BRKUCC-2675 Cisco Cloud

Understanding the Cisco Cloud
Collaboration Platform
BRKUCC-2675
Vanessa Sulikowski
Distinguished Systems Engineer
Understanding the Cisco Cloud
Collaboration Platform
BRKUCC-2675
Vanessa Sulikowski
Distinguished Systems Engineer
Disclaimer
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
MOBILE
+
CLOUD
the most disruptive force in IT…
the end user
The Agile Worker is Transforming the Enterprise
Anytime, Anyplace Stay in Constant Touch

Any Device, BYOA with Team Members
Rapidly Create and Share

New Content
BRKUCC-2675 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Collaboration Best Way to Achieve Agility….
CONTROL
Rooms Analytics Media P2P Voice
Cisco Collaboration Conferencing Notification Content Proximity

Public Cloud
Velocity Visibility
Versatility Virtualisation
BRKUCC-2675 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Collaboration Strategy
Experience Centric Cloud Connected Value Extended
Fusion – Bringing Cloud and On-Prem Together
Cisco
WebEx Cloud Collaboration Cloud Messenger Cloud
Collaboration Edge Architecture
Unified Communications
Collaboration Preferred Architecture
Preferred Architecture Deployment
Headquarters
http://www.cisco.com/c/en/us/solutions/enterprise/design-
Unity
Connection
TelePresence
Management Suite
Prime
Collaboration zone-collaboration/index.html
Applications
Unified Expressway-E Mobile/Teleworker

Instant Message & Communications
Presence Manager
DMZ
Internet
Expressway-C
3rd Party Solution
Call Control
Integrated
TelePresence Server Conductor Services Router
Integrated Services
Router
MPLS WAN
Conferencing Collab Edge Remote Site
PSTN /
Endpoints ISDN
Fusion - Existing Infrastructure Integral….
Headquarters
Unity TelePresence Prime

Connection Management Suite Collaboration WebEx Services + IM
WebEx WebEx platform is foundational
Application
s Entitlement will carry forward
Unified Expressway-E Mobile/Teleworker
Instant Message Communication
& Presence s Manager
UCM, Collab Edge
DMZ
Internet UCM as our call control platform
Expressway-C
3rd Party
Solution
Call Control
Expressway will be key for Fusion
TelePresence Server Conductor
Integrated services
Integrated Services
Services Router Router
MPLS WAN
Remote Site
Conferencing Collab Edge
Jabber / CM IM&P
Remains our premise soft client
PSTN /
Endpoints ISDN
Cloud Collaboration Platform
Cisco Collaboration Cloud
Iteration Fusion Security Ecosystem

Continuous delivery Ties together today’s User messaging and Partners, developers
Software Platform core collaboration content encrypted in & administrators as
products with cloud transit and at rest first class citizens
Cisco WebEx Cloud (the cisco cloud you already know)
Corporate WiFi
Secure Internet Connection

Meeting VoIP PSTN
Data A/V Audio 3G/4G/LTE data
HTTPS (SSL) / AES

VoIP Audio (iLBC/OPUS)
Video (H264 up to 360p)
PSTN Audio
PaaS/IaaS – OpenStack, Cloud
native delivery
Using Cisco Intercloud deployment
Integrating with Existing services

(WebEx Meetings, Identity, Messenger)
Continuous, Consistent & Rapid

Deployment
Scale-out local/multi data centre
Geographic reach & resiliency

(Active – Active)
* Some features are not available today
The Cisco Collaboration Cloud
Collaboration Cloud Services
Call Control Identity/SSO Rooms
Notification/Alerts Media/Transcoding
Messaging Interop Content Sharing
Management Calendar Future
Cloud Collaboration Infrastructure
Metrics &
Reporting
File Metadata
Billing &
Remote Users
Storage Storage
Provisioning
Custom
REST Applications
based
APIs Widgets
Collaboration Cloud Services APNS
Call Control Identity/SSO Rooms Circonus Localytics
Notification/Alerts Media/Transcoding Mailgun GCM Box View

Third party Services
Metrics &
Reporting
File Metadata
Billing &
Storage Storage Provisioning
Remote Users
Custom
REST *Future
Applications
based
APIs Widgets
*Future
Cisco Collaboration Cloud Architecture
Generally Available in North America and select markets
NL
IAD TBD
11/14 LON3
TBD TeutoStack
SJC 02/15
12/14
RTP
TEX
11/14
3/15
Core Cisco Collaboration

