Post on 11-May-2015
description
Cloud Intelligent Networks– Cloud Connectors
Rony Gotesdyner, Product Line Manager Ranjan Jain, Cisco IT Architect
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Identity Example – Cisco IT
3
Cisco IT Identity Architecture
Identity Challenges
Use cases & Deployment plan
ROI impact
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Power of Network and Federation finally brings the synergy to solve the business critical Identity problems and provides
enhanced user experience
Why Cisco IT plans to use Cloud Identity Connector?
4
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Cisco IT - Identity Services Architecture~ 5 Million (Internal+External)
~2200 Web Applications
~10 million transactions/
Day
300+ attributes per user identity
66K+ Mobile Devices
500 web services / 10 million SOAP
calls / day
5
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Cisco IT ‘s External Relationships with SaaS providers
IT has 110 SaaS Integrations today
~6 weeks per SaaS Integration
Cisco is Identity Provider
Today IT Supports only
1-to-1 connection
Cisco Enterprise IT
6
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Outbound Federation View of Cisco ITCisco users accessing services in the cloud
Many more…
SAML
RESTAPIs
Cisco as Identity Provider Service Providers
Travel
Cloud Identity Broker
Cisco QUAD
1-to-Many connections
1-to-1 connection
7
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Single Sign On / Authentication View of Cisco IT
Engineering Finance Apps And so on..J2EE Apps Portal Apps
User
Access Platform
HTTP
Cookie
HTTP
Cookie
HTTP
Cookie
HTTP
Cookie
HTTP
Cookie
HTTP
Cookie
- Cookie based SSO solution- Time-sensitive Cookies
- Idle session timeout- Total session timeout
8
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Identity Problem Statement for Cisco IT
Situation Complication Implication
• Identity Fraud / Security
• User Experience
• Changing Landscape
• Mobility• Video / Collaboration• Cloud• Threat sophistication
• Continued loss of revenue
• Fragmented user experience
• Not future-proof (Cloud capable)
Changing IT landscape, and the challenges around Identity
9
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Challenges around Cisco IT Business problems
I can still access my previous company’s applications using my previous company’s credentials
Solution
Inbound Federation
10
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
The First Use Case for Identity Connector for Cisco IT
Inbound Federation- Incoming federated identity into the enterprise
- Reduces legal risk by trusting the federated identities owned by our channel partners/resellers/distributors instead of creating those identities internally
- Inbound federation has two parts –
• Authentication (Cloud Connector solves this)Authorization (Requires changes to Internal Provisioning)
11
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Inbound Federation :: Protecting internal resources
Suppliers, Partners, Distributors (Identity Provider) Cisco asService Provider
eBusinessApps
SAML
Cloud Identity Broker(OPTIONAL)
12
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Inbound Federation :: User Experience in Current State (No Inbound Federation)
1. Supplier user trying to access Cisco manufacturing
application
13
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Inbound Federation :: User Experience in Current State (No Inbound Federation)
2. Supplier user needs to provide the Cisco credentials to
Login
14
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Inbound Federation :: User Experience in Current State (No Inbound Federation)
3. Supplier user can now see the
manufacturing application
15
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Inbound Federation :: User Experience in Target State with Identity Connector enabled
1. Supplier user tries to access the Cisco
application. The connector internally redirects the user to the Supplier Login
page
16
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
2. Supplier user can now see the manufacturing application using the
Supplier Identity
Inbound Federation :: User Experience in Target State with Identity Connector enabled
17
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
ROI Use cases for Inbound Federation
1. A supplier employee leaving the supplier but still able to access Cisco Apps
2. Creation of fake profile to match to a real company to take advantage of the company's Cisco.com access
3. Partner employee sharing the password. Unable to track a transaction to a user
18
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Challenge around Cisco IT User Experience
I wish I did not have to enter the
user id and password at
all
Solution
Zero Sign On(ZSO)
Why do I have to login to
every Cisco app on my
mobile device?
19
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
The Second Use Case for Identity Connector for Cisco IT
Zero-Sign-On (ZSO)Provides enhanced user experience in the Intranet for :
- Any Device
- Any Browser
- ZSO enables “auto-magic” or Silent Authentication
20
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Zero-Sign-On :: User Experience in Current State (No ZSO)
1. User types cisco.webex.com to host a meeting
2. User then clicks on “Host
Log In”
21
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Zero-Sign-On :: User Experience in Current State (No ZSO)
3. User enters the credentials
and login
22
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Zero-Sign-On :: User Experience in Current State (No ZSO)
4. User is now “logged-in” to
host the meeting
23
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Zero-Sign-On :: User Experience with Identity Connector enabled
2. Connector logs the user using
ZSO
1. User types ciscolivedemo.webex.com
24
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Zero-Sign-On ROI for Cisco IT
1. Enhanced user experience:
From multiple logins, multiple HTTP redirects and several clicks to Zero Login and One Click
2. Savings of $250K* per year:(*based on the number of users, devices, number of logins per day and other factors)
3. Increased User Productivity:
One-click experience would increase the user productivity
25
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Many more…
SAML
RESTAPIs
Cisco Premise Identity / Service Providers
Travel
Cloud Identity Broker
CiscoQUAD
In / Outbound Federation -- IT Deployment with Cisco Cloud Connector (Target State)
Cloud Connector
Cloud Connector
Cloud Connector
Cloud Connector
26
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Identity solution to provide – Inbound Federation capability Enhanced user experience with ZSO
Network and Federation combined together provides the synergy to solve the business critical Identity problems
and provides enhanced user experience
Recap of How Cloud Identity Connector will help Cisco IT
27
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public
Learn more about Cisco Cloud Connectors
http://www.cisco.com/go/cloudconnector
Become Cisco Cloud Connector partner
https://developer.cisco.com/web/c3/home
Learn about Cisco UCS E-Series
http://www.cisco.com/go/ucse
Learn about Cisco onePK
http://www.cisco.com/go/one
Questions related to Cisco Cloud Connectors
Email: ask-cloudconnect@cisco.com
28
For More Information
28
© 2013 Cisco and/or its affiliates. All rights reserved.BRKCDN1002 Cisco Public