart Solution

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

2012 Cisco and/or its affiliates. All rights reserved. 1

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Cisco ONE. Roland Köster & Markus Kremser Enterprise Networking Group. Mobility Sales Germany September 2015

CISCO EXAM QUESTIONS & ANSWERS

Licensing the Firepower System

Cisco ONE New Way Buying & Consuming Cisco NW Software! Thomas Latzer Enterprise Networking Lead Cisco Systems

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Cisco ISE Features Cisco ISE Features

Identity Based Network Access

Contents. Introduction. Prerequisites. Requirements. Components Used

Customer Premise Equipment

A Unified Threat Defense: The Need for Security Convergence

Why is Office 365 the right choice?

Sophos XG Firewall Licensing

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Switch to Parallels Remote Application Server and Save 60% Compared to Citrix XenApp

Licenses: Product Authorization Key Licensing

Wireless and Network Security Integration Solution Overview

Cisco Passguide Exam Questions & Answers

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Configure Client Posture Policies

Call Guide. Transform. Transform The Network. Scenario 1: Hunting the opportunity. The Network

JUNIPER NETWORKS PRODUCT BULLETIN

Transcription:

Partner Webinar AnyConnect 4.0 Rene Straube Cisco Germany December 2014

Agenda Introduction to AnyConnect 4.0 New Licensing Scheme for AnyConnect 4.0 How to migrate to the new Licensing? Ordering & Migration Examples Cisco Confidential 2

Cisco AnyConnect Secure Mobility Client Extending Control of Context to the Endpoint Simply and securely work anywhere on any device Delivers reliable and transparent secure remote access for the off-premises user based on VPN Helps ensure endpoint integrity Multiple authentication options Comprehensive posture checks Provides secure connectivity End-to-end encryption Integrated web security Per-app VPN for mobile Cisco Confidential 3

What s New in Cisco AnyConnect 4.0? Connect Only Approved Applications over VPN Provide secure remote access for selected applications by user, role, device, etc. (per-app VPN) Selectively Tunnels Traffic Through VPN WWW Reduce the potential for non-approved applications to compromise enterprise data Support a range of remote users and endpoints (employees, partners, contractors), streamlining IT operations Cisco Confidential 4

What s New in Cisco AnyConnect 4.0? Posture Check and Secure VPN Access with Unified Agent and Cisco ISE 1.3 Supports device posture and authorization across multiple access methods Simplifies management with only one agent to manage Prevents noncompliant devices from accessing the network Cisco Confidential 5

Centralized Endpoint Secure Access Policy Common Context-Based Access Policy Services (Cisco ISE + Cisco AnyConnect ) Cisco Prime Cisco ISE Third-Party MDM Cisco Catalyst Switches ASA Firewall Wired Network Devices Office Wired Access Office Wireless Access Remote Access Cisco Confidential 6

Cisco AnyConnect More Than just VPN/ASA Future IPsec VPN SSL /DTLS VPN HostScan Clientless Cloud Web Security L2 Supplicant (Win Only today) NAC Agent Mobile MDM FireAMP Volume Premium Interest & Value Head End Devices Switches and Wireless controllers ISE/ACS ASA WSA Cloud Web Security ASR/ CSR ISR Cisco Confidential 7

Agenda Introduction to AnyConnect 4.0 New Licensing Scheme for AnyConnect 4.0 How to migrate to the new Licensing? Ordering & Migration Examples Cisco Confidential 8

Why we Change the AnyConnect Licensing? AnyConnect o Simplify o Feature / value alignment o Remove lock to appliance (helps with ASA migrations & RMA Process) o Consistent model regardless of headend o Solve Share / Flex / Essentials + Premium mix challenges ISE o Adapt to new ISE feature content / AC integration in 1.3 o o - Unified Agent (single agent for compliance) Consistency with AC selling motion Different 3 rd Party MDM offer structure Cisco Confidential 9

AnyConnect Licensing Today SHARED License (per user + per ASA) MOBILE License (per ASA model) ESSENTIALS License (per ASA model) Basic Remote Access Connectivity Or Premium Licenses Shared by Multiple Cisco ASA Devices MOBILE License (per ASA) ADVANCED ENDPOINT ASSESSMENT License (per ASA) PREMIUM License (per user for each ASA) Always-On, Clientless, Posture Assessment, Mobile Posture, Suite B Other Licenses: VPN Phone & FIPS (per ASA model) FLEX License (for 54 days daily use) Good for Short Periods of High Demand (Emergencies, Events, etc.; per box) This is too complex, even if we re all got used to it... Cisco Confidential 10