Cloud services currently
running in Two US datacenters Telstra
02/15
Legend
Global rollout is planned and - Rackspace Cloud Data Center
new datacenters will continue - Cisco IaaS (Nimbus)

to be added to the deployment
- LAB
Cisco Collaboration Cloud Solution – Common Identity
(WebEx will migrate to Common Identity in T30/T31 release)
DMZ Internet
Corporate
Network
Customer
Directory
Directory Sync
IdP
Cisco Common
IdP Proxy
Collaboration Identity
Applications Cisco Cloud
Products
Collaboration
Sync
Cisco Collaboration Cloud Security - Overall Approach
• Obfuscation of user identity as widely as possible
• End-to-end encryption of messages and content
• Granular access control
• Flexibility of data storage locations
Command + User
Control DB Map
Common Rooms +
Content
Identity Messages
Key Mgmt Customer

Avatars
Server Accounts
Server Logs
Client Logs Analytics
+ Metrics
Cisco Collaboration Cloud Security
Enterprise Grade Security
Access Controls
is IMPORTANT!
User Controls (Add/Remove participants in room)
- Privacy & security of
Organisation-Defined & owned
Enterprise Security Encryption Keys & Policy Management communication with E2E
encryption
Secure Transport TLS/AES E2E Encryption - Protecting intellectual
& Storage User Authentication
property
Secure App Development - Preventing unauthorised
Application Security Multi-tenancy features
communication
Hardened Hosts
- Supervising and
Platform Security Protected Networks monitoring content,
ethical walls*
Data Centre
Physical Security Secure Facility - Compliance
Target in 2012
with legal
discovery*
Enterprise Grade Security – High Level
Data in motion encryption:
Encrypted signalling audio/video
HTTPS
Encrypted Media (sRTP/SRTP-EKT) Key Management Server Content Server
Data at rest (Persistent Storage)

Separate DB Stores KMS/Content
Stored Content – always fully encrypted
End-To-End Encryption with

AES-256GCM symmetric key:
Ephemeral Keys - rotation
Encrypted Messaging
Encrypted Content
Encrypted Room Titles Client 1 Client 2
Enterprise Grade Security – Key Rotation
• Key Management Server (KMS) manages
keys.
• Signed ephemeral Elliptic curve Diffie–
Hellman key exchange between client and Key Management Server Content Server
KMS.
• KMS generates conversation keys and
distributes them to conversation parties.
• Parties encrypt all payloads using AES-256.
(envelope is unencrypted)
• “Squared” servers route based on the
envelope.
• “Squared” servers archive everything (in
encrypted form)
Client 1 Client 2
Key Management Service Architecture
https://tools.ietf.org/html/draft-abiggs-
saag-key-management-service-00
Cisco Spark Team Collaboration
(Formerly known as Project “Squared”)
This is how we worked.
Physical Room
Screens Whiteboards
Tasks Decisions
Notes
Documents People
Calendar
Video
Phones /
Connections
What we did here will be done…

Rooms
Screens /
Sharing
Voice/Video
Notes /
Discussion
People Documents
Here…
Screens
Voice/Video
Notes / Discussion People
Rooms
Whiteboards
Decisions
Tasks Documents
And Here…
Introducing Cisco Spark
Delivered from the Cisco Collaboration Cloud
http://download.ciscospark.com
Cisco Spark: Work from Anywhere
Cisco Spark: Use the interface you have at hand…
Virtual Rooms
for Everyone
Cisco Spark and WebEx integration - Meetings
 Project Squared Client x-launch WebEx app
 Create Room from Calendar “Slurp”
System Requirements
 iOS: Requires iOS 7.1 or later. Compatible with iPhone, iPad, and iPod touch. This app is optimised for
iPhone 5, iPhone 6, and iPhone 6 Plus.
 Android: Requires 4.0.3 and above (Tablets not optimised, but working)
 Mac Client: Mac OSX 10.9 or higher
 Windows Client: Windows 7 or 8 (Windows Phone N/A for March GA)
 No admin rights required for install after March GA (Mac/Win)

 Web:
Chrome: Latest two versions supported
Internet Explorer: 10 and above (know issues with IE11)
Safari: Latest two versions supported
Firefox: Latest two versions supported (minimum version 33.1)
Recommended for the full video experience (WebRTC support)
Check for the latest requirements @ https://support.ciscospark.com/
Global* General Availability of Cisco Spark
Client & Admin Portal Localisation Online Support Localisation

• Chinese (Simplified) • Italian • Chinese (Simplified and Traditional)
• Chinese (Traditional) • Japanese • English (US)
• Czech • Korean • French
• Danish • Norwegian • German
• Dutch • Polish • Japanese
• English • Portuguese (Brazilian) • Korean
• English (UK) • Spanish (Latin America) • Spanish (Latin America)
• Finnish • Spanish (Spain)
• French • Swedish
• German • Turkish
* Available for March 18th, 2015 GA:

Australia, Canada, Denmark, France, Germany, Mexico, Netherlands, Norway, Poland, Spain, Sweden,
Switzerland, UK, USA,
Recommended Firewall Ports Settings
Consider UDP over TCP traffic
Project Squared
Client
Note: No proxy support in March GA time frame Cisco Collaboration

