Cisco 'Primes' Its Borderless Networks Portfolio

Cisco is expanding its Borderless Networks portfolio--the architecture that incorporates routing, switching, mobility, security and wide-area network (WAN) optimization--with new security, management and video capabilities. Highlights include the Cisco Identity Services Engine (ISE), the centralized policy engine for the Cisco TrustSec solution that enforces a context-aware access security policy, distinguishes between organization-owned and personal user devices, and automates security with network-enforced access policies and encryption.

ISE also simplifies IT operations by enabling policy definitions that mirror business rules based on user, device, application and location, as well as integrates with Cisco Prime solutions for endpoint connectivity management. The company is also supporting ISE in the TrustSec Planning and Design Service, which helps customers integrate TrustSec throughout their networks.

Cisco sees the centralized policy engine of its Borderless Networks offering as a game changer--the first initiative to deliver on the promise of policies. Controlling policies is a major CIO pain point, says the company, and an important objective is to simplify the process and give users the tools to define universal policies.

Built on a service-centric foundation and a set of common operational attributes, the new Cisco Prime for Enterprise will enable IT departments to more effectively manage their networks and network services. Key features include converged user and access management for wired and wireless networks; the ability to monitor, troubleshoot and report on Cisco TelePresence sessions and media paths via embedded network intelligence, analytics and optimization capabilities; and integrated workflows to manage from the application layer down to the infrastructure.

The company also announced Cisco Medianet and Video Conferencing, which optimizes video delivery by embedding media and network intelligence into endpoints and network elements. All of the products should be available within the next 30 to 60 days.Mike Spanbauer, principal analyst, Current Analysis, sees ISE and Prime as complementary announcements. "Prime for Enterprise represents the most significant campus management investment Cisco has made internally [vs. acquisition] in years--a common architecture across the services and network elements that integrates LMS, NAM, and NCS into a single management portal on day one with additional integrations planned. The ability to integrate the management applications that Prime for Enterprise does into a single UI will reduce operation challenges and, most importantly, reduce troubleshooting/help desk issues significantly."

With ISE providing a consistent security enforcement mechanism across most endpoint device types today, IT departments can devise and deploy policies once per user, says Spanbauer. "This reduces the unique policies that must be managed and, therefore, reduces the OPEX from the past, where policies were applied on a device-by-device basis, if they even were at all."

Cisco Prime is the biggest part of the announcement, says Andre Kindness, senior analyst, Forrester Research. Outside of the data center, networking hardware has gotten stale and vendors have done a poor job moving the networking hardware beyond speeds and features. "With Cisco's investment in the Prime Strategy and supporting products [NCS, LMS, NAM and CM], they are transforming networking from the DOS world to a GUI one."

He says the company is finally recognizing that software and management tools are the key enabler to aligning networks to "cloud-like" infrastructures and business demands, reducing resource costs, assembling more reliable processes and putting the power in the hands of the user. "It is good that Cisco is combining management of devices and users, whether wired or wireless, under one umbrella. It's the right direction, but HP's ProCurve line has had that capability with ProCurve Manager and Identity Driven Manager for a few years."

While Kindness isn't sure these announcements put Cisco ahead of the competition, it does put the company back on the right track. "Other vendors like Juniper and Brocade had better systems than CiscoWorks. If Cisco continues with investment in the portfolio of management software tools and ties the silos together while delivering a great customer experience, then Cisco will be able to pull ahead from the competitors and cure customers' hangover from CiscoWorks." The TrustSec 2.0 and ISE are consistent with our view of identity-centric end-to-end security that is both needed and lacking in the enterprise today, says Kindness.Andreas Antonopoulos, senior VP and founding partner, Nemertes Research, says, "These types of solutions will protect against advanced multivector security threats better than point solutions. However, for an enterprise to deploy end-to-end security, it will need one of two things: open standards around TrustSec and ISE so they can interoperate with other vendor devices and a network made up of Cisco devices end-to-end with no other vendors."

That is the fundamental conundrum in security--it has to be end-to-end to be effective, otherwise it is vulnerable to attacks against the weakest link, he says. "In any enterprise that has more than a handful of network devices, a single-vendor network is impossible. So, this security vision only works if it is open and allows multivendor interoperability."

Nemertes' Robin Gareiss, executive VP and senior founding partner, adds that one of the keys for Cisco will be to provide these options as managed or cloud-based services, particularly Cisco Prime for Enterprise. "There is significant demand now, particularly among SMBs, to buy such capabilities as a service because they lack the staff or expertise to handle such functions internally."

See more on this topic by subscribing to Network Computing Pro Reports 2011 Salary Survey: Networking and Data Center (subscription required).