Cisco rolls out mobile VPN trifecta
Remote access without borders
It was back in October that Cisco first revealed its latest corporate vision to mush a whole bunch of enterprise Web 2.0-ish concepts into what it calls the new "borderless networks" architecture.
It's something to do with combining in-house network kit and cloud-based technology to deliver services and applications to anyone, anywhere, regardless of the device. Sounds very nice — although that kind of language can really be used to describe basically anything a network firm like Cisco does, from simply updating routers, to launching them into outer space, to buying a web security outfit.
The point is you see Cisco wave the borderless network banner at any given opportunity — so it's no surprise when the RSA Conference in San Francisco rolls around, the network giant has a "Cisco Secure Borderless Network architecture" (note the thoughtful addition for conference relevancy) showing at hand.
Called the Cisco AnyConnect Secure Mobility solution, it's essentially a product bundling and integration of the the company's IronPort S-series web security appliance, ASA firewall appliance, and AnyConnect VPN client. Once combined, Cisco claims it creates a platform to deliver easy always-on remote access, web security, and threat intelligence capabilities to extend corporate security policies and controls to mobile users.
New to AnyConnect version 2.5 is the ability to determine and establish a connection to the most optimal network access point. And it can be configured so that the VPN connection remains established during IP address changes caused by the service interruption or the computer going into standby. The VPN is also optimized for use with IronPort appliances.
Added to an IronPort Web Security Appliance (with a Secure Mobility license), it allows administrators to enforce a firm's security policy to every data transaction independent of whether it's an in-house or SaaS application. So, for example, if a fellow is fired, the administrator can easily and immediately cut his access to the company's SalesForce account while permitting something like corporate Gmail.
Cisco said it has future plans to extend the AnyConnect Secure Mobility bundle to include hybrid on-premise and web enforcement through IronPort S-Series appliances and cloud-based security technology from its recent acquisition of ScanSafe.
The AnyConnect Secure Mobility solution is scheduled to be available in the second quarter of 2010.
In addition, Cisco announced upgrades to its TrustSec security framework to include integrated device profiling and guest access services for 802.1X environments. Cisco is also adding Security Group Tag (SGT) packet tagging and SGT Exchange Protocol (SXP) — which allows non-SGT capable devices to plug into TrustSec architecture — for Cisco Catalyst and Cisco Nexus switches.
The new features for TrustSec are planned for the Q2 2010 as well. ®