Cloud Software
Single shared media port deployment with “ICE”
Use single port #33434 which is within existing dynamic range customers have enabled.
Media/Share go through that port. Tries UDP and falls back to TCP if needed.
Preliminary Average Bandwidth Utilisation
Audio Video Share
Codec Opus H264 H264
Mobile 50kbps 360p @30fps max resolution 1080p @5fps max
capped at 64kbps max 700kbps capped at 1.0 Mbps 150kbps-1.5Mbps max
max depending on content
Desktop 50kbps 720p @30fps max resolution 1080p @5fps max

1.5Mbps capped at 1.5 Mbps 150kbps-1.5Mbps max
150 kbps for Mac/ Win max depending on content
Receive
(local mixing with top 3 Note: During poor network conditions,
participants) the video stream may be disabled
Project Squared is using optimised WME, bandwidth profile is similar to WebEx client experience in CMR type meeting.
Currently only desktop sharing is supported (no annotation or application sharing), Audio codec supported with WME is Opus
Cisco Spark User Account Management Options
Option Description
Manual through Org Admin • Admin can use Org Admin to manually create/update user accounts
User Invite (side-board) • Cisco Spark User can invite another user to use Cisco Spark
Directory Integration • automatic method for creating, updating and deactivating user accounts
MSFT 2003/2008 R2 supported and groups.
• Customer or Partner enables AD integration via Admin Portal
Single Sign-On • SSO can be configured to automatically create account with AD

integration or simply to be used for authentication only
• SP initiated integration only (no IdP initiated support)
Note: For March GA user administration and management must be done in two places,
WebEx user integration in Admin portal scheduled in T30 release.
Cisco Spark User Provisioning
Manual or Directory Integration & Sync
SAML2.0 API
Manual or CSV import

Manual Add
Directory Unique User ID and e-mail

Synchronisation
Cisco
Collaboration
Manual or side-board Cloud
Manual Add
Cisco Spark Demo
Administration Portal
Management Portal
Single Pane of Glass for Partners and IT Administrators
 Easy User Onboarding

 Enterprise Single Sign-on
 Sync with On-Premise Directory
Service
 Role Based Access
 Analytics & Metrics
 User, Group & License Management
 Partners: Simply Launch Trials and
Manage Accounts
Admin Portal – Landing Page (Partner) https://admin.ciscospark.com
Partner
Access Customer Admin Console
Starting a Project Squared Trial for Customer
Reviewing/Modifying Customer’s Info
Manage Customer Trial or Provide Site Administration Service
Admin Portal – Landing Page (Org Admin) https://admin.ciscospark.com
Customer Admin Console
Create Project Squared Account
Status Page Quick Access
SSO configuration
Reports & Analytics
Support & Logs
Admin Portal – Reports
Hybrid Cloud Collaboration Today
CMR Hybrid Cloud Architecture
Recommended Deployment
Endpoints
Registration
SIP Trunk
WebEx Cloud
Expressway-E Cluster Expressway-C Cluster

PSTN/TSP UCM Cluster
Audio/CCA Scheduled
Internet Multiple TelePresence Servers

TMS
Conferencing Strategy:
TelePresence Server is direction moving forward Conductor Cluster

Multiple TelePresence Servers
Conductor in front of all bridges
Home/Remote Worker Everything registered to UCM
Future…The Fusion of On-Prem and Cloud
Fusion … Integrating Premise and Cloud
Cisco
EDGE
?
Today
Fusing Directory
Cisco
EDGE
Mapping Users in AD via Directory Connector
Expressway
Media Relay
HTTP Proxy
SIP Trunk
Traversal
DMZ
XMPP
Expressway
E
Metrics &
Future Service
Future Service
Future Service
Reporting
Management
Calendaring
Call Control
Connector
Connector
Connector
Connector
Connector
Connector
File Metadata
Storage Billing &
SIP Trunk
Storage
Provisioning Expressway
XMPP
Common Connector Framework
DC
Provisioning via Directory Connector
LDAP
HTTPS
Identity/SSO
Cisco
Active Collaboration Cloud
Directory
• Infrastructure for premise directory synchronisation to Common Identity cloud services (CIS)
• Customer installs Directory Connector in its network on a Windows Domain server
• Customer configures Directory Connector to specify its AD synchronisation information
• Directory connector integrates with AD to retrieve user information and syncs with CIS
Subject to
Cisco Cloud (DirSync) Connector Change
Subject to
Admin Portal DirSync User Configuration Change
Admin Portal DirSync AD Domain Subject to
Change
Admin Portal Connector Installation Subject to
Change
Hybrid Cloud
Collaboration Cloud Services Enterprise
Conductor
TS
Notification/Alerts Media/Transcoding Video Endpoints