New Licensing in Cisco AnyConnect 4.0 Simpler Licensing with Greater Flexibility New endpoint licensing portable across any hardware platforms, simplifying transfer New two-tiered licensing structure to allow customers to grow based on new enterprise mobility needs Plus License IPSec/SSL VPN Mobile per-app VPN (new) Web security Network access manager Any Headend Apex License Plus features Unified Endpoint Compliance (new) Clientless Suite B Any Headend Per user (with their multiple devices) Cisco Confidential 11

How to Design a Deployment? Users o How many users will utilize AC services? Services o How many users need basic services? o How many users need advanced services? Headend Sizing o How many active sessions at any given time? o What headend platform/s? o How many locations? It s importand to understand that Users/Services and Headend Sizing are decoupled completely PLUS Cisco ASA Much easier to scale the deployment, even afterwards APEX Cisco Web Security Cisco ISE Router Cisco Confidential 12

New AC Features & Licensing Tied only to ASA Current AnyConnect 3.X Premium (Perpetual) Shared (Perpetual) Flex (Perpetual) AEA (Perpetual) Mobile (Perpetual) Essentials (Perpetual) Non-Lic (NAM, CWS) New AnnyConnect 4.X PLUS New! APEX Advanced PC + Mobile Services Unified Endpoint Compliance /Remediation (Posture) Suite B Clientless Includes PLUS!!! New! Basic PC + Mobile Services Device VPN / Per app VPN Always On ASA, ISE, ASR, CSR FIPS CWS / Web Security NAM * VPN Phone goes away because of VCS gateway Loose with ASA ISR ASR CSR CWS Cisco Confidential 13

Two Licensing Models to choose APEX (Term) PLUS (Perpetual) 25-250K per user* pricing ($$$) Right to Use based on user/seat count vs concurrency Support (SASU) ordered separately Compliance -> Trust (Phase 1) Built in Shared, Flex functionality Covers PC and Mobile Includes near zero day OS support for all supported platforms or PLUS (Term) 25-250K per user* pricing ($) Right to Use based on user/seat count vs concurrency 1, 3 and 5 Yr options (includes support) Compliance -> Trust (Phase 1) Built in Shared, Flex functionality Covers PC and Mobile Includes near zero day OS support for all supported platforms * Please be aware of user based licensing not device based!! Cisco Confidential 14

Whats the difference? PLUS (Perpetual) Support ordered separate $$$ per user is more No perpetual Licence for Apex or APEX (Term) PLUS (Term) Support included in the Subscription $ per User is less Cisco Confidential 15

AnyConnect Premium & Essentials Licensing Essentials almost free Essentials perpetual License Premium perpetual License Essential & Premium cannot be mixed on one device Premium & Essentials are charged based on concurrent connections Licenses applied on a device AnyConnect Apex & Plus Licensing Plus not free Plus perpetual or Subscription License Apex Subscription License only Plus & Apex can be mixed in a single customer deployment Apex & Plus are charged per User Licenses applied to all devices needed Cisco Confidential 16

ASA + AC Support Matrix AC Mobile AC Desktop 3.x 4.x 3.x 4.x End of Sale Announcement Q4 CY 2014 N/A Q4 CY 2014 N/A End of New OS Support Q2 CY 2015 N/A Q2 CY 2015 N/A End-of-Sale Date (All AC and ASA+AC SKUs) 5500 Q2 CY 2015 NA Q2 CY 2015 NA 5500-X Standard End of Sale Policies Apply Cisco Confidential 17

Frequently Answered Questions Does a customer need to upgrade to Plus/Apex from Essentials/Premium? AnyConnect Plus/Apex licenses required for AnyConnect 4.x software (Desktop & Mobile) New AnyConnect 4.0 capabilities like Per-app VPN functions will require Plus or Apex licenses along with ASA 5500-X with 9.3.1 or later Essentials and Premium licenses and version 3.x AnyConnect software will be phased out but can further be used with current software versions an features Can AnyConnect 4.x be used without a Plus or Apex license? No, with one exception: basic mobile VPN use cases through April 2016 (see below) AnyConnect 4.x usage requires Plus or Apex license, this includes Network Access Manager, Cloud Web Security and all VPN use cases, regardless of the Cisco head-end AnyConnect 4.x Apex license also authorizes clientless SSL VPN How is the 4.x conversion being handled for the mobile versions of AnyConnect? Customer cannot remain on old versions of AnyConnect for ios & Android All 3.x customers will be permitted to utilize AnyConnect 4.x on mobile devices until April 30, 2016 After this date, a customer will no longer be entitled to utilize AnyConnect on mobile devices without converting licensing models The Per App VPN capabilities in AnyConnect 4.0 are not available to customers using the original AnyConnect Essentials/Premium licenses Cisco Confidential 18

Agenda Introduction to AnyConnect 4.0 New Licensing Scheme for AnyConnect 4.0 How to migrate to the new Licensing? Ordering & Migration Examples Cisco Confidential 19

Customer Conversations Not tied to specific ASA release though some features like per app will only work with 9.3.x+ Don t have to move to AC 4.x right away but should start planning particularly if interested in New PC/Mobile OS support New features Special migration offers for existing customers reduces financial impact with even more services (e.g. ISE context sharing) Cisco Confidential 20

Migration Strategy Existing AC licenses Premium (Perpetual) Shared (Perpetual) Essentials (Perpetual) Non-Lic (NAM, CWS) AC APEX Migration Licenses ($0 for 3 Yr, Any User Count) APEX (Term) PLUS (Term) AC PLUS Migration Licenses (50% Discount on 5/3/1 Yr licenses, Any User Count) PLUS (Term) Old ASA New ASA Yes, there is no migration offer for Plus perpetual!! Cisco Confidential 21

Agenda Introduction to AnyConnect 4.0 New Licensing Scheme for AnyConnect 4.0 How to migrate to the new Licensing? Ordering & Migration Examples Cisco Confidential 22

Scenario #1a Basic VPN Greenfield (Term) New customer wants to cover 1000 users with 500 active endpoint connected at any one time. This is basic device-based VPN for PC as well as mobile devices, requires HA, and is centralized. Customer is interested in migrating to per app VPN on mobile platforms to help decrease bandwidth backhaul costs. 1 Order appropriate appliances and SMARTnet options Product Number List Price Qty Total ASA5525-K9 $8,995 2 $18,990 (SMARTNET/SASU-SKUs) - - - 2 Selects AC PLUS based on total number of users Product Number List Price Qty Total L-AC-PLS-5Y-G $- 1 $- AC-PLS-5Y-1K $2,500 1 $2,500 Cisco Confidential 23

Scenario #1b Basic VPN Greenfield (Perpetual) New customer wants to cover 1000 users with 500 active endpoint connected at any one time. This is basic device-based VPN for PC as well as mobile devices, requires HA, and is centralized. Customer is interested in migrating to per app VPN on mobile platforms to help decrease bandwidth backhaul costs. Have CAPEX vs OPEX preference. 1 Order appropriate appliances and SMARTnet options Product Number List Price Qty Total ASA5525-K9 $8,995 2 $18,990 (SMARTNET/SASU-SKUs) - - - 2 Selects AC PLUS based on total number of users Product Number List Price Qty Total L-AC-PLS-P-G $- 1 $- AC-PLS-P-1K $6,250 1 $6,250 Cisco Confidential 24

Scenario #2a Advanced VPN Greenfield New customer wants to cover 1000 users with 500 active endpoint connected at any one time. This is advanced device-based VPN for PC as well as mobile devices, requires HA, and is centralized. They want clientless for contractors and want to enforce PC compliance prior for employees. 1 Order appropriate appliances and SMARTnet options Product Number List Price Qty Total ASA5525-K9 $8,995 2 $18,990 (SMARTNET/SASU-SKUs) - - - 2 Selects AC APEX based on total number of users Product Number List Price Qty Total L-AC-APX-5Y-G $- 1 $- AC-APX-5Y-1K $12,000 1 $12,000 Cisco Confidential 25