Expressway-E Expressway-C
Management Calendar Future Unified CM
Jabber
Metrics &
Reporting
File Metadata
Billing &
Remote Users
Storage Storage
Provisioning
Custom
REST Applications
based
APIs Widgets
The Edge – Expressway
Expressway
Media Relay
HTTP Proxy
SIP Trunk
Traversal
DMZ
XMPP
Expressway
E
Metrics &
Future Service
Future Service
Future Service
Reporting
Management
Calendaring
Call Control
Connector
Connector
Connector
Connector
Connector
Connector
File Metadata
Storage Billing &
SIP Trunk
Storage
XMPP
C
DC
Fusing Unified Communications
Cisco
EDGE
Fusing Cloud and Premise Calling
Expressway
Media Relay
HTTP Proxy
SIP Trunk
Traversal
DMZ
XMPP
Expressway
E
Metrics &
Future Service
Future Service
Future Service
Reporting
Management
Calendaring
Call Control
Connector
Connector
Connector
Connector
Connector
Connector
File Metadata
Storage Billing &
SIP Trunk
Storage
XMPP
C
DC
Fusing Exchange Calendar
Cisco
EDGE
Integrating Exchange Calendar
Expressway
Media Relay
HTTP Proxy
SIP Trunk
Traversal
DMZ
XMPP
Expressway
E
Metrics &
Future Service
Future Service
Future Service
Reporting
Management
Calendaring
Call Control
Connector
Connector
Connector
Connector
Connector
Connector
File Metadata
Storage Billing &
SIP Trunk
Storage
XMPP
C
DC
Future Fusing of Premise and Cloud
Cisco
EDGE
?
Future of Cisco Collaboration Cloud Platform *Future
Stack Fusion : Openstack / Intercloud Platform

Openstack IaaS Providers
Cisco
Collaboration Services
Cisco Collaboration
Cloud Software Partner Cloud
Enterprise
Private Cloud
Cisco Collaboration Architecture … Fused
Best of Cloud and On-Prem
Cisco
Collaboration Edge Architecture
Unified Communications
Q&A
Complete Your Online Session Evaluation
Give us your feedback and receive a
Cisco Live 2015 T-Shirt!
Complete your Overall Event Survey and 5 Session
Evaluations.
• Directly from your mobile device on the Cisco Live

Mobile App
• By visiting the Cisco Live Mobile Site
http://showcase.genie-connect.com/clmelbourne2015
• Visit any Cisco Live Internet Station located
throughout the venue Learn online with Cisco Live!
Visit us online after the conference for full
T-Shirts can be collected in the World of Solutions access to session videos and
on Friday 20 March 12:00pm - 2:00pm presentations. www.CiscoLiveAPAC.com

BRKUCC-2675 Cisco Cloud

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKUCC-2675 Cisco Cloud

Uploaded by

Copyright:

Available Formats

Understanding the Cisco Cloud

Anytime, Anyplace Stay in Constant Touch

Rapidly Create and Share

Rooms Analytics Media P2P Voice

Cisco Collaboration Conferencing Notification Content Proximity

Experience Centric Cloud Connected Value Extended

Collaboration Edge Architecture

Unified Expressway-E Mobile/Teleworker

Conferencing Collab Edge Remote Site

Unity TelePresence Prime

Iteration Fusion Security Ecosystem

Secure Internet Connection

HTTPS (SSL) / AES

Using Cisco Intercloud deployment

Integrating with Existing services

Continuous, Consistent & Rapid

Scale-out local/multi data centre

Geographic reach & resiliency

Call Control Identity/SSO Rooms Circonus Localytics

Notification/Alerts Media/Transcoding Mailgun GCM Box View

Core Cisco Collaboration

new datacenters will continue - Cisco IaaS (Nimbus)

Key Mgmt Customer

Data at rest (Persistent Storage)

End-To-End Encryption with

What we did here will be done…

Notes / Discussion People

 No admin rights required for install after March GA (Mac/Win)

Check for the latest requirements @ https://support.ciscospark.com/

Client & Admin Portal Localisation Online Support Localisation

* Available for March 18th, 2015 GA:

Note: No proxy support in March GA time frame Cisco Collaboration

Desktop 50kbps 720p @30fps max resolution 1080p @5fps max

Single Sign-On • SSO can be configured to automatically create account with AD

Manual or CSV import

Directory Unique User ID and e-mail

 Easy User Onboarding

Expressway-E Cluster Expressway-C Cluster

Internet Multiple TelePresence Servers

TelePresence Server is direction moving forward Conductor Cluster

Home/Remote Worker Everything registered to UCM

Messaging Interop Content Sharing

Common Connector Framework

Common Connector Framework

Common Connector Framework

Stack Fusion : Openstack / Intercloud Platform

Collaboration Edge Architecture

• Directly from your mobile device on the Cisco Live

You might also like