Scenario #2b Advanced + Basic VPN Greenfield New customer wants to cover 750 users with 500 active endpoint connected at any one time. This is advanced device-based VPN for PC as well as mobile devices, requires HA, and is centralized. They want clientless for 250 contractors and want to enforce PC compliance for 250 employees but they want basic VPN access for 250 partners regardless of PC or mobile for partner portal access 1 Order appropriate appliances and SMARTnet options Product Number List Price Qty Total ASA5525-K9 $8,995 2 $18,990 (SMARTNET/SASU-SKUs) - - - 2 Selects AC PLUS and APEX based on total number of users Product Number List Price Qty Total L-AC-PLS-5Y-G $- 1 $- AC-PLS-5Y-250 $625 1 $625 L-AC-APX-5Y-G $- 1 $- AC-APX-5Y-500 $9,000 1 $9,000 Cisco Confidential 26

Scenario #3 Basic VPN Migration Existing customer has pair of 5540s with essentials and mobile. They have been providing basic VPN access to 5000 users (averaging 1000 concurrently sessions). This is all device-based VPN. Customer expects mobile device count to grow so want so add per app VPN services in addition to covering new future Windows OS and Apple OS X software versions. Feels that existing 5540s still has enough headroom (only expect 2000 concurrent worst case). Budget wise they want 3 year licenses. 1 Does not need any new appliances 2 Selects AC PLUS migration based on total number of users Product Number List Price Qty Total L-AC-PLS-M-3Y-G $- 1 $- AC-PLS-M-3Y-5K $4,600 1 $4,600 Cisco Confidential 27

Scenario #4 Adv VPN Migration Existing customer has pair of 5540s with 1000 AC Premium licenses. They have been providing advanced VPN access to 3000 users with (averaging 1000 concurrently sessions). The are using Hostscan and Adv Endpoint Assessment and want to maintain that service but open service up to larger number of employees (5000 in total). Feels that existing 5540s still has enough headroom (only expect 2000 concurrent worst case). 1 Does not need any new appliances 2 Selects AC Apex migration based on total number of users Product Number List Price Qty Total L-AC-APX-M-SG $0 1 $0 L-AC-APX-M-5K $0 1 $0 Cisco Confidential 28

Scenario #5 New CWS Customer In the short term (next 6 mo), CWS customer will transact as they do today. If they need to enable AC Plus for VPN services in addition to CWS inspection service they need to reach out to Cloud Ops team. Once CWS team decides how they will evolve model in CCW, we will update this slide. 1 Does not need any new appliances 2 TBD Product Number List Price Qty Total Cisco Confidential 29

Scenario #6 Existing CWS Customer Existing CWS customer with 2500 users. 2 years into their 3 year term they decide to add AnyConnect VPN services on ASAs. Don t expect more than 500 concurrent endpoints at any point. 1 Order appropriate appliances and SMARTnet options Product Number List Price Qty Total ASA5525-K9 $8,995 2 $18,990 (SMARTNET/SASU-SKUs) - - - 2 Does not need any new CWS licenses. Grandfathered to use AC Plus for remainder of existing term Product Number List Price Qty Total L-AC-PLS-1Y-G $- 1 $- AC-PLS-1Y-2500 $0* 1 $0* * Note - Please apply 100% discount to existing AC-PLS CWS team will automatically approve this Cisco Confidential 30

Scenario #7 NAM New customer wants to add EAP chaining for 5000 users to establish user and machine auth within their existing ISE Base deployment. 1 Does not need any new appliances 2 Does not need any new ISE licenses. Selects AC PLUS based on total number of users Product Number List Price Qty Total L-AC-PLS-5Y-G $- 1 $- AC-PLS-5Y-5K $11,400 1 $11,400 Cisco Confidential 31

Scenario #8 NAM Migration Large existing customer want to maintain EAP chaining for 100K users and is considering moving from Juniper to ASA for basic VPN services covering all 100K users. 1 Juniper to ASA migration program TBD 2 Selects AC PLUS Migration based on total number of users Product Number List Price Qty Total L-AC-PLS-M-3Y-G $- 1 $- AC-PLS-M-3Y-100K $38,600 1 $38,600 Cisco Confidential 32

Summary & Resources The new Licensing is actually much simpler than the old one It solves many operational challenges of the old Licensing Model by decoupling the Licensing from Platforms It provides more Flexibility and Scalability of Deployments AnyConnect Ordering Guide http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf Cisco Confidential 33

Